From 9800a796d5478b97a1abcb1abaaeaa60c3bd47da Mon Sep 17 00:00:00 2001 From: Eugene Fox Date: Wed, 21 Aug 2024 14:24:46 +0000 Subject: [PATCH] feat: updated CSP policy --- next.config.js | 45 +++++++++++++++++++++++++++++++++++++++++++++ next.config.mjs | 25 ------------------------- 2 files changed, 45 insertions(+), 25 deletions(-) create mode 100644 next.config.js delete mode 100644 next.config.mjs diff --git a/next.config.js b/next.config.js new file mode 100644 index 0000000..b49eaf5 --- /dev/null +++ b/next.config.js @@ -0,0 +1,45 @@ +// @ts-check + +/** @type {import("next-safe").nextSafe} */ +// @ts-ignore +const nextSafe = require("next-safe"); + +/** @type {boolean} */ +const isDev = process.env.NODE_ENV !== "production"; + +/** @type {import("next").NextConfig} */ +const nextConfig = { + output: "standalone", + reactStrictMode: true, + productionBrowserSourceMaps: true, + + async headers() + { + return [ + { + source: "/((?!api|_next/static|_next/image|favicon.ico|clarity.js|icon.svg).*)", + headers: nextSafe({ + isDev: false, + contentSecurityPolicy: + { + "script-src": isDev ? + "'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com 'unsafe-eval'" : + "'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com", + + "connect-src": isDev ? + "'self' https://*.clarity.ms https://c.bing.com webpack://*" : + "'self' https://*.clarity.ms https://c.bing.com", + + "style-src": "'self' 'unsafe-inline'", + + // @ts-ignore + "prefetch-src": false + }, + permissionsPolicy: false + }) + } + ]; + } +}; + +module.exports = nextConfig; diff --git a/next.config.mjs b/next.config.mjs deleted file mode 100644 index 887988e..0000000 --- a/next.config.mjs +++ /dev/null @@ -1,25 +0,0 @@ -// @ts-check - -/** @type {import("next").NextConfig} */ -const nextConfig = { - output: "standalone", - reactStrictMode: true, - productionBrowserSourceMaps: true, - async headers() - { - return [ - { - source: "/(.*)", - headers: - [ - { - key: "Content-Security-Policy", - value: "default-src 'self' https://*.clarity.ms https://c.bing.com 'unsafe-inline';" - } - ] - } - ]; - } -}; - -export default nextConfig;