Add security headers (#5346)

[Asana task](https://app.asana.com/0/1200099998847559/1206836113848437/f) ## What are you changing in this pull request and why? Adds security headers and a simple CSP in response to a customer's security report. This should be a low-risk implementation. If security determines we need to tighten our CSP, we can do that on request if needed. ## Previews Verify images/functionality work on multiple pages: - https://docs-getdbt-com-git-add-security-headers-dbt-labs.vercel.app/ - https://docs-getdbt-com-git-add-security-headers-dbt-labs.vercel.app/docs/introduction - https://docs-getdbt-com-git-add-security-headers-dbt-labs.vercel.app/blog/guide-to-jinja-debug - https://docs-getdbt-com-git-add-security-headers-dbt-labs.vercel.app/guides/adapter-creation
dbt-labs · Apr 29, 2024 · 82fb4bb · 82fb4bb
2 parents 0f4d4be + 3acd84d
commit 82fb4bb
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/website/vercel.json b/website/vercel.json
@@ -4827,5 +4827,28 @@
       "destination": "/guides/manual-install",
       "permanent": true
     }
+  ],
+  "headers": [
+    {
+      "source": "/(.*)",
+      "headers": [
+        {
+          "key": "X-Content-Type-Options",
+          "value": "nosniff"
+        },
+        {
+          "key": "X-Frame-Options",
+          "value": "DENY"
+        },
+        {
+          "key": "Content-Security-Policy",
+          "value": "img-src 'self' https:;"
+        },
+        {
+          "key": "Strict-Transport-Security",
+          "value": "max-age=63072000; includeSubDomains; preload"
+        }
+      ]
+    }
   ]
 }