fix : DAST security issue.
This commit is contained in:
6
TODO.md
6
TODO.md
@@ -11,13 +11,13 @@
|
|||||||
- >Logout popup :
|
- >Logout popup :
|
||||||
- >Are you sure want to logout?
|
- >Are you sure want to logout?
|
||||||
- >Home page password Expiry message
|
- >Home page password Expiry message
|
||||||
- Set userId and login with userID
|
- >Set userId and login with userID
|
||||||
- Limit of transaction daily --Asif
|
- Limit of transaction daily --Asif
|
||||||
- >Statement Download
|
- >Statement Download
|
||||||
- >In Every OTP page "Resend button" & 3 min timing of expiry.
|
- >In Every OTP page "Resend button" & 3 min timing of expiry.
|
||||||
- >OTP binding with actual mobile number.
|
- >OTP binding with actual mobile number.
|
||||||
- >Beneficiary delete feature
|
- >Beneficiary delete feature
|
||||||
- IN settings page NOTE position Fixing.
|
- >IN settings page NOTE position Fixing.
|
||||||
- >Admin page
|
- >Admin page
|
||||||
- >give rights
|
- >give rights
|
||||||
- >view rights
|
- >view rights
|
||||||
@@ -25,7 +25,7 @@
|
|||||||
<!-- - >For Migration if user not have password -->
|
<!-- - >For Migration if user not have password -->
|
||||||
- E-mandate
|
- E-mandate
|
||||||
<!-- - Make every page responsive (need to check settings and payment tab) -->
|
<!-- - Make every page responsive (need to check settings and payment tab) -->
|
||||||
- Locked (3 times wrong password in time of login)
|
- >Locked (3 times wrong password in time of login)
|
||||||
- >session timeout
|
- >session timeout
|
||||||
- >login time otp
|
- >login time otp
|
||||||
<!-- - narration (in statement) Last 10 transaction the remarks not comes from subham sites-->
|
<!-- - narration (in statement) Last 10 transaction the remarks not comes from subham sites-->
|
||||||
|
|||||||
@@ -1,24 +1,69 @@
|
|||||||
/** @type {import('next').NextConfig} */
|
/** @type {import('next').NextConfig} */
|
||||||
|
|
||||||
import os from "os";
|
import os from "os";
|
||||||
const isWindows = os.platform() === "win32";
|
const isWindows = os.platform() === "win32";
|
||||||
|
|
||||||
|
// Security headers
|
||||||
|
const securityHeaders = [
|
||||||
|
{
|
||||||
|
key: "Content-Security-Policy",
|
||||||
|
value: `
|
||||||
|
default-src 'self';
|
||||||
|
script-src 'self' 'unsafe-inline' 'unsafe-eval';
|
||||||
|
style-src 'self' 'unsafe-inline';
|
||||||
|
img-src 'self' data:;
|
||||||
|
font-src 'self';
|
||||||
|
connect-src 'self' http://localhost:8080 https://yourdomain.com;
|
||||||
|
frame-ancestors 'none';
|
||||||
|
object-src 'none';
|
||||||
|
base-uri 'self';
|
||||||
|
form-action 'self';
|
||||||
|
`.replace(/\n/g, ""), // remove newlines
|
||||||
|
},
|
||||||
|
{
|
||||||
|
key: "Referrer-Policy",
|
||||||
|
value: "strict-origin-when-cross-origin",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
key: "X-Content-Type-Options",
|
||||||
|
value: "nosniff",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
key: "X-Frame-Options",
|
||||||
|
value: "DENY",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
key: "Permissions-Policy",
|
||||||
|
value: "camera=(), microphone=(), geolocation=()",
|
||||||
|
},
|
||||||
|
];
|
||||||
|
|
||||||
const nextConfig = {
|
const nextConfig = {
|
||||||
|
// Hide "X-Powered-By: Next.js"
|
||||||
|
poweredByHeader: false,
|
||||||
experimental: {
|
experimental: {
|
||||||
serverComponentsExternalPackages: ["typeorm", "knex"],
|
serverComponentsExternalPackages: ["typeorm", "knex"],
|
||||||
},
|
},
|
||||||
reactStrictMode: true,
|
reactStrictMode: true,
|
||||||
// For port transfer
|
|
||||||
async rewrites() {
|
async rewrites() {
|
||||||
return [
|
return [
|
||||||
{
|
{
|
||||||
source: '/api/:path*',
|
source: "/api/:path*",
|
