-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathnext.config.ts
More file actions
112 lines (95 loc) · 3.28 KB
/
next.config.ts
File metadata and controls
112 lines (95 loc) · 3.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
import type { NextConfig } from "next";
// Security headers configuration
const securityHeaders = [
{
key: 'X-Content-Type-Options',
value: 'nosniff',
},
{
key: 'X-Frame-Options',
value: 'DENY',
},
{
key: 'X-XSS-Protection',
value: '1; mode=block',
},
{
key: 'Referrer-Policy',
value: 'strict-origin-when-cross-origin',
},
{
key: 'Permissions-Policy',
value: 'camera=(), microphone=(self), geolocation=()',
},
// HSTS - only in production to avoid issues with localhost
...(process.env.NODE_ENV === 'production'
? [
{
key: 'Strict-Transport-Security',
value: 'max-age=31536000; includeSubDomains',
},
]
: []),
{
key: 'Content-Security-Policy',
value: [
"default-src 'self'",
// Next.js requires 'unsafe-inline' and 'unsafe-eval' for script execution
"script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://us-assets.i.posthog.com https://eu-assets.i.posthog.com",
"style-src 'self' 'unsafe-inline'",
"img-src 'self' data: blob: https: https://www.googletagmanager.com",
// Allow connections to self, backend API (localhost in dev), and production domains
"connect-src 'self' http://localhost:8000 https://backend.memexllm.xyz https://worker.memexllm.xyz https://*.supabase.co https://*.supabase.in wss://*.supabase.co wss://*.supabase.in https://*.sentry.io https://*.posthog.com https://us.i.posthog.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com",
"font-src 'self' data:",
"media-src 'self' blob: https://*.supabase.co https://*.supabase.in", // Critical for audio playback
"frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com",
"frame-ancestors 'none'",
"base-uri 'self'",
"form-action 'self'",
].join('; '),
},
];
const nextConfig: NextConfig = {
// Disable Turbopack (use stable Webpack instead due to Turbopack crashes)
// experimental: {
// turbo: {},
// },
images: {
remotePatterns: [
{
protocol: 'https',
hostname: '**',
},
],
unoptimized: false, // Enable image optimization
},
// Apply security headers to all routes
async headers() {
return [
{
// Apply to all routes
source: '/:path*',
headers: securityHeaders,
},
];
},
};
const { withSentryConfig } = require("@sentry/nextjs");
export default withSentryConfig(nextConfig, {
// For all available options, see:
// https://github.com/getsentry/sentry-webpack-plugin#options
org: "synapseai",
project: "javascript-nextjs-sentry",
// Only print logs for uploading source maps in CI
silent: !process.env.CI,
// For all available options, see:
// https://docs.sentry.io/platforms/javascript/guides/nextjs/manual-setup/
// Upload a larger set of source maps for prettier stack traces (increases build time)
widenClientFileUpload: true,
// Route browser requests to Sentry through the Next.js rewrite to circumvent ad-blockers
tunnelRoute: "/monitoring",
// Hides source maps from generated client bundles
hideSourceMaps: true,
// Automatically tree-shake Sentry logger statements to reduce bundle size
disableLogger: true,
});