-
Notifications
You must be signed in to change notification settings - Fork 0
/
next.config.js
133 lines (115 loc) · 3.3 KB
/
next.config.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
const nextBundleAnalyzer = require('@next/bundle-analyzer');
const { i18n } = require('./next-i18next.config');
// TODO Remove 'unsafe-'s when nonce technique is implemented for Google Tag Manager
const contentSecurityPolicy = `
upgrade-insecure-requests;
default-src 'self';
script-src 'self' 'unsafe-inline' 'wasm-eval' 'unsafe-eval' https://vercel.live;
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
font-src 'self' https://fonts.gstatic.com https://assets.vercel.com;
img-src 'self' data: https://assets.vercel.com https://*.walletconnect.com;
connect-src 'self' wss://*.pusher.com https://vitals.vercel-insights.com wss://*.bridge.walletconnect.org wss://*.walletconnect.org wss://*.walletconnect.com wss://www.walletlink.org wss://*.pusher.com https://*.walletconnect.com https://*.neobase.one;
frame-src 'self' https://vercel.live https://*.walletconnect.com;
media-src 'self';
frame-ancestors 'none';
object-src 'none';
`;
const securityHeaders = [
{
key: 'X-Content-Type-Options',
value: 'nosniff',
},
{
// TODO Delete this header when 'unsafe-inline's removed from CSP
key: 'X-XSS-Protection',
value: '1; mode=block',
},
{
key: 'Content-Security-Policy',
value: contentSecurityPolicy.replace(/\s{2,}/g, ' ').trim(),
},
{
key: 'X-DNS-Prefetch-Control',
value: 'on',
},
{
key: 'Strict-Transport-Security',
value: 'max-age=63072000; includeSubDomains; preload', // 2 years
},
{
key: 'Permissions-Policy',
value: 'autoplay=(), fullscreen=()', // https://github.com/w3c/webappsec-permissions-policy/blob/main/features.md
},
{
key: 'Referrer-Policy',
value: 'strict-origin-when-cross-origin', // https://scotthelme.co.uk/a-new-security-header-referrer-policy/
},
{
key: 'Strict-Transport-Security',
value: 'max-age=63072000; includeSubDomains; preload',
},
{
key: 'Cross-Origin-Opener-Policy',
value: 'same-origin',
},
{
key: 'Cross-Origin-Resource-Policy',
value: 'same-origin',
},
];
/** @type {import('next').NextConfig} */
const nextConfig = {
webpack: (config) => {
config.module.rules.push({
test: /\.svg$/,
issuer: /\.tsx?$/,
use: [
{
loader: '@svgr/webpack',
options: {
typescript: true,
filenameCase: 'kebab',
memo: true,
icon: true,
},
},
],
});
return config;
},
// StrictMode renders components twice (in dev environment only) in order to detect any problems with your code and warn you about them (which can be quite useful).
reactStrictMode: true,
swcMinify: true,
compiler: {
removeConsole: process.env.NODE_ENV === 'production',
},
pageExtensions: [
'page.tsx',
'api.ts',
],
rewrites: async () => {
const rewrites = [
{
source: '/api/:slug*',
destination: `${process.env.NEXT_PUBLIC_REST_URL}:slug*`,
},
];
return rewrites;
},
headers: async () => {
if (process.env.NODE_ENV === 'production') {
return [
{
source: '/:path*',
headers: securityHeaders,
},
];
}
return [];
},
i18n,
};
const withBundleAnalyzer = nextBundleAnalyzer({
enabled: process.env.ANALYZE === 'true',
});
module.exports = withBundleAnalyzer(nextConfig);