backend/src/app.module.ts

@@ -1,8 +1,9 @@
-import { Module } from '@nestjs/common';
+import { MiddlewareConsumer, Module, RequestMethod } from '@nestjs/common';
 import { AppController } from './app.controller';
 import { AppService } from './app.service';
 import { ConfigModule } from '@nestjs/config';
 import { DatabaseModule } from './modules/database-module/database.module';
+import { CspMiddleware } from './middleware/csp-middleware/csp-middleware';
 
 @Module({
   imports: [
@@ -14,4 +15,10 @@ import { DatabaseModule } from './modules/database-module/database.module';
   controllers: [AppController],
   providers: [AppService],
 })
-export class AppModule {}
+export class AppModule {
+  configure(consumer: MiddlewareConsumer) {
+    consumer
+      .apply(CspMiddleware)
+      .forRoutes({ path: '*', method: RequestMethod.ALL });
+  }
+}

backend/src/middleware/csp-middleware/csp-middleware.ts

@@ -0,0 +1,17 @@
+import { Injectable, NestMiddleware } from '@nestjs/common';
+import { Request, Response, NextFunction } from 'express';
+import { ConfigService } from '@nestjs/config';
+import { log } from 'console';
+
+@Injectable()
+export class CspMiddleware implements NestMiddleware {
+  constructor(private configService: ConfigService) {}
+
+  use(req: Request, res: Response, next: NextFunction): void {
+    const cspDirectives = this.configService.get<string>('CSP_DIRECTIVES');
+    if (cspDirectives) {
+      res.setHeader('Content-Security-Policy', cspDirectives);
+    }
+    next();
+  }
+}