i18nexus
commented
7 months ago Hi there. i18nRouter returns a response. So you should just be able to edit that resulting response. For example:
const nonce = Buffer.from(crypto.randomUUID()).toString('base64')
const cspHeader = `
default-src 'self';
script-src 'self' 'nonce-${nonce}' 'strict-dynamic';
style-src 'self' 'nonce-${nonce}';
img-src 'self' blob: data:;
font-src 'self';
object-src 'none';
base-uri 'self';
form-action 'self';
frame-ancestors 'none';
upgrade-insecure-requests;
`
// Replace newline characters and spaces
const contentSecurityPolicyHeaderValue = cspHeader
.replace(/\s{2,}/g, ' ')
.trim()
const requestHeaders = new Headers(request.headers)
requestHeaders.set('x-nonce', nonce)
requestHeaders.set(
'Content-Security-Policy',
contentSecurityPolicyHeaderValue
)
const response = i18nRouter(request, i18nConfig);
response.headers.set(
'Content-Security-Policy',
contentSecurityPolicyHeaderValue
)
return response;
I use next-i18n-router in my app and I want to set the Content Security Policy (with nonce) in the middleware. According to NextJS docs, I have to set the policy like this:
How can I pass the NextReponse in i18nRouter?