Status: Planned
Add a vulnerability related to insufficient or missing security headers in Next.js middleware configuration.
Implementation ideas:
- Create or modify
middleware.ts with weak security headers
- Missing or improperly configured headers such as:
- Content-Security-Policy (CSP)
- X-Frame-Options
- X-Content-Type-Options
- Strict-Transport-Security (HSTS)
- Referrer-Policy
- Demonstrate how missing headers enable attacks (e.g., clickjacking, MIME type sniffing)
- Flag could be related to exploiting the lack of security headers
Status: Planned
Add a vulnerability related to insufficient or missing security headers in Next.js middleware configuration.
Implementation ideas:
middleware.tswith weak security headers