Open sakhmedbayev opened 3 years ago
Similar to an express app, adding middlewares can help improve security. I think helmet is a great start, along with a rate limiter like express-rate-limit and maybe cors.
As an example, create a new file for your desired middleware:
// @/middlewares/helmet.js
import helmet from 'helmet';
helmet.contentSecurityPolicy({
directives: {
...helmet.contentSecurityPolicy.getDefaultDirectives(),
'script-src': ['self', process.env.WEB_URI],
},
reportOnly: process.env.NODE_ENV === 'development',
});
export default helmet;
Then add the middleware into the chain of use
methods of next-connect:
// middlewares/all.js
const middleWares = nc().use(helmet).use(cors)... // rest of middleswares
Hope that helps!
Forgot to add that having some sort of schema validation can also help with security. Mongoose is a popular Object Data Modeling (ODM) package though MongoDB now offers its own schema validation.
Thank you for the repo and tutorials!
The readme tells that
What would be your recommendations to improve the security of the current approach?