||||||
destination: isWindows
|
destination: isWindows
|
||||||
? "http://localhost:8080/api/:path*" // For Windows
|
? "http://localhost:8080/api/:path*" // For Windows
|
||||||
: "http://localhost:8080/api/:path*", // For Linux/Mac/Server
|
: "http://localhost:8080/api/:path*", // For Linux/Mac/Server
|
||||||
},
|
},
|
||||||
];
|
];
|
||||||
},
|
},
|
||||||
|
|
||||||
|
async headers() {
|
||||||
|
return [
|
||||||
|
{
|
||||||
|
source: "/(.*)", // Apply to all routes
|
||||||
|
headers: securityHeaders,
|
||||||
|
},
|
||||||
|
];
|
||||||
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
export default nextConfig;
|
export default nextConfig;
|
||||||
|
|||||||
@@ -286,20 +286,14 @@ export default function QuickPay() {
|
|||||||
message: "Transaction successful",
|
message: "Transaction successful",
|
||||||
color: "green",
|
color: "green",
|
||||||
});
|
});
|
||||||
setShowTxnPassword(false);
|
return;
|
||||||
setTxnPassword("");
|
|
||||||
setShowOtpField(false);
|
|
||||||
setOtp("");
|
|
||||||
setValidationStatus(null);
|
|
||||||
setBeneficiaryName(null);
|
|
||||||
setTimerActive(false);
|
|
||||||
setCountdown(180);
|
|
||||||
} else {
|
} else {
|
||||||
notifications.show({
|
notifications.show({
|
||||||
title: "Error",
|
title: "Error",
|
||||||
message: result?.error || "Transaction failed",
|
message: result?.error || "Transaction failed",
|
||||||
color: "red",
|
color: "red",
|
||||||
});
|
});
|
||||||
|
return;
|
||||||
}
|
}
|
||||||
} catch {
|
} catch {
|
||||||
notifications.show({
|
notifications.show({
|
||||||
@@ -314,6 +308,8 @@ export default function QuickPay() {
|
|||||||
setBeneficiaryName('');
|
setBeneficiaryName('');
|
||||||
setConfirmBeneficiaryAcc('');
|
setConfirmBeneficiaryAcc('');
|
||||||
setBeneficiaryType(null);
|
setBeneficiaryType(null);
|
||||||
|
setTxnPassword("");
|
||||||
|
setOtp("");
|
||||||
setAmount('');
|
setAmount('');
|
||||||
setRemarks('');
|
setRemarks('');
|
||||||
setIsVisibilityLocked(false);
|
setIsVisibilityLocked(false);
|
||||||
|
|||||||
@@ -14,8 +14,8 @@ interface SendOtpPayload {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function getStoredMobileNumber(): string {
|
function getStoredMobileNumber(): string {
|
||||||
// const mobileNumber = localStorage.getItem('remitter_mobile_no');
|
const mobileNumber = localStorage.getItem('remitter_mobile_no');
|
||||||
const mobileNumber = "7890544527";
|
// const mobileNumber = "7890544527";
|
||||||
if (!mobileNumber) throw new Error('Mobile number not found.');
|
if (!mobileNumber) throw new Error('Mobile number not found.');
|
||||||
return mobileNumber;
|
return mobileNumber;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -45,8 +45,8 @@ export default function Login() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// await sendOtp({ type: 'LOGIN_OTP', username: CIF, mobileNumber: mobile });
|
await sendOtp({ type: 'LOGIN_OTP', username: CIF, mobileNumber: mobile });
|
||||||
await sendOtp({ type: 'LOGIN_OTP', username: CIF, mobileNumber: "7890544527" });
|
// await sendOtp({ type: 'LOGIN_OTP', username: CIF, mobileNumber: "7890544527" });
|
||||||
notifications.show({
|
notifications.show({
|
||||||
color: 'orange',
|
color: 'orange',
|
||||||
title: 'OTP Required',
|
title: 'OTP Required',
|
||||||
@@ -67,8 +67,8 @@ export default function Login() {
|
|||||||
async function handleVerifyOtp(mobile?: string) {
|
async function handleVerifyOtp(mobile?: string) {
|
||||||
try {
|
try {
|
||||||
if (mobile) {
|
if (mobile) {
|
||||||
// await verifyLoginOtp(otp, mobile);
|
await verifyLoginOtp(otp, mobile);
|
||||||
await verifyLoginOtp(otp, '7890544527');
|
// await verifyLoginOtp(otp, '7890544527');
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user