import type { HttpContext } from '@adonisjs/core/http'

export default class SecurityHeadersMiddleware {
  async handle({ response }: HttpContext, next: () => Promise<void>) {
    response.header('X-Frame-Options', 'DENY')
    response.header('Content-Security-Policy', "frame-ancestors 'none'")
    response.header('X-Content-Type-Options', 'nosniff')
    response.header('X-XSS-Protection', '1; mode=block')
    response.header('Strict-Transport-Security', 'max-age=63072000; includeSubDomains; preload')

    await next()
  }
}