Overview

next-safe is a tool that helps secure your Next.js apps by providing sensible defaults for common security headers. It includes features like Content-Security-Policy, Permissions-Policy, Referrer-Policy, X-Content-Type-Options, X-Frame-Options, and X-XSS-Protection. You can find the full documentation at trezy.gitbook.io/next-safe.

Features

• Secure Next.js Apps: Enhance security by setting up common security headers.
• Content-Security-Policy: Define policies to protect against various attack vectors.
• Permissions-Policy: Control which features are allowed in your app.

Installation

To install next-safe, follow these steps:

1. Use npm to install the package:

npm install next-safe

2. Import next-safe in your Next.js app:

import nextSafe from 'next-safe';

3. Set up the security headers in your Next.js app:

// Example of setting up Content-Security-Policy
app.use(nextSafe({
  ContentSecurityPolicy: {
    'default-src': ["'none'"],
    'script-src': ["'self'", 'trusted-cdn.com'],
    'style-src': ["'self'", 'fonts.googleapis.com'],
  }
}));

Summary

next-safe is a valuable tool for securing Next.js apps by configuring important security headers with sensible defaults. With features like Content-Security-Policy and Permissions-Policy, developers can easily enhance the security of their applications. Installation is straightforward and well-documented on trezy.gitbook.io/next-safe.