Skip to content

Commit

Permalink
CCM-5340: diable middleware
Browse files Browse the repository at this point in the history
  • Loading branch information
@alexnuttall
alexnuttall committed Jan 22, 2025
1 parent cf84de7 commit 3e97593
Showing 1 changed file with 20 additions and 20 deletions.
40 changes: 20 additions & 20 deletions src/middleware.ts
View file
Original file line number Diff line number Diff line change
@@ -1,31 +1,31 @@
import { NextRequest, NextResponse } from 'next/server';
// import { NextRequest, NextResponse } from 'next/server';
import { NextResponse } from 'next/server';

export function middleware(request: NextRequest) {
const nonce = Buffer.from(crypto.randomUUID()).toString('base64');
// export function middleware(request: NextRequest) {
// const nonce = Buffer.from(crypto.randomUUID()).toString('base64');

const cspUnsafeEval =
process.env.NODE_ENV === 'production' ? '' : `'unsafe-eval'`;
// const cspUnsafeEval =
// process.env.NODE_ENV === 'production' ? '' : `'unsafe-eval'`;

const csp = `base-uri 'self'; form-action 'self'; frame-ancestors 'none'; default-src 'none'; connect-src 'self' https://cognito-idp.eu-west-2.amazonaws.com; font-src 'self' https://assets.nhs.uk; img-src 'self'; script-src 'self' 'nonce-${nonce}' https: http: ${cspUnsafeEval}; style-src 'self' 'nonce-${nonce}'; upgrade-insecure-requests;`;
// const csp = `base-uri 'self'; form-action 'self'; frame-ancestors 'none'; default-src 'none'; connect-src 'self' https://cognito-idp.eu-west-2.amazonaws.com; font-src 'self' https://assets.nhs.uk; img-src 'self'; script-src 'self' 'nonce-${nonce}' https: http: ${cspUnsafeEval}; style-src 'self' 'nonce-${nonce}'; upgrade-insecure-requests;`;

const requestHeaders = new Headers(request.headers);
requestHeaders.set('x-nonce', nonce);
// const requestHeaders = new Headers(request.headers);
// requestHeaders.set('x-nonce', nonce);

requestHeaders.set('Content-Security-Policy', csp);
// requestHeaders.set('Content-Security-Policy', csp);

// requestHeaders.set(
// 'x-forwarded-host',
// requestHeaders.get('origin')?.replace('https://', '') || '*'
// );
// const response = NextResponse.next({
// request: {
// headers: requestHeaders,
// },
// });
// response.headers.set('Content-Security-Policy', csp);

const response = NextResponse.next({
request: {
headers: requestHeaders,
},
});
response.headers.set('Content-Security-Policy', csp);
// return response;
// }

return response;
export function middleware() {
return NextResponse.next();
}

// export const config = {
Expand Down

0 comments on commit 3e97593

Please sign in to comment.