At work, we have an NX mono repo that contains FE dependencies and a NextJS app (unfortunately, this repo is private).
The InfoSec team audited the app, and there is an issue with the JSON files provided by GSSP on "/_next/data/:hash" as they don't have the charset specified on the content-type request header.
I've tried using a middleware but it didn't worked. I've partially solved it with the config shown below:
const nextConfig = {
async headers() {
{
source: '/:path*',
has: [
{
type: 'header',
key: 'x-nextjs-data',
}
],
headers: [
{
key: 'content-type',
value: 'application/json; charset=utf-8',
}
]
}
}
};
The problem I face now is that everything works when the app is served locally. But when deployed, the charset is in there the first time the user loads the page (generally when you hit enter after you put the URL in the bar or the user reloads the page), but it is not when the user navigates through links or the push method from useRouter.
Have you faced something similar? Any help would be appreciated. Thanks!!!