Parent Issue
#227 - Comprehensive Code Audit
Problem
The audit identified missing Content Security Policy (CSP) headers.
Current security headers such as X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy are present in next.config.js, however a Content-Security-Policy header does not appear to be configured.
Proposed Work
- Review current frontend resource loading requirements
- Design an appropriate Content Security Policy
- Add CSP headers through the existing Next.js header configuration
- Verify application functionality is not impacted
- Document the policy and any required exceptions
Expected Outcome
- Improved protection against XSS and content injection attacks
- Stronger browser-side security posture
- Alignment with security recommendations from the audit
GSSoC
I would like to work on this issue under GSSoC'26.
Parent Issue
#227 - Comprehensive Code Audit
Problem
The audit identified missing Content Security Policy (CSP) headers.
Current security headers such as X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy are present in next.config.js, however a Content-Security-Policy header does not appear to be configured.
Proposed Work
Expected Outcome
GSSoC
I would like to work on this issue under GSSoC'26.