next.config.js

 1/** @type {import('next').NextConfig} */
 2module.exports = {
 3  async headers() {
 4    return [
 5      {
 6        source: "/(.*)",
 7        headers: [
 8          {
 9            key: "Content-Security-Policy",
10            value:
11              "default-src 'self'; " +
12              "script-src 'self' 'unsafe-inline' 'unsafe-eval'; " +
13              "style-src 'self' 'unsafe-inline'; " +
14              "img-src 'self' data: blob:; " +
15              "connect-src 'self'; " +
16              "frame-ancestors 'self';",
17          },
18          { key: "X-Frame-Options", value: "SAMEORIGIN" },
19        ],
20      },
21    ];
22  },
23};