-
Notifications
You must be signed in to change notification settings - Fork 0
/
next.config.mjs
97 lines (90 loc) · 2.39 KB
/
next.config.mjs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
/** @type {import('next').NextConfig} */
import { withPlausibleProxy } from 'next-plausible'
const imageSrcDomains = [
'cdn.sanity.io',
'source.unsplash.com',
'public.tableau.com',
]
// const isAmplify = Boolean(process.env.AWS_APP_ID)
const isProduction = process.env.NODE_ENV === 'production'
const sanityProjectDomain = `https://${process.env.NEXT_PUBLIC_SANITY_PROJECT_ID}.api.sanity.io`
const securityHeaders = [
{
key: 'X-DNS-Prefetch-Control',
value: 'on',
},
{
key: 'Strict-Transport-Security',
value: 'max-age=31536000; includeSubDomains; preload',
},
{
key: 'X-Frame-Options',
value: 'SAMEORIGIN',
},
{
key: 'X-XSS-Protection',
value: '1; mode=block',
},
{
key: 'X-Content-Type-Options',
value: 'nosniff',
},
{
key: 'Referrer-Policy',
value: 'strict-origin-when-cross-origin',
},
{
key: 'Permissions-Policy',
value: 'camera=(), microphone=(), geolocation=(), interest-cohort=()',
},
{
key: 'Content-Security-Policy',
value: `default-src 'self' ${sanityProjectDomain}; img-src ${imageSrcDomains.join(
' '
)} 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com; script-src 'self' https://code.highcharts.com ${
isProduction ? '' : "'unsafe-eval'"
} 'unsafe-hashes' 'sha256-/6SBPqW+GW+//4nlXX6Y1nR9dWlh0gsQJ6KK71djH6A='`,
},
]
const config = withPlausibleProxy()({
output: 'standalone',
images: {
remotePatterns: imageSrcDomains.map((domain) => ({ hostname: domain })),
deviceSizes: [320, 375, 640, 768, 1024, 1280, 1536],
imageSizes: [343, 608],
},
typescript: {
// Set this to false if you want production builds to abort if there's type errors
ignoreBuildErrors: isProduction,
},
eslint: {
/// Set this to false if you want production builds to abort if there's lint errors
ignoreDuringBuilds: isProduction,
},
webpack: (config) => {
config.module.rules.push({
test: /\.svg$/i,
issuer: /\.[jt]sx?$/,
use: ['@svgr/webpack'],
})
return config
},
async headers() {
return [
{
source: '/:path*',
headers: securityHeaders,
},
{
source: '/studio/:path*',
headers: [
{
key: 'Content-Security-Policy',
value: '',
},
],
},
]
},
})
export default config