bizihive/next.config.js

/**
 * @type {import('next').NextConfig}
 */

const ContentSecurityPolicy = `
  object-src 'none';
  base-uri 'none';
  default-src 'self' https://flierland.ca https://*.flierland.ca https://backend.flierland.ca https://www.google.com;
  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://flierland.ca https://backend.flierland.ca https://www.google.com https://www.google-analytics.com https://*.google-analytics.com https://static.cloudflareinsights.com https://www.googletagmanager.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://checkout.stripe.com https://js.stripe.com https://maps.googleapis.com https://www.googleadservices.com https://www.youtube.com;
  connect-src 'self' data: https://flierland.ca https://backend.flierland.ca https://cdn.flierland.ca https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://checkout.stripe.com https://api.stripe.com https://maps.googleapis.com https://www.youtube.com https://static.cloudflareinsights.com;
  style-src 'self' 'unsafe-inline' https://flierland.ca;
  font-src 'self' https://flierland.ca;
  img-src 'self' data: https://backend.flierland.ca https://cdn.flierland.ca https://*.stripe.com https://googleads.g.doubleclick.net https://www.google.com;
  form-action 'self' https://backend.flierland.ca https://flierland.ca;
  frame-src 'self' https://backend.flierland.ca https://flierland.ca https://checkout.stripe.com https://js.stripe.com https://hooks.stripe.com https://www.youtube.com https://www.google.com https://www.googletagmanager.com https://td.doubleclick.net https://www.google.com;
`

const nextConfig = {
  i18n: {
    locales: ['fa', 'en'],
    defaultLocale: 'fa',
    localeDetection: false,
  },
  reactStrictMode: true,
  swcMinify: true,
  experimental: {
    optimisticClientCache: false,
  },
  images: {
    unoptimized: true,
  },
  compiler: {
    removeConsole: process.env.NODE_ENV !== 'development',
  },
  compress: process.env.NODE_ENV !== 'development' && false,
  async headers() {
    return [
      {
        source: '/pics/(.*)',
        headers: [
          {
            key: 'cache-control',
            value: 'public, immutable, max-age=31536000',
          },
        ],
      },
      {
        source: '/fonts/(.*)',
        headers: [
          {
            key: 'cache-control',
            value: 'public, immutable, max-age=31536000',
          },
        ],
      },
      {
        source: '/tinymce/(.*)',
        headers: [
          {
            key: 'cache-control',
            value: 'public, immutable, max-age=31536000',
          },
        ],
      },
      {
        source: '/(.*)',
        headers: process.env.NODE_ENV !== 'development' ? 
        [
          {
            key: 'Content-Security-Policy',
            value: ContentSecurityPolicy.replace(/\s{2,}/g, ' ').trim()
          },
          {
            key: 'X-Frame-Options',
            value: 'DENY',
            //You can use SAMEORIGIN as a value also.
          },
          {
            key: 'X-Content-Type-Options',
            value: 'nosniff',
          }
        ] 
        : 
        [
          {
            key: 'X-Content-Type-Options',
            value: 'nosniff',
          }
        ],
      },
      // {
      //   // matching all API routes
      //   source: "/api/:path*",
      //   headers: [
      //     { key: "Access-Control-Allow-Credentials", value: "true" },
      //     { key: "Access-Control-Allow-Origin", value: "*" }, // replace this your actual origin
      //     { key: "Access-Control-Allow-Methods", value: "GET,DELETE,PATCH,POST,PUT" },
      //     { key: "Access-Control-Allow-Headers", value: "X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version" },
      //   ]
      // }
    ]
  },
}

module.exports = nextConfig;