elpatron/hoerdle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add Content Security Policy header and move Plausible script to HTML head with beforeInteractive strategy.

Browse Source
This commit is contained in:
Hördle Bot
2025-11-25 22:19:34 +01:00
parent 1d62aca2fb
commit ffb7be602f
2 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/layout.tsx
View File

@@ -35,13 +35,15 @@ export default function RootLayout({
}>) { }>) {
return ( return (
<html lang="en"> <html lang="en">
<body className={`${geistSans.variable} ${geistMono.variable}`}> <head>
<Script <Script
defer defer
data-domain="hoerdle.elpatron.me" data-domain="hoerdle.elpatron.me"
src="https://plausible.elpatron.me/js/script.js" src="https://plausible.elpatron.me/js/script.js"
strategy="afterInteractive" strategy="beforeInteractive"
/> />
</head>
<body className={`${geistSans.variable} ${geistMono.variable}`}>
{children} {children}
<InstallPrompt /> <InstallPrompt />
<AppFooter /> <AppFooter />

9
next.config.ts
View File

@@ -15,6 +15,15 @@ const nextConfig: NextConfig = {
}, },
async headers() { async headers() {
return [ return [
{
source: '/:path*',
headers: [
{
key: 'Content-Security-Policy',
value: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plausible.elpatron.me; connect-src 'self' https://plausible.elpatron.me;",
},
],
},
{ {
source: '/uploads/:path*.mp3', source: '/uploads/:path*.mp3',
headers: [ headers: [