Added security headers to prevent clickjacking on sign in

[Klakurka]

Description

Reported via contact email

Test plan

Forwarded separately.

Summary by CodeRabbit

• Chores
  • Enhanced security configuration to prevent unauthorized embedding of the application in external frames, strengthening protection against potential clickjacking attacks.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

A new async headers() function is added to next.config.js that applies security HTTP headers to all routes. The function sets X-Frame-Options to SAMEORIGIN and Content-Security-Policy with frame-ancestors 'self' for all paths.

Changes

Cohort / File(s)	Change Summary
Security headers configuration next.config.js	Added async headers() function to export that applies X-Frame-Options: SAMEORIGIN and Content-Security-Policy: frame-ancestors 'self' headers to all routes.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Poem

🐰 A rabbit hops through headers with glee,
Securing the frame for all eyes to see,
X-Frame-Options stand guard at the gate,
CSP whispers: "Self only, no freight!"
One little function, so simple, so sweet,
Makes clickjacking threats face retreat. 🛡️

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fx/clickjacking-on-signin

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 55e10cb and aa8263c.

📒 Files selected for processing (1)

• next.config.js (1 hunks)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}