108 lines
2.7 KiB
JavaScript
108 lines
2.7 KiB
JavaScript
import { withPayload } from '@payloadcms/next/withPayload'
|
|
import redirects from './redirects.js'
|
|
|
|
const NEXT_PUBLIC_SERVER_URL = process.env.VERCEL_PROJECT_PRODUCTION_URL
|
|
? `https://${process.env.VERCEL_PROJECT_PRODUCTION_URL}`
|
|
: undefined || process.env.__NEXT_PRIVATE_ORIGIN || 'http://localhost:3000'
|
|
|
|
const ContentSecurityPolicy = `
|
|
default-src 'self';
|
|
script-src 'self' 'unsafe-inline'
|
|
https://layerandmesh.lime-forms.com
|
|
https://matomo.layermesh.se
|
|
https://maps.googleapis.com
|
|
https://maps.gstatic.com;
|
|
style-src 'self' 'unsafe-inline'
|
|
https://layerandmesh.lime-forms.com;
|
|
img-src 'self' data: blob:
|
|
https://matomo.layermesh.se
|
|
https://img.youtube.com
|
|
https://*.vimeocdn.com
|
|
https://maps.googleapis.com
|
|
https://maps.gstatic.com;
|
|
font-src 'self';
|
|
connect-src 'self'
|
|
https://matomo.layermesh.se
|
|
https://layerandmesh.lime-forms.com
|
|
https://maps.googleapis.com
|
|
https://*.googleapis.com;
|
|
frame-src 'self'
|
|
https://www.youtube.com
|
|
https://www.youtube-nocookie.com
|
|
https://player.vimeo.com
|
|
https://www.google.com
|
|
https://maps.google.com;
|
|
worker-src 'self';
|
|
media-src 'self' https://player.vimeo.com;
|
|
object-src 'none';
|
|
base-uri 'self';
|
|
form-action 'self' https://layerandmesh.lime-forms.com;
|
|
frame-ancestors 'self';
|
|
upgrade-insecure-requests;
|
|
`
|
|
|
|
const securityHeaders = [
|
|
{
|
|
key: 'Content-Security-Policy',
|
|
value: ContentSecurityPolicy.replace(/\s{2,}/g, ' ').trim(),
|
|
},
|
|
{
|
|
key: 'Strict-Transport-Security',
|
|
value: 'max-age=63072000; includeSubDomains',
|
|
},
|
|
{
|
|
key: 'X-Frame-Options',
|
|
value: 'SAMEORIGIN',
|
|
},
|
|
{
|
|
key: 'X-Content-Type-Options',
|
|
value: 'nosniff',
|
|
},
|
|
{
|
|
key: 'Referrer-Policy',
|
|
value: 'strict-origin-when-cross-origin',
|
|
},
|
|
{
|
|
key: 'Permissions-Policy',
|
|
value: 'camera=(), microphone=(), geolocation=(), payment=(), usb=(), accelerometer=(), gyroscope=()',
|
|
},
|
|
]
|
|
|
|
/** @type {import('next').NextConfig} */
|
|
const nextConfig = {
|
|
experimental: {
|
|
workerThreads: false,
|
|
cpus: 1,
|
|
},
|
|
images: {
|
|
remotePatterns: [
|
|
...[NEXT_PUBLIC_SERVER_URL].map((item) => {
|
|
const url = new URL(item)
|
|
return {
|
|
hostname: url.hostname,
|
|
protocol: url.protocol.replace(':', ''),
|
|
}
|
|
}),
|
|
],
|
|
},
|
|
webpack: (webpackConfig) => {
|
|
webpackConfig.resolve.extensionAlias = {
|
|
'.cjs': ['.cts', '.cjs'],
|
|
'.js': ['.ts', '.tsx', '.js', '.jsx'],
|
|
'.mjs': ['.mts', '.mjs'],
|
|
}
|
|
return webpackConfig
|
|
},
|
|
reactStrictMode: true,
|
|
redirects,
|
|
async headers() {
|
|
return [
|
|
{
|
|
source: '/((?!admin|api).*)',
|
|
headers: securityHeaders,
|
|
},
|
|
]
|
|
},
|
|
}
|
|
|
|
export default withPayload(nextConfig, { devBundleServerPackages: false }) |