From ac803a8a86909cf81dde695cb1e4205cfd779fdc Mon Sep 17 00:00:00 2001
From: Jakub Majorek <majorek.jakub@gmail.com>
Date: Fri, 10 Sep 2021 14:26:41 +0200
Subject: [PATCH 1/2] Add security headers (#1096)

---
 next.config.js | 39 +++++++++++++++++++++++++++++++--------
 1 file changed, 31 insertions(+), 8 deletions(-)

diff --git a/next.config.js b/next.config.js
index d3b6713ec3..cfd341dcf2 100644
--- a/next.config.js
+++ b/next.config.js
@@ -8,11 +8,34 @@ const withBaseConfig = require("./config/next/config.base");
 const withDevConfig = require("./config/next/config.dev");
 const withProdConfig = require("./config/next/config.prod");
 
-module.exports = withPlugins([
-  [withOptimizedImages, { handleImages: ["jpeg", "png", "webp", "gif"] }],
-  withTM,
-  withBaseConfig,
-  withServiceWorkerConfig,
-  [withDevConfig, {}, [PHASE_DEVELOPMENT_SERVER]],
-  [withProdConfig, {}, ["!" + PHASE_DEVELOPMENT_SERVER]],
-]);
+module.exports = withPlugins(
+  [
+    [withOptimizedImages, { handleImages: ["jpeg", "png", "webp", "gif"] }],
+    withTM,
+    withBaseConfig,
+    withServiceWorkerConfig,
+    [withDevConfig, {}, [PHASE_DEVELOPMENT_SERVER]],
+    [withProdConfig, {}, ["!" + PHASE_DEVELOPMENT_SERVER]],
+  ],
+  {
+    async headers() {
+      return [
+        {
+          source: "/(.*)",
+          headers: [
+            {
+              key: "x-content-type-options",
+              value: "nosniff",
+            },
+            { key: "x-xss-protection", value: "1" },
+            { key: "x-frame-options", value: "DENY" },
+            {
+              key: "strict-transport-security",
+              value: "max-age=31536000; includeSubDomains",
+            },
+          ],
+        },
+      ];
+    },
+  }
+);

From ad676ebe6469198c73faa4bc80eeb04d2a05a930 Mon Sep 17 00:00:00 2001
From: Dawid Tarasiuk <tarasiukdawid@gmail.com>
Date: Thu, 16 Sep 2021 12:00:20 +0300
Subject: [PATCH 2/2] Fix 404 page issue on payment complete (#1098)

---
 src/@next/pages/CheckoutPage/CheckoutPage.tsx | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/@next/pages/CheckoutPage/CheckoutPage.tsx b/src/@next/pages/CheckoutPage/CheckoutPage.tsx
index 06f96003e2..8ecb3e74be 100755
--- a/src/@next/pages/CheckoutPage/CheckoutPage.tsx
+++ b/src/@next/pages/CheckoutPage/CheckoutPage.tsx
@@ -161,6 +161,7 @@ const CheckoutPage: React.FC<NextPage> = () => {
     setPaymentGatewayErrors([]);
     handleStepSubmitSuccess(CheckoutStep.Review, {
       id: order?.id,
+      orderStatus: order?.status,
       orderNumber: order?.number,
       token: order?.token,
     });
@@ -236,6 +237,7 @@ const CheckoutPage: React.FC<NextPage> = () => {
         setPaymentGatewayErrors([]);
         handleStepSubmitSuccess(CheckoutStep.Review, {
           id: data?.order?.id,
+          orderStatus: data?.order?.status,
           orderNumber: data?.order?.number,
           token: data?.order?.token,
         });