-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathnext.config.mjs
More file actions
143 lines (129 loc) · 3.55 KB
/
Copy pathnext.config.mjs
File metadata and controls
143 lines (129 loc) · 3.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
/** @type {import('next').NextConfig} */
import { dirname } from 'node:path'
import { fileURLToPath } from 'node:url'
const repoRoot = dirname(fileURLToPath(import.meta.url))
const isProduction = process.env.NODE_ENV === 'production'
const cspEnabled = process.env.FUNDWISE_ENABLE_CSP === 'true'
function getOrigin(value) {
if (!value) return null
try {
return new URL(value).origin
} catch {
return null
}
}
function getOriginsFromCsv(value) {
return (value || '')
.split(',')
.map((item) => getOrigin(item.trim()))
.filter(Boolean)
}
const dynamicConnectOrigins = [
getOrigin(process.env.NEXT_PUBLIC_SOLANA_RPC_URL),
...getOriginsFromCsv(process.env.NEXT_PUBLIC_SOLANA_RPC_FALLBACK_URLS),
getOrigin(process.env.NEXT_PUBLIC_SUPABASE_URL),
].filter(Boolean)
const baselineSecurityHeaders = [
{ key: 'X-Content-Type-Options', value: 'nosniff' },
{ key: 'X-Frame-Options', value: 'DENY' },
{ key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin' },
{
key: 'Permissions-Policy',
value: [
'camera=(self)',
'clipboard-read=(self)',
'clipboard-write=(self)',
'geolocation=()',
'microphone=()',
'payment=()',
'usb=()',
'serial=()',
'bluetooth=()',
'browsing-topics=()',
].join(', '),
},
]
if (isProduction) {
baselineSecurityHeaders.push({
key: 'Strict-Transport-Security',
value: 'max-age=63072000; includeSubDomains; preload',
})
}
const connectSrc = [
"'self'",
'https://api.devnet.solana.com',
'https://api.mainnet-beta.solana.com',
'https://*.helius-rpc.com',
'https://*.supabase.co',
'wss://*.supabase.co',
'https://li.quest',
'https://*.li.quest',
'https://*.lifi.io',
'https://*.lifi.org',
'https://*.lifi.xyz',
'https://*.zerion.io',
'https://open.er-api.com',
...dynamicConnectOrigins,
]
const cspHeader = [
"default-src 'self'",
`script-src 'self' 'unsafe-inline'${isProduction ? '' : " 'unsafe-eval'"}`,
"style-src 'self' 'unsafe-inline'",
"img-src 'self' data: blob: https:",
"font-src 'self' data:",
`connect-src ${[...new Set(connectSrc)].join(' ')}`,
"frame-src 'self' https://*.li.quest https://*.lifi.xyz",
"worker-src 'self' blob:",
"object-src 'none'",
"base-uri 'self'",
"form-action 'self'",
"frame-ancestors 'none'",
].join('; ')
const securityHeaders = cspEnabled
? [...baselineSecurityHeaders, { key: 'Content-Security-Policy', value: cspHeader }]
: baselineSecurityHeaders
const nextConfig = {
outputFileTracingRoot: repoRoot,
async headers() {
return [
{
source: '/(.*)',
headers: securityHeaders,
},
]
},
// Avoid SegmentViewNode / next-devtools RSC client manifest errors in dev (Next 15.5).
experimental: {
devtoolSegmentExplorer: false,
},
images: {
formats: ['image/webp', 'image/avif'],
deviceSizes: [640, 750, 828, 1080, 1200, 1920, 2048, 3840],
imageSizes: [16, 32, 48, 64, 96, 128, 256, 384],
},
webpack: (config, { isServer }) => {
// Fix for pino-pretty and other Node.js modules
if (!isServer) {
config.resolve.fallback = {
...config.resolve.fallback,
fs: false,
net: false,
tls: false,
crypto: false,
stream: false,
url: false,
zlib: false,
http: false,
https: false,
assert: false,
os: false,
path: false,
'pino-pretty': false,
}
}
// Ignore warnings about these modules
config.externals.push('pino-pretty', 'lokijs', 'encoding')
return config
},
}
export default nextConfig