Security Headers
MiniWork automatically adds security headers to protect your application.
Default Headers
| Header | Value |
|---|---|
| X-Content-Type-Options | nosniff |
| X-Frame-Options | DENY |
| X-XSS-Protection | 1; mode=block |
| Referrer-Policy | strict-origin-when-cross-origin |
Content Security Policy
export default defineConfig({
security: {
headers: {
contentSecurityPolicy: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-inline'"],
styleSrc: ["'self'", "'unsafe-inline'", "https://fonts.googleapis.com"],
},
},
},
});Rate Limiting
export default defineConfig({
security: {
rateLimit: {
windowMs: 60000, // 1 minute
maxRequests: 100, // 100 requests per minute
message: 'Too many requests',
},
},
});