Skip to content

Security & Performance: CSP, HSTS, and caching improvements#77

Open
mshsheikh wants to merge 1 commit intoAvaiga:mainfrom
mshsheikh:patch-1
Open

Security & Performance: CSP, HSTS, and caching improvements#77
mshsheikh wants to merge 1 commit intoAvaiga:mainfrom
mshsheikh:patch-1

Conversation

@mshsheikh
Copy link

@mshsheikh mshsheikh commented Jul 1, 2025

Summary

Updated next.config.js to:

  • Harden security with strict CSP and HSTS
  • Optimize caching for static assets
  • Fix redirects and SVG handling

Key Changes

✅ Removed 'unsafe-inline' for safer scripts/styles
✅ Added long-term caching for fonts/images
✅ Cleaned up redirect rules (301s for SEO)
✅ Improved Webpack SVG configuration

Testing

@mshsheikh
Update next.config.js with security headers and performance optimizat…
0c81ba2 
…ions

- Added strict Content-Security-Policy (CSP) to prevent XSS attacks
- Enabled HSTS for HTTPS enforcement
- Improved performance with caching headers for fonts/images
- Removed unsafe-inline scripts/styles
- Fixed redirect rules and rewrote URLs for cleaner routing
- Enhanced SVG handling with SVGR and Webpack optimizations
@vercel
Copy link

vercel bot commented Jul 1, 2025

@mshsheikh is attempting to deploy a commit to the Taipy Team Team on Vercel.

A member of the Team first needs to authorize it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mshsheikh