From 102cc7a9b973f9aee1204de5df89cafea3ec281c Mon Sep 17 00:00:00 2001
From: Gonzalo D'Elia <gonzalo@bloq.com>
Date: Thu, 22 Aug 2024 17:21:06 -0300
Subject: [PATCH] Add script to create security headers in portal

---
 webapp/.htaccess    | 27 +++++++++++++++++++++++++++
 webapp/package.json |  2 ++
 2 files changed, 29 insertions(+)
 create mode 100644 webapp/.htaccess

diff --git a/webapp/.htaccess b/webapp/.htaccess
new file mode 100644
index 00000000..62a3bdcf
--- /dev/null
+++ b/webapp/.htaccess
@@ -0,0 +1,27 @@
+<IfModule mod_headers.c>
+    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+</IfModule>
+
+<IfModule mod_headers.c>
+    Header always set X-Frame-Options "SAMEORIGIN"
+</IfModule>
+
+<IfModule mod_headers.c>
+    Header always set X-Content-Type-Options "nosniff"
+</IfModule>
+
+<IfModule mod_headers.c>
+    Header always set X-XSS-Protection "1; mode=block"
+</IfModule>
+
+<IfModule mod_headers.c>
+    Header always set X-Download-Options "noopen"
+</IfModule>
+
+<IfModule mod_headers.c>
+    Header always set Expect-CT "max-age=86400, enforce"
+</IfModule>
+
+<IfModule mod_headers.c>
+    Header always set Referrer-Policy "no-referrer-when-downgrade"
+</IfModule>
\ No newline at end of file
diff --git a/webapp/package.json b/webapp/package.json
index 59bd3edf..bc147368 100644
--- a/webapp/package.json
+++ b/webapp/package.json
@@ -3,9 +3,11 @@
   "version": "1.0.0",
   "scripts": {
     "build": "next build",
+    "copy:htaccess": "cp .htaccess out/.htaccess",
     "dev": "next dev",
     "dev:wifi": "WIFI=true LOCAL_IP=$(ipconfig getifaddr en0) PORT=3000 npm run dev",
     "deploy": "npm run build",
+    "postbuild": "npm run copy:htaccess",
     "preserve": "npm run build",
     "serve": "serve out"
   },