11const { locales, defaultLocale } = require ( "./data/locales.js" )
22
3+ function notIfProduction ( param ) {
4+ if ( process . env . NODE_ENV === "production" ) return ""
5+ else return param
6+ }
7+
38/** @type {import('next').NextConfig } */
49const nextConfig = {
510 reactStrictMode : true ,
@@ -21,15 +26,42 @@ const nextConfig = {
2126 "/favicon-:all*(png)" ,
2227 "/app-icon.png" ,
2328 "/preview.png" ,
24- ] . map ( ( source ) => ( {
25- source,
26- headers : [
27- {
28- key : "Cache-control" ,
29- value : "max-age=3600, stale-while-revalidate" ,
30- } ,
31- ] ,
32- } ) )
29+ ]
30+ . map ( ( source ) => ( {
31+ source,
32+ headers : [
33+ {
34+ key : "Cache-control" ,
35+ value : "max-age=3600, stale-while-revalidate" ,
36+ } ,
37+ ] ,
38+ } ) )
39+ . concat ( {
40+ source : "/(.*)?" ,
41+ headers : [
42+ {
43+ key : "X-Frame-Options" ,
44+ value : "SAMEORIGIN" ,
45+ } ,
46+ {
47+ key : "X-Content-Type-Options" ,
48+ value : "nosniff" ,
49+ } ,
50+ {
51+ key : "Permissions-Policy" ,
52+ value :
53+ "camera=(), microphone=(), geolocation=(), browsing-topics=()" ,
54+ } ,
55+ {
56+ key : "Referrer-Policy" ,
57+ value : "origin-when-cross-origin" ,
58+ } ,
59+ {
60+ key : "Content-Security-Policy" ,
61+ value : `default-src 'self'; child-src 'none'; object-src 'none'; img-src 'self' proxy.joinmastodon.org blob: data:; style-src 'self' 'unsafe-inline'; script-src 'self' ${ notIfProduction ( "'unsafe-inline' 'unsafe-eval'" ) } ,
62+ } ,
63+ ] ,
64+ } )
3365 } ,
3466 async redirects ( ) {
3567 return [
@@ -82,6 +114,7 @@ const nextConfig = {
82114 fileLoaderRule . exclude = / \. s v g $ / i
83115 return config
84116 } ,
117+ poweredByHeader : false ,
85118 output : "standalone" ,
86119}
87120
0 commit comments