Merge pull request #3500 from Dokploy/security/fix-frame-hijacking

feat(config): add security headers to enhance application security

apps/dokploy/next.config.mjs

@@ -19,6 +19,32 @@ const nextConfig = {
 		locales: ["en"],
 		defaultLocale: "en",
 	},
+	async headers() {
+		return [
+			{
+				// Apply security headers to all routes
+				source: "/:path*",
+				headers: [
+					{
+						key: "X-Frame-Options",
+						value: "DENY",
+					},
+					{
+						key: "Content-Security-Policy",
+						value: "frame-ancestors 'none'",
+					},
+					{
+						key: "X-Content-Type-Options",
+						value: "nosniff",
+					},
+					{
+						key: "Referrer-Policy",
+						value: "strict-origin-when-cross-origin",
+					},
+				],
+			},
+		];
+	},
 };
 
 export default nextConfig;