Description
Summary
I can't get the headers in the next.config.js file to work when deploying. What does work is adding the headers in netlify.toml file, which I didn't have before but I had to create it in the need of adding headers to the app.
Steps to reproduce
- Add headers function to next.config.js
- Deploy to netlify
- Headers are not there
A link to a reproduction repository
No response
Plugin version
4.0.0
More information about your build
- I am building using the CLI
- I am building using file-based configuration (
netlify.toml)
What OS are you using?
Mac OS
Your netlify.toml file
`netlify.toml` using it because here I could make the headers work -
[build]
command = "npm run build"
publish = ".next"
[[headers]]
for = "/*"
[headers.values]
X-Frame-Options = "DENY"
X-XSS-Protection = "0"
Content-Security-Policy = "default-src 'self'; connect-src 'self' https://vimeo.com; script-src 'self' https://*.stripe.com https://player.vimeo.com https://js.stripe.com; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline';form-action 'self'; font-src 'self' https://fonts.gstatic.com/; prefetch-src 'self' 'unsafe-inline'; manifest-src 'self'; media-src 'self' https://www.vimeo.com https://api.vimeo.com https://player.vimeo.com; img-src 'self' https://tbc-next.netlify.app *; frame-ancestors 'none'; frame-src 'self' https://js.stripe.com/ https://player.vimeo.com/;"
X-Content-Type-Options = "nosniff"
Referrer-Policy = "origin-when-cross-origin"
Permissions-Policy = "camera=(), geolocation=(), microphone=(), fullscreen=(self)"
Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
Cross-Origin-Resource-Policy = "same-origin"Your public/_redirects file
`_redirects`
# Paste content of your `_redirects` file hereYour next.config.js file
`next.config.js`
module.exports = {
reactStrictMode: true,
async headers() {
return [
{
source: "/(.*)",
headers: [
{
key: "Content-Security-Policy",
value:
"default-src 'self' https:; img-src *; font-src 'self' https://fonts.gstatic.com/; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline'; media-src 'self' https://www.vimeo.com https://api.vimeo.com; frame-ancestors 'none'; frame-src 'self' https://player.vimeo.com/; ",
},
{
key: "X-Frame-Options",
value: "DENY",
},
{
key: "X-Content-Type-Options",
value: "nosniff",
},
{
key: "Referrer-Policy",
value: "origin-when-cross-origin",
},
{
key: "Permissions-Policy",
value:
"camera=(), geolocation=(), microphone=(), fullscreen=(self)",
},
{
key: "Strict-Transport-Security",
value: "max-age=63072000; includeSubDomains; preload",
},
{
key: "X-XSS-Protection",
value: "1; mode=block",
},
],
},
];
},
poweredByHeader: false,
};
Builds logs (or link to your logs)
Build logs
# Paste logs here
Function logs
Function logs
# Paste logs here
.next JSON files
generated .next JSON files
{"version":3,"routes":{},"dynamicRoutes":{},"preview":{"previewModeId":"xxxxxxxxxx","previewModeSigningKey":"xxxxxxxxxxxxx","previewModeEncryptionKey":"xxxxxxxxxxxx"},"notFoundRoutes":[]}
{"version":3,"pages404":true,"basePath":"","redirects":[{"source":"/:path+/","destination":"/:path+","internal":true,"statusCode":308,"regex":"^(?:/((?:[^/]+?)(?:/(?:[^/]+?))))/$"}],"headers":[{"source":"/(.)","headers":[{"key":"Content-Security-Policy","value":"default-src 'self' https:; img-src ; font-src 'self' https://fonts.gstatic.com/; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline'; media-src 'self' https://www.vimeo.com https://api.vimeo.com; frame-ancestors 'none'; frame-src 'self' https://player.vimeo.com/; "},{"key":"X-Frame-Options","value":"DENY"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"Referrer-Policy","value":"origin-when-cross-origin"},{"key":"Permissions-Policy","value":"camera=(), geolocation=(), microphone=(), fullscreen=(self)"},{"key":"Strict-Transport-Security","value":"max-age=63072000; includeSubDomains; preload"},{"key":"X-XSS-Protection","value":"1; mode=block"}],"regex":"^(?:/(.))(?:/)?$"}], ......