inbound/next.config.ts at main · inboundemail/inbound · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
import type { NextConfig } from "next";

const nextConfig: NextConfig = {
	/* config options here */
	// Add Turbopack configuration to suppress warnings
	turbopack: {
		// Empty configuration to acknowledge Turbopack usage
	},

	// Performance optimizations for SEO and Core Web Vitals
	experimental: {
		optimizePackageImports: ["inboundemail", "lucide-react", "framer-motion"],
		scrollRestoration: true,
	},

	// Image optimization for better performance
	images: {
		remotePatterns: [
			{
				protocol: "https",
				hostname: "inbound.new",
			},
		],
		formats: ["image/webp", "image/avif"],
		minimumCacheTTL: 86400, // 1 day cache for better performance
		dangerouslyAllowSVG: true,
		contentDispositionType: "attachment",
		contentSecurityPolicy: "default-src 'self'; script-src 'none'; sandbox;",
	},

	// Compression for better performance
	compress: true,

	// Generate ETags for better caching
	generateEtags: true,

	// Power monitoring for performance insights
	poweredByHeader: false,
	async headers() {
		return [
			{
				// API routes: CORS headers + security headers
				source: "/api/:path*",
				headers: [
					{
						key: "Access-Control-Allow-Origin",
						value:
							process.env.NODE_ENV === "development"
								? "https://dev.inbound.new"
								: process.env.VERCEL_URL
									? `https://${process.env.VERCEL_URL}`
									: "https://inbound.new",
					},
					{
						key: "Access-Control-Allow-Methods",
						value: "GET, POST, PUT, DELETE, OPTIONS",
					},
					{
						key: "Access-Control-Allow-Headers",
						value: "Content-Type, Authorization",
					},
					{
						key: "Access-Control-Allow-Credentials",
						value: "true",
					},
					{
						key: "X-Content-Type-Options",
						value: "nosniff",
					},
					{
						key: "Referrer-Policy",
						value: "strict-origin-when-cross-origin",
					},
				],
			},
			{
				// All other routes: security headers (no CORS needed)
				source: "/:path*",
				headers: [
					{
						key: "X-Frame-Options",
						value: "DENY",
					},
					{
						key: "X-Content-Type-Options",
						value: "nosniff",
					},
					{
						key: "Referrer-Policy",
						value: "strict-origin-when-cross-origin",
					},
					{
						key: "Permissions-Policy",
						value: "camera=(), microphone=(), geolocation=()",
					},
				],
			},
		];
	},
	async rewrites() {
		return [
			{
				source: "/blog/images/:path*",
				destination: "/api/blog-images/:path*",
			},
			// Reroute all v2 API requests to e2
			{
				source: "/api/v2/:path*",
				destination: "/api/e2/:path*",
			},
		];
	},
	async redirects() {
		return [
			// Disable v1 API - return 410 Gone
			{
				source: "/api/v1/:path*",
				destination: "/api/deprecated",
				permanent: true,
			},
			// Disable v1.1 API - return 410 Gone
			{
				source: "/api/v1.1/:path*",
				destination: "/api/deprecated",
				permanent: true,
			},
		];
	},
};

export default nextConfig;