feat: updated CSP policy

2026-04-22 07:28:01 +03:00 · 2024-08-21 14:24:46 +00:00
parent 4d1662b6ee
commit 9800a796d5
2 changed files with 45 additions and 25 deletions
@@ -0,0 +1,45 @@
+// @ts-check
+
+/** @type {import("next-safe").nextSafe} */
+// @ts-ignore
+const nextSafe = require("next-safe");
+
+/** @type {boolean} */
+const isDev = process.env.NODE_ENV !== "production";
+
+/** @type {import("next").NextConfig} */
+const nextConfig = {
+	output: "standalone",
+	reactStrictMode: true,
+	productionBrowserSourceMaps: true,
+
+	async headers()
+	{
+		return [
+			{
+				source: "/((?!api|_next/static|_next/image|favicon.ico|clarity.js|icon.svg).*)",
+				headers: nextSafe({
+					isDev: false,
+					contentSecurityPolicy:
+					{
+						"script-src": isDev ?
+							"'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com 'unsafe-eval'" :
+							"'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com",
+
+						"connect-src": isDev ?
+							"'self' https://*.clarity.ms https://c.bing.com webpack://*" :
+							"'self' https://*.clarity.ms https://c.bing.com",
+
+						"style-src": "'self' 'unsafe-inline'",
+
+						// @ts-ignore
+						"prefetch-src": false
+					},
+					permissionsPolicy: false
+				})
+			}
+		];
+	}
+};
+
+module.exports = nextConfig;