-
Notifications
You must be signed in to change notification settings - Fork 10
/
middleware.ts
36 lines (29 loc) · 1009 Bytes
/
middleware.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
/*
Add Content Security Policy headers to all relevant requests.
*/
import { NextRequest, NextResponse } from "next/server";
export const config = {
matcher: [
/*
* Exceptions:
* /api/auth, /api/auth/callback, /api/webhooks, /api/proxy_route, /api/gdpr, /_next,
* /_proxy, /_auth, /_static, /_vercel, /public (/favicon.ico, etc)
*/
"/((?!api/auth|api/auth/callback|api/webhooks|api/proxy_route|api/gdpr|_next|_proxy|_auth|_static|_vercel|[\\w-]+\\.\\w+).*)",
],
};
export function middleware(request: NextRequest) {
const {
nextUrl: { search },
} = request;
const urlSearchParams = new URLSearchParams(search);
const params = Object.fromEntries(urlSearchParams.entries());
const shop = params.shop || "*.myshopify.com";
const res = NextResponse.next();
res.headers.set(
"Content-Security-Policy",
`frame-ancestors https://${shop} https://admin.shopify.com;`,
);
// You can also set request headers in NextResponse.rewrite
return res;
}