diff --git a/web/app/layout.tsx b/web/app/layout.tsx index 8bb2069aaf..5a1de7a136 100644 --- a/web/app/layout.tsx +++ b/web/app/layout.tsx @@ -5,7 +5,6 @@ import { Provider as JotaiProvider } from 'jotai/react' import { ThemeProvider } from 'next-themes' import { NuqsAdapter } from 'nuqs/adapters/next/app' import AmplitudeProvider from '@/app/components/base/amplitude' -import { IS_PROD } from '@/config' import { TanstackQueryInitializer } from '@/context/query-client' import { getDatasetMap } from '@/env' import { getLocaleOnServer } from '@/i18n-config/server' @@ -34,7 +33,7 @@ const LocaleLayout = async ({ }) => { const locale = await getLocaleOnServer() const datasetMap = getDatasetMap() - const nonce = IS_PROD ? (await headers()).get('x-nonce') ?? undefined : undefined + const nonce = (await headers()).get('x-nonce') ?? undefined return ( diff --git a/web/proxy.ts b/web/proxy.ts index 983713fd0e..d735c9f568 100644 --- a/web/proxy.ts +++ b/web/proxy.ts @@ -18,15 +18,16 @@ const wrapResponseWithXFrameOptions = (response: NextResponse, pathname: string) export function proxy(request: NextRequest) { const { pathname } = request.nextUrl const requestHeaders = new Headers(request.headers) - const response = NextResponse.next({ - request: { - headers: requestHeaders, - }, - }) const isWhiteListEnabled = !!env.NEXT_PUBLIC_CSP_WHITELIST && process.env.NODE_ENV === 'production' - if (!isWhiteListEnabled) + if (!isWhiteListEnabled) { + const response = NextResponse.next({ + request: { + headers: requestHeaders, + }, + }) return wrapResponseWithXFrameOptions(response, pathname) + } const whiteList = `${env.NEXT_PUBLIC_CSP_WHITELIST} ${NECESSARY_DOMAIN}` const nonce = Buffer.from(crypto.randomUUID()).toString('base64') @@ -60,6 +61,12 @@ export function proxy(request: NextRequest) { contentSecurityPolicyHeaderValue, ) + const response = NextResponse.next({ + request: { + headers: requestHeaders, + }, + }) + response.headers.set( 'Content-Security-Policy', contentSecurityPolicyHeaderValue,