|
|
@@ -11,6 +11,8 @@ const gitSha = cp.execSync('git rev-parse --short HEAD', {
|
|
|
encoding: 'utf8',
|
|
|
});
|
|
|
|
|
|
+const { createSecureHeaders } = require('next-secure-headers');
|
|
|
+
|
|
|
module.exports = withSentryConfig(
|
|
|
withWorkbox(
|
|
|
withBundleAnalyzer({
|
|
|
@@ -21,6 +23,35 @@ module.exports = withSentryConfig(
|
|
|
swSrc: 'src/serviceWorker.js',
|
|
|
exclude: [/manifest\.json$/i],
|
|
|
},
|
|
|
+
|
|
|
+ // added header for local testing only as they are not exported with the app
|
|
|
+ headers() {
|
|
|
+ return [
|
|
|
+ {
|
|
|
+ // Apply these headers to all routes in your application....
|
|
|
+ source: '/(.*)',
|
|
|
+ headers: [
|
|
|
+ ...createSecureHeaders({
|
|
|
+ contentSecurityPolicy: {
|
|
|
+ directives: {
|
|
|
+ defaultSrc: "'none'",
|
|
|
+ imgSrc: "'self' blob:",
|
|
|
+ styleSrc: "'self' 'unsafe-inline'",
|
|
|
+ fontSrc: "'self'",
|
|
|
+ scriptSrc: "'self' 'unsafe-eval'",
|
|
|
+ connectSrc:
|
|
|
+ "'self' https://api.ente.io data:",
|
|
|
+ reportURI:
|
|
|
+ 'https://csp-reporter.ente.workers.dev',
|
|
|
+ reportTo:
|
|
|
+ 'https://csp-reporter.ente.workers.dev',
|
|
|
+ },
|
|
|
+ },
|
|
|
+ }),
|
|
|
+ ],
|
|
|
+ },
|
|
|
+ ];
|
|
|
+ },
|
|
|
// https://dev.to/marcinwosinek/how-to-add-resolve-fallback-to-webpack-5-in-nextjs-10-i6j
|
|
|
webpack: (config, { isServer }) => {
|
|
|
if (!isServer) {
|
Abhinav