async headers()

in next.config.js [53:123]

• 67 lines of code
• 2 McCabe index (conditional complexity)

  async headers() {
    const headers = [
      {
        source: "/:path*",
        headers: [
          // Note: the Content-Security-Policy gets set in /src/middleware.ts
          //       (because it needs a dynamically-generated nonce).
          {
            key: "Cross-Origin-Opener-Policy",
            value: "same-origin",
          },
          {
            key: "Cross-Origin-Resource-Policy",
            value: "cross-origin",
          },
          {
            key: "Referrer-Policy",
            value: "no-referrer, strict-origin-when-cross-origin",
          },
          {
            key: "Origin-Agent-Cluster",
            value: "?1",
          },
          {
            key: "Strict-Transport-Security",
            value: "max-age=15552000; includeSubDomains",
          },
          {
            key: "X-Content-Type-Options",
            value: "nosniff",
          },
          {
            key: "X-DNS-Prefetch-Control",
            value: "off",
          },
          {
            key: "X-Download-Options",
            value: "noopen",
          },
          {
            key: "X-Frame-Options",
            value: "SAMEORIGIN",
          },
          {
            key: "X-Permitted-Cross-Domain-Policies",
            value: "none",
          },
          {
            key: "X-XSS-Protection",
            value: "0",
          },
        ],
      },
    ];

    const noindexEnvs = ["dev", "development", "heroku", "stage"];
    const noSearchEngineIndex = noindexEnvs.includes(process.env.NODE_ENV);
    if (noSearchEngineIndex) {
      headers.push({
        source: "/:path*",
        headers: [
          {
            key: "X-Robots-Tag",
            value: "noindex",
          },
        ],
      });
    }

    return headers;
  },