security: add headers, fetch timeouts, Retry-After cap, env validation

- next.config.ts: CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy - sixflags.ts: cap Retry-After at 5 min; add 15s AbortSignal.timeout() - queuetimes.ts: add 10s AbortSignal.timeout() - rcdb.ts: add 15s AbortSignal.timeout() - lib/env.ts: parseStalenessHours() guards against NaN from invalid env vars - db.ts + park-meta.ts: use parseStalenessHours() for staleness window config Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-04 17:13:01 -04:00
parent e1b0e5e44d
commit 6bb35d468f
7 changed files with 46 additions and 7 deletions
--- a/lib/scrapers/queuetimes.ts
+++ b/lib/scrapers/queuetimes.ts
@@ -77,6 +77,7 @@ export async function fetchLiveRides(
    const res = await fetch(url, {
      headers: HEADERS,
      next: { revalidate },
+      signal: AbortSignal.timeout(10_000),
    } as RequestInit & { next: { revalidate: number } });

    if (!res.ok) return null;