-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathnext.config.ts
More file actions
103 lines (97 loc) · 3.36 KB
/
Copy pathnext.config.ts
File metadata and controls
103 lines (97 loc) · 3.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
import type { NextConfig } from "next";
// ── Content Security Policy ───────────────────────────────────────────
// Based on Privy CSP guidance: https://docs.privy.io/guides/security/content-security-policy
const isDev = process.env.NODE_ENV === "development";
const cspDirectives = {
"default-src": ["'self'"],
"script-src": [
"'self'",
"'unsafe-inline'", // Next.js injects inline bootstrap scripts
...(isDev ? ["'unsafe-eval'"] : []), // Next.js HMR / React Fast Refresh
"https://challenges.cloudflare.com",
],
"style-src": ["'self'", "'unsafe-inline'"],
"img-src": ["'self'", "data:", "blob:"],
"font-src": ["'self'"],
"object-src": ["'none'"],
"base-uri": ["'self'"],
"form-action": ["'self'"],
"frame-ancestors": ["'none'"],
"child-src": [
"https://auth.privy.io",
"https://verify.walletconnect.com",
"https://verify.walletconnect.org",
],
"frame-src": [
"https://auth.privy.io",
"https://verify.walletconnect.com",
"https://verify.walletconnect.org",
"https://challenges.cloudflare.com",
],
"connect-src": [
"'self'",
// Privy & WalletConnect
"https://auth.privy.io",
"wss://relay.walletconnect.com",
"wss://relay.walletconnect.org",
"wss://www.walletlink.org",
"https://*.rpc.privy.systems",
"https://explorer-api.walletconnect.com",
// Alchemy RPC (client-side via NEXT_PUBLIC_RPC_* transports)
"https://*.g.alchemy.com",
// Biconomy MEE bundler
"https://*.biconomy.io",
// PostHog UI host (data flows through /ingest proxy → 'self')
"https://us.posthog.com",
],
"worker-src": ["'self'"],
"manifest-src": ["'self'"],
};
const cspHeader = Object.entries(cspDirectives)
.map(([key, values]) => `${key} ${values.join(" ")}`)
.join("; ");
// ── Security Headers ──────────────────────────────────────────────────
// https://docs.privy.io/security/implementation-guide/security-checklist
const securityHeaders = [
{ key: "Content-Security-Policy", value: cspHeader },
{ key: "Strict-Transport-Security", value: "max-age=63072000; includeSubDomains; preload" },
{ key: "X-Content-Type-Options", value: "nosniff" },
{ key: "X-Frame-Options", value: "DENY" },
{ key: "Referrer-Policy", value: "strict-origin-when-cross-origin" },
{ key: "X-DNS-Prefetch-Control", value: "off" },
{
key: "Permissions-Policy",
value: [
"camera=()",
"microphone=()",
"geolocation=()",
"interest-cohort=()",
].join(", "),
},
];
// ── Next.js Config ────────────────────────────────────────────────────
const nextConfig: NextConfig = {
serverExternalPackages: ["@biconomy/abstractjs"],
async headers() {
return [
{
source: "/:path*",
headers: securityHeaders,
},
];
},
async rewrites() {
return [
{
source: "/ingest/static/:path*",
destination: "https://us-assets.i.posthog.com/static/:path*",
},
{
source: "/ingest/:path*",
destination: "https://us.i.posthog.com/:path*",
},
];
},
skipTrailingSlashRedirect: true,
};
export default nextConfig;