cropintel / middleware.ts
Jaithra Polavarapu
CropIntel — HF Space deploy (all-in-one app)
889dd1b
Raw
History Blame Contribute Delete
1.19 kB
/**
* Next.js Middleware
*
* Applies security headers to all routes.
* Runs on every request before the page/API route is executed.
*
* Security Features:
* - Security headers for all responses
* - CORS configuration (if needed)
*
* OWASP Compliance:
* - A05:2021 (Security Misconfiguration) - Security headers
*/
import { NextResponse } from 'next/server'
import type { NextRequest } from 'next/server'
import { addSecurityHeaders } from './lib/security/headers'
export function middleware(request: NextRequest) {
// Create response
const response = NextResponse.next()
// Add security headers to all responses
return addSecurityHeaders(response)
}
// Apply middleware to all routes
export const config = {
matcher: [
/*
* Match all request paths except for the ones starting with:
* - _next/static (static files)
* - _next/image (image optimization files)
* - favicon.ico (favicon file)
* - public folder files
*/
// Exclude static assets (include css/js so CSP middleware never touches them on odd paths)
'/((?!_next/static|_next/image|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp|ico|css|js|woff2?)$).*)',
],
}