forked from kindfi-org/kindfi
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathnext.config.ts
More file actions
129 lines (126 loc) · 5.1 KB
/
Copy pathnext.config.ts
File metadata and controls
129 lines (126 loc) · 5.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
import path from 'node:path'
import { appEnvConfig } from '@packages/lib/config'
import type { AppEnvInterface } from '@packages/lib/types'
import type { NextConfig } from 'next'
const appConfig: AppEnvInterface = appEnvConfig('web')
const isProduction = appConfig.env.nodeEnv === 'production'
const nextConfig: NextConfig = {
transpilePackages: ['@packages/lib', '@packages/drizzle'],
turbopack: {
root: path.join(__dirname, '../..'),
},
// TODO: Fix React module resolution for packages/lib in monorepo type-check
typescript: {
ignoreBuildErrors: true,
},
experimental: {
mdxRs: true,
optimizePackageImports: ['react-icons'],
},
serverExternalPackages: [
'@packages/lib/stellar',
'@packages/lib/passkey',
'@packages/lib/db',
'@packages/lib/supabase-server',
],
images: {
remotePatterns: [
{
protocol: isProduction ? 'https' : 'http',
hostname: new URL(appConfig.database.url).hostname || '127.0.0.1',
port: appConfig.database.port || '54321',
pathname: '/storage/v1/object/public/project_thumbnails/**',
},
{
protocol: 'https',
hostname: '*.supabase.co',
pathname: '/storage/v1/object/public/**',
},
{
protocol: 'https',
hostname: 'randomuser.me',
pathname: '/api/portraits/**',
},
{
protocol: 'https',
hostname: '*.mypinata.cloud',
pathname: '/ipfs/**',
},
],
},
async headers() {
// Apply headers for both production and development
const connectSrc = isProduction
? `'self' https://flagcdn.com https://apis.google.com https://friendbot-futurenet.stellar.org https://www.google-analytics.com https://www.googletagmanager.com https://rpc-futurenet.stellar.org https://horizon-futurenet.stellar.org https://soroban-testnet.stellar.org https://horizon-testnet.stellar.org https://*.kindfi.org https://dev-api.dashboard.kindfi.org https://*.supabase.co https://*.vercel.app https://dev.api.trustlesswork.com https://api.trustlesswork.com`
: `'self' https://friendbot-futurenet.stellar.org http://localhost:* http://127.0.0.1:* https://localhost:* https://127.0.0.1:* https://flagcdn.com https://apis.google.com https://www.google-analytics.com https://www.googletagmanager.com https://rpc-futurenet.stellar.org https://horizon-futurenet.stellar.org https://soroban-testnet.stellar.org https://horizon-testnet.stellar.org https://*.kindfi.org https://dev-api.dashboard.kindfi.org https://*.supabase.co https://*.vercel.app https://dev.api.trustlesswork.com https://api.trustlesswork.com`
if (isProduction) {
return [
{
source: '/:path*',
headers: [
{
key: 'X-Frame-Options',
value: 'SAMEORIGIN',
},
{
key: 'X-Content-Type-Options',
value: 'nosniff',
},
{
key: 'Strict-Transport-Security',
value: 'max-age=31536000; includeSubDomains; preload',
},
{
key: 'Content-Security-Policy',
value: `
default-src 'self';
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.googletagmanager.com;
style-src 'self' 'unsafe-inline';
img-src 'self' data: blob: https://flagcdn.com https://*.jsdelivr.net https://cdn.jsdelivr.net https://unpkg.com https://*.unpkg.com https://raw.githubusercontent.com https://*.githubusercontent.com https://freighter.app https://albedo.link https://rabet.io https://xbull.app https://walletconnect.org https://*.walletconnect.org https://*.walletconnect.com https://stellar.creit.tech https://*.mypinata.cloud;
font-src 'self' data:;
connect-src ${connectSrc};
frame-src 'self' https://www.youtube.com;
frame-ancestors 'self';
upgrade-insecure-requests;
`.replace(/\s{2,}/g, ' '),
},
{
key: 'Referrer-Policy',
value: 'strict-origin-when-cross-origin',
},
{
key: 'X-XSS-Protection',
value: '1; mode=block',
},
],
},
]
}
// Apply more permissive headers for development
return [
{
source: '/:path*',
headers: [
{
key: 'X-Content-Type-Options',
value: 'nosniff',
},
{
key: 'Content-Security-Policy',
value: `
default-src 'self';
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.googletagmanager.com;
style-src 'self' 'unsafe-inline';
img-src 'self' data: blob: https://flagcdn.com https://randomuser.me http://127.0.0.1:54321 https://*.jsdelivr.net https://cdn.jsdelivr.net https://unpkg.com https://*.unpkg.com https://raw.githubusercontent.com https://*.githubusercontent.com https://freighter.app https://albedo.link https://rabet.io https://xbull.app https://walletconnect.org https://*.walletconnect.org https://*.walletconnect.com https://stellar.creit.tech https://*.mypinata.cloud;
font-src 'self' data:;
connect-src ${connectSrc};
frame-src 'self' https://www.youtube.com;
frame-ancestors 'self';
`.replace(/\s{2,}/g, ' '),
},
],
},
]
},
}
module.exports = nextConfig