Reputation: 143
How to set X-Frame-Options header without a custom server in Next.js?
I have a NextJS app that I need to set X-Frame-Options on, but I'm not sure how to do this. With Express, I would use helmetjs, but I want to avoid creating a custom server because:
Before deciding to use a custom server please keep in mind that it should only be used when the integrated router of Next.js can't meet your app requirements. A custom server will remove important performance optimizations, like serverless functions and Automatic Static Optimization.
Source: https://nextjs.org/docs/advanced-features/custom-server
Clearly, there are some drawbacks to using a custom server, and the page handler provided by Next works for me.
Upvotes: 6
Views: 8768
Answers (1)
Reputation: 50278
Without a custom server, this could be achieved by using custom headers in your next.config.js.
// next.config.js
module.exports = {
async headers() {
return [
{
source: '/(.*)?', // Matches all pages
headers: [
{
key: 'X-Frame-Options',
value: 'DENY',
}
]
}
]
}
}
Upvotes: 10
Related Questions
- How to set custom HTTP response headers in Next.js without using a custom server?
- How to modify request headers in Next.js
- Cross-Domain iframe Resizer on NextJS?
- How to add header to getServerSideProps in Next.js
- X-frame-Options Http response Header does not work
- Is there a way to Server Side Rendering on a different server/service with NextJS?
- Add custom headers to Next.js responses based on environment
- Next.js - Footer / Header loading via API only once, server side
- How to remove x-powered-by header in nextjs custom server
- Next Js: How to call external REST API without showing the request on the client side(Network tab)