-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathnext.config.ts
59 lines (55 loc) · 1.39 KB
/
next.config.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
import type { NextConfig } from "next";
const cspDirectives = {
"default-src": ["'self'"],
"script-src": [
"'self'",
"'unsafe-eval'",
"'unsafe-inline'",
"https://va.vercel-scripts.com",
],
"style-src": ["'self'", "'unsafe-inline'"],
"img-src": ["'self'", "blob:", "data:", "https://cdn.sanity.io"],
"font-src": ["'self'"],
"object-src": ["'none'"],
"base-uri": ["'self'"],
"form-action": ["'self'"],
"frame-ancestors": ["'self'", "https://presentasjon.dfweb.no"],
"connect-src": [
"'self'",
"https://api.emailjs.com",
"https://va.vercel-scripts.com",
],
};
const buildCspHeader = (directives: Record<string, string[]>) =>
Object.entries(directives)
.map(([key, values]) => `${key} ${values.join(" ")};`)
.join(" ") + " upgrade-insecure-requests;";
const nextConfig: NextConfig = {
images: {
remotePatterns: [
{
protocol: "https",
hostname: "cdn.sanity.io",
},
],
},
async headers() {
return [
{
source: "/:path*",
headers: [
{
key: "X-Frame-Options",
value: "ALLOW-FROM https://presentasjon.dfweb.no",
},
{ key: "X-Content-Type-Options", value: "nosniff" },
{
key: "Content-Security-Policy",
value: buildCspHeader(cspDirectives),
},
],
},
];
},
};
export default nextConfig;