fix: csp config

Author: maxgfr

csp.config.js

@@ -0,0 +1,13 @@
+const ContentSecurityPolicy = `
+  default-src 'self' *.fabrique.social.gouv.fr;
+  img-src 'self' data: *.fabrique.social.gouv.fr https://dummyimage.com/;
+  script-src 'self' *.fabrique.social.gouv.fr ${
+    process.env.NODE_ENV !== "production" && "'unsafe-eval'"
+  };
+  frame-src 'self' *.fabrique.social.gouv.fr;
+  style-src 'self' 'unsafe-inline';
+  font-src 'self' data: blob:;
+  prefetch-src 'self' *.fabrique.social.gouv.fr;
+`;
+
+module.exports = ContentSecurityPolicy;

next-seo.config.js

@@ -0,0 +1,16 @@
+import ContentSecurityPolicy from "./csp.config";
+
+export default {
+  additionalLinkTags: [
+    {
+      rel: "icon",
+      href: "/favicon.ico",
+    },
+  ],
+  additionalMetaTags: [
+    {
+      httpEquiv: "Content-Security-Policy",
+      content: ContentSecurityPolicy.replace(/\n/g, " ").trim(),
+    },
+  ],
+};

next.config.js

@@ -2,17 +2,7 @@ const { withSentryConfig } = require("@sentry/nextjs");
 
 const { version } = require("./package.json");
 
-const ContentSecurityPolicy = `
-  default-src 'self' *.fabrique.social.gouv.fr;
-  img-src 'self' data: *.fabrique.social.gouv.fr https://dummyimage.com/;
-  script-src 'self' *.fabrique.social.gouv.fr ${
-    process.env.NODE_ENV !== "production" && "'unsafe-eval'"
-  };
-  frame-src 'self' *.fabrique.social.gouv.fr;
-  style-src 'self' 'unsafe-inline';
-  font-src 'self' data: blob:;
-  prefetch-src 'self' *.fabrique.social.gouv.fr;
-`;
+const ContentSecurityPolicy = require("./csp.config");
 
 /** @type {import('next').NextConfig} */
 const moduleExports = {

src/pages/_app.tsx

@@ -1,4 +1,5 @@
 import "@gouvfr/dsfr/dist/dsfr/dsfr.min.css";
+import "../../next-seo.config";
 import type { AppProps } from "next/app";
 import { Layout } from "@components";
 import {

src/pages/cgu.tsx

@@ -1,12 +1,12 @@
 import { MentionPart } from "@components";
 import type { NextPage } from "next";
-import { NextSeo } from "next-seo";
+import { DefaultSeo } from "next-seo";
 import React from "react";
 
 const Cgu: NextPage = () => {
   return (
     <>
-      <NextSeo
+      <DefaultSeo
         title="Template | Conditions générales d'utilisation"
         description="Conditions générales d'utilisation de l'application template."
         additionalLinkTags={[
@@ -15,6 +15,20 @@ const Cgu: NextPage = () => {
             href: "/favicon.ico",
           },
         ]}
+        additionalMetaTags={[
+          {
+            property: "dc:creator",
+            content: "Jane Doe",
+          },
+          {
+            name: "application-name",
+            content: "DefaultSeo",
+          },
+          {
+            httpEquiv: "x-ua-compatible",
+            content: "IE=edge; chrome=1",
+          },
+        ]}
       />
       <div className="fr-container fr-my-6w">
         <h1>Conditions générales d&apos;utilisation</h1>

src/pages/healthz.tsx

@@ -1,11 +1,11 @@
 import type { NextPage } from "next";
-import { NextSeo } from "next-seo";
+import { DefaultSeo } from "next-seo";
 import React from "react";
 
 const HealthZ: NextPage = () => {
   return (
     <>
-      <NextSeo
+      <DefaultSeo
         title="Template | HealthZ"
         description="Page healthZ de l'application Template."
         additionalLinkTags={[

src/pages/index.tsx

@@ -1,12 +1,12 @@
 import { Head, Testimonial, Tile } from "@components";
 import { Row } from "@dataesr/react-dsfr";
 import type { NextPage } from "next";
-import { NextSeo } from "next-seo";
+import { DefaultSeo } from "next-seo";
 
 const Index: NextPage = () => {
   return (
     <>
-      <NextSeo
+      <DefaultSeo
         title="Template"
         description="Template de la fabrique des ministères sociaux."
         additionalLinkTags={[

src/pages/mention-legales.tsx

@@ -1,13 +1,13 @@
 import { MentionPart } from "@components";
 import { Title } from "@dataesr/react-dsfr";
 import type { NextPage } from "next";
-import { NextSeo } from "next-seo";
+import { DefaultSeo } from "next-seo";
 import React from "react";
 
 const LegalMention: NextPage = () => {
   return (
     <>
-      <NextSeo
+      <DefaultSeo
         title="Template | Mention légales"
         description="Mentions légales de l'application template."
         additionalLinkTags={[

src/pages/politique-confidentialite.tsx

@@ -1,6 +1,6 @@
 import { Table } from "@dataesr/react-dsfr";
 import type { NextPage } from "next";
-import { NextSeo } from "next-seo";
+import { DefaultSeo } from "next-seo";
 import React from "react";
 
 const URL = [
@@ -13,7 +13,7 @@ const URL = [
 const Confidentiality: NextPage = () => {
   return (
     <>
-      <NextSeo
+      <DefaultSeo
         title="Template | Politique de confidentialité"
         description="Politique de confidentialité de l'application template."
         additionalLinkTags={[

src/pages/stats.tsx

@@ -1,7 +1,7 @@
 import { StatsTile } from "@components";
 import { fetchMatomoData, MatomoResult } from "@lib";
 import type { NextPage } from "next";
-import { NextSeo } from "next-seo";
+import { DefaultSeo } from "next-seo";
 import React, { useEffect } from "react";
 
 const Stats: NextPage = () => {
@@ -19,7 +19,7 @@ const Stats: NextPage = () => {
   }, []);
   return (
     <>
-      <NextSeo
+      <DefaultSeo
         title="Template | Statistiques d'utilisation"
         description="Statistiques d'utilisation de l'application template."
         additionalLinkTags={[

tsconfig.json

@@ -24,7 +24,7 @@
       "@lib": ["./src/lib"]
     }
   },
-  "include": ["next-env.d.ts", "**/*.ts", "**/*.tsx", "jest-setup.ts"],
+  "include": ["next-env.d.ts", "**/*.ts", "**/*.tsx"],
   "exclude": [
     "node_modules",
     "next-sitemap.js",