chore: remove csp headers (#1462)

* chore: Use explicit codehike lighter URLs for CSP * chore: Remove CSP headers from next config
codemod-com · Jan 23, 2025 · 72894c0 · 72894c0
1 parent 49b0832
commit 72894c0
Showing 1 changed file with 0 additions and 27 deletions.
diff --git a/apps/frontend/next.config.mjs b/apps/frontend/next.config.mjs
@@ -1,19 +1,5 @@
 import MonacoEditorPlugin from "monaco-editor-webpack-plugin";
 
-const backendApiUrl = process.env.NEXT_PUBLIC_API_URL;
-const authApiUrl = process.env.NEXT_PUBLIC_AUTH_API_URL;
-
-const cspHeader = `
-  default-src 'self';
-  script-src 'self' 'unsafe-inline' 'unsafe-eval' ${backendApiUrl} ${authApiUrl} https://challenges.cloudflare.com;
-  connect-src 'self' ${backendApiUrl} ${authApiUrl};
-  img-src 'self' https://img.clerk.com;
-  worker-src 'self' blob:;
-  style-src 'self' 'unsafe-inline';
-  frame-src 'self' https://challenges.cloudflare.com;
-  form-action 'self';
-`;
-
 /** @type {import('next').NextConfig} */
 const config = {
   webpack: (config, { isServer, webpack }) => {
@@ -96,19 +82,6 @@ const config = {
       },
     ];
   },
-  async headers() {
-    return [
-      {
-        source: "/(.*)",
-        headers: [
-          {
-            key: "Content-Security-Policy",
-            value: cspHeader.replace(/\n/g, ""),
-          },
-        ],
-      },
-    ];
-  },
 };
 
 export default config;