added _headers to root with x-frame-options

koinos / koinos-io-website

Repo for koinos.io website

MIT License

2 stars 6 forks source link

added _headers to root with x-frame-options #96

Closed brklyn8900 closed 3 months ago

brklyn8900 commented 3 months ago

Resolves #95

Brief description

Added a _headers file to the root directory so Netlify will add the X-Frame-Options: DENY rule to the server settings. This will help prevent clickjacking attacks.

Checklist

[ ] I have built this pull request locally
[ ] I have ran the unit tests locally
[x] I have manually tested this pull request
[x] I have reviewed my pull request
[ ] I have added any relevant tests

Demonstration

netlify[bot] commented 3 months ago

Deploy Preview for koinos-io ready!

Name	Link
Latest commit	5a12009c5eb2b122887dff0b473aeca8b9bb5079
Latest deploy log	https://app.netlify.com/sites/koinos-io/deploys/66b28365d6443700084e1683
Deploy Preview	https://deploy-preview-96--koinos-io.netlify.app
Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

mvandeberg commented 3 months ago

According to https://www.restack.io/docs/nextjs-knowledge-nextjs-x-frame-options-guide, we should also set Content-Security-Policy to frame-ancestors 'none';. Both of these have been added to the next.js config.

You can verify the result of this test here. https://domsignal.com/test/eh40j51i03ofesi0sv7fhtcw9c7181es