From ef856f62b0b31aa80fc2e13c8a1b65acf21e0989 Mon Sep 17 00:00:00 2001 From: Jeff Date: Tue, 25 Jan 2022 21:55:58 -0500 Subject: [PATCH 1/3] chore(docs): update security headers specification fix details on how next handles security headers. * note: check your HSTS at https://hstspreload.org --- docs/advanced-features/security-headers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/advanced-features/security-headers.md b/docs/advanced-features/security-headers.md index 9a3165c0e9ead90..8735b80573381d3 100644 --- a/docs/advanced-features/security-headers.md +++ b/docs/advanced-features/security-headers.md @@ -43,7 +43,7 @@ This header controls DNS prefetching, allowing browsers to proactively perform d This header informs browsers it should only be accessed using HTTPS, instead of using HTTP. Using the configuration below, all present and future subdomains will use HTTPS for a `max-age` of 2 years. This blocks access to pages or subdomains that can only be served over HTTP. -If you're deploying to [Vercel](https://vercel.com/docs/edge-network/headers#strict-transport-security), this header is not necessary as it's automatically added to all deployments. +If you're deploying to [Vercel](https://vercel.com/docs/edge-network/headers#strict-transport-security), this header is not necessary as it's automatically added to all deployments unless you declare headers in your [`next.config.js`](https://nextjs.org/docs/api-reference/next.config.js/introduction)`. ```jsx { From 78ed252064216f94456ad08c69d0a7fba3dbdcab Mon Sep 17 00:00:00 2001 From: Jeff Date: Tue, 25 Jan 2022 22:05:07 -0500 Subject: [PATCH 2/3] Update docs/advanced-features/security-headers.md Co-authored-by: Steven --- docs/advanced-features/security-headers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/advanced-features/security-headers.md b/docs/advanced-features/security-headers.md index 8735b80573381d3..bd3607597c0481d 100644 --- a/docs/advanced-features/security-headers.md +++ b/docs/advanced-features/security-headers.md @@ -43,7 +43,7 @@ This header controls DNS prefetching, allowing browsers to proactively perform d This header informs browsers it should only be accessed using HTTPS, instead of using HTTP. Using the configuration below, all present and future subdomains will use HTTPS for a `max-age` of 2 years. This blocks access to pages or subdomains that can only be served over HTTP. -If you're deploying to [Vercel](https://vercel.com/docs/edge-network/headers#strict-transport-security), this header is not necessary as it's automatically added to all deployments unless you declare headers in your [`next.config.js`](https://nextjs.org/docs/api-reference/next.config.js/introduction)`. +If you're deploying to [Vercel](https://vercel.com/docs/edge-network/headers#strict-transport-security), this header is not necessary as it's automatically added to all deployments unless you declare [`headers`](https://nextjs.org/docs/api-reference/next.config.js/headers) in your `next.config.js`. ```jsx { From f9999227bfec3052ef71fd9d26985f0c3d7edae5 Mon Sep 17 00:00:00 2001 From: Steven Date: Wed, 26 Jan 2022 11:23:46 -0500 Subject: [PATCH 3/3] Remove nextjs.org prefix --- docs/advanced-features/security-headers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/advanced-features/security-headers.md b/docs/advanced-features/security-headers.md index bd3607597c0481d..772d085a09b907f 100644 --- a/docs/advanced-features/security-headers.md +++ b/docs/advanced-features/security-headers.md @@ -43,7 +43,7 @@ This header controls DNS prefetching, allowing browsers to proactively perform d This header informs browsers it should only be accessed using HTTPS, instead of using HTTP. Using the configuration below, all present and future subdomains will use HTTPS for a `max-age` of 2 years. This blocks access to pages or subdomains that can only be served over HTTP. -If you're deploying to [Vercel](https://vercel.com/docs/edge-network/headers#strict-transport-security), this header is not necessary as it's automatically added to all deployments unless you declare [`headers`](https://nextjs.org/docs/api-reference/next.config.js/headers) in your `next.config.js`. +If you're deploying to [Vercel](https://vercel.com/docs/edge-network/headers#strict-transport-security), this header is not necessary as it's automatically added to all deployments unless you declare [`headers`](/docs/api-reference/next.config.js/headers.md) in your `next.config.js`. ```jsx {