From 4592e8250c7ce129babc4d0b39ddfcaeb898974c Mon Sep 17 00:00:00 2001
From: myftija <saadi.myftija@gmail.com>
Date: Mon, 29 Sep 2025 15:00:16 +0200
Subject: [PATCH] fix(webapp): add recommended security headers

Sets `Referrer-Policy`, `X-Content-Type-Options` and `Permissions-Policy` headers.
Relevant against certain types of attacks.
---
 apps/webapp/app/root.tsx | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/apps/webapp/app/root.tsx b/apps/webapp/app/root.tsx
index d481a69ab4..fb5fef9c84 100644
--- a/apps/webapp/app/root.tsx
+++ b/apps/webapp/app/root.tsx
@@ -20,6 +20,13 @@ export const links: LinksFunction = () => {
   return [{ rel: "stylesheet", href: tailwindStylesheetUrl }];
 };
 
+export const headers = () => ({
+  "Referrer-Policy": "strict-origin-when-cross-origin",
+  "X-Content-Type-Options": "nosniff",
+  "Permissions-Policy":
+    "geolocation=(), microphone=(), camera=(), accelerometer=(), gyroscope=(), magnetometer=(), payment=(), usb=()",
+});
+
 export const meta: MetaFunction = ({ data }) => {
   const typedData = data as UseDataFunctionReturn<typeof loader>;
   return [