 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/domains/lavocat.ca/public_html/src/ |
import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';
export function middleware(request: NextRequest) {
// Check if the request is coming over HTTP
const forwardedProto = request.headers.get('x-forwarded-proto');
const host = request.headers.get('host');
// Only force HTTPS redirect for HTTP requests in production
// TEMPORARILY DISABLED FOR DOMAIN TESTING
// if (
// process.env.NODE_ENV === 'production' &&
// forwardedProto === 'http' &&
// host
// ) {
// const httpsUrl = `https://${host}${request.nextUrl.pathname}${request.nextUrl.search}`;
// return NextResponse.redirect(httpsUrl, 301);
// }
// Add security headers
const response = NextResponse.next();
// Security headers
response.headers.set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');
response.headers.set('X-Content-Type-Options', 'nosniff');
response.headers.set('X-Frame-Options', 'DENY');
response.headers.set('X-XSS-Protection', '1; mode=block');
response.headers.set('Referrer-Policy', 'strict-origin-when-cross-origin');
response.headers.set('Permissions-Policy', 'camera=(), microphone=(), geolocation=()');
return response;
}
export const config = {
matcher: [
/*
* Match all request paths except for the ones starting with:
* - api (API routes)
* - _next/static (static files)
* - _next/image (image optimization files)
* - favicon.ico (favicon file)
* - uploads (uploaded files)
*/
'/((?!api|_next/static|_next/image|favicon.ico|uploads).*)',
],
};