From 3e3786e0f4e645b8901154ebe89d8b552a3f8fc2 Mon Sep 17 00:00:00 2001
From: Ludovic DEHON <tchiot.ludo@gmail.com>
Date: Mon, 26 Aug 2024 22:53:47 +0200
Subject: [PATCH] feat(site): add security headers

---
 server/middleware/{cache-control.js => headers.js} | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
 rename server/middleware/{cache-control.js => headers.js} (64%)

diff --git a/server/middleware/cache-control.js b/server/middleware/headers.js
similarity index 64%
rename from server/middleware/cache-control.js
rename to server/middleware/headers.js
index e3e4ca824a..15b87d8e6d 100644
--- a/server/middleware/cache-control.js
+++ b/server/middleware/headers.js
@@ -1,8 +1,9 @@
-import { useCDNHeaders } from '#nuxt-multi-cache/composables'
-
 export default defineEventHandler((event) => {
     const url = event.node.req.url;
 
+    event.node.res.setHeader("X-Frame-Options", "DENY");
+    event.node.res.setHeader("X-Content-Type-Options", "nosniff");
+
     if (url.startsWith("/api/_content/")) {
         event.node.res.setHeader("Cache-Control", "public, max-age=604800, immutable");
     }