I am attempting to set frame-ancestors dynamically by returning a value from a TRPC route based on the path passed to my middleware function. This is the error I am receiving:
Error [ERR_HTTP_HEADERS_SENT]: Cannot append headers after they are sent to the client
I am a beginner when it comes to middleware and CSP so any tips are appreciated.
middleware.ts:
import { NextRequest, NextResponse } from "next/server";
import { api } from "./trpc/server";
export async function middleware(request: NextRequest) {
const path = request.nextUrl.pathname;
const frameAncestors = await api.csp.getSources({ path: path });
const nonce = Buffer.from(crypto.randomUUID()).toString("base64");
const cspHeader = `
frame-ancestors ${frameAncestors};
`;
// Replace newline characters and spaces
const contentSecurityPolicyHeaderValue = cspHeader
.replace(/s{2,}/g, " ")
.trim();
const requestHeaders = new Headers(request.headers);
requestHeaders.set("x-nonce", nonce);
requestHeaders.set(
"Content-Security-Policy",
contentSecurityPolicyHeaderValue,
);
const response = NextResponse.next({
request: {
headers: requestHeaders,
},
});
response.headers.set(
"Content-Security-Policy",
contentSecurityPolicyHeaderValue,
);
return response;
}
export const config = {
matcher: "/some_path/:path*",
};
New contributor
Zac is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.