Danijel Martinek
b681e906ea
- Add apps/web-next/middleware.ts calling withSecurityHeaders() from core-shared/security/next; exports matcher config excluding static assets - Update layout.tsx to call getNonce() and render <meta name="csp-nonce"> so client-side JS can read the per-request nonce - Update instrumentation-client.ts to read nonce from csp-nonce meta tag and pass it to initSentryClient for feedbackIntegration CSP compliance - Add nonce option to initSentryClient (InitClientOpts.nonce) and thread styleNonce + scriptNonce into feedbackIntegration when provided - Add middleware test asserting all six headers, prod/dev CSP shape, and x-nonce presence; add feedbackIntegration nonce tests to core-shared Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
20 lines
569 B
TypeScript
20 lines
569 B
TypeScript
// apps/web-next/instrumentation-client.ts
|
|
// Next.js 15+ browser hook: runs in the client bundle on app start.
|
|
|
|
import { initSentryClient } from "@repo/core-shared/instrumentation/sentry/init-client";
|
|
|
|
function getNonce(): string {
|
|
if (typeof document === "undefined") return "";
|
|
return (
|
|
document.querySelector('meta[name="csp-nonce"]')?.getAttribute("content") ??
|
|
""
|
|
);
|
|
}
|
|
|
|
initSentryClient({
|
|
dsn: process.env["NEXT_PUBLIC_WEB_NEXT_SENTRY_DSN"],
|
|
app: "web-next",
|
|
release: process.env["NEXT_PUBLIC_VERCEL_GIT_COMMIT_SHA"],
|
|
nonce: getNonce(),
|
|
});
|