First @dzeio/config version

Signed-off-by: Avior <florian.bouillon@delta-wings.net>

packages/config/next.config.ts

@@ -0,0 +1,125 @@
+import { NextConfig, defaultConfig } from 'next/dist/next-server/server/config-shared'
+import { PHASE_DEVELOPMENT_SERVER } from 'next/constants'
+// @ts-expect-error next-pre-css has no typing available
+import preCSS from 'next-pre-css'
+
+/**
+ * Return a default NextJS hardened configuration with experimental features enabled and headers preset
+ */
+export const config = (additionnalHost: string): typeof defaultConfig & NextConfig => ({
+	// Experimentals
+	experimental: {
+		plugins: true,
+		profiling: process.env.NODE_ENV === 'developpment',
+		sprFlushToDisk: true,
+		workerThreads: true,
+
+		pageEnv: true,
+		optimizeImages: true,
+		optimizeCss: true,
+
+		scrollRestoration: true,
+
+		stats: process.env.NODE_ENV === 'developpment',
+		gzipSize: process.env.NODE_ENV === 'developpment',
+		externalDir: true,
+
+
+		conformance: true,
+
+		// Bugged
+		// https://github.com/vercel/next.js/issues/18913
+		// reactRoot: true,
+	},
+
+	// Non experimental config
+	// target: 'serverless',
+	cleanDistDir: true,
+	trailingSlash: false,
+	excludeDefaultMomentLocales: true,
+	poweredByHeader: false,
+	reactStrictMode: true,
+
+	// Futures
+	future: {
+		strictPostcssConfiguration: true,
+	},
+
+	// Headers and rewrites
+	async headers() {
+		// CSS no CSP, x-xss-protection
+		const CSP = {
+			key: 'Content-Security-Policy',
+			value:
+				// default-src is set to self because prefetch-src is not working propelly see: https://bugs.chromium.org/p/chromium/issues/detail?id=801561
+				"default-src 'self'; " +
+				"frame-ancestors 'none'; " +
+				"form-action 'self'; " +
+				"manifest-src 'self'; " +
+				"prefetch-src 'self'; " +
+				`script-src 'self' 'unsafe-inline' 'unsafe-eval' ${additionnalHost}; ` +
+				"style-src 'self' 'unsafe-inline'; " +
+				"img-src data: 'self'; " +
+				"font-src 'self'; " +
+				`connect-src 'self' ${additionnalHost}; ` +
+				"base-uri 'self';"
+		}
+		const XXssProtection = {
+			key: 'X-XSS-Protection',
+			value: '1; mode=block'
+		}
+		// JS no x-xss-protection
+
+		const headers = [{
+			key: 'X-Frame-Options',
+			value: 'DENY'
+		}, {
+			key: 'X-Content-Type-Options',
+			value: 'nosniff'
+		}, {
+			key: 'Referrer-Policy',
+			value: 'strict-origin-when-cross-origin'
+		}, {
+			key: 'Permissions-Policy',
+			value: 'geolocation=(), microphone=(), interest-cohort=()'
+		}, {
+			key: 'Strict-Transport-Security',
+			value: 'max-age=63072000; includeSubDomains; preload'
+		}, {
+			key: 'X-Download-Options',
+			value: 'noopen'
+		}, {
+			key: 'Expect-CT',
+			value: 'max-age=86400, enforce'
+		}]
+		const excludedExtensions = ['js', 'css', 'json', 'ico', 'png']
+			.map((ext) => `(?!\\.${ext}$)`).join('|')
+		return [{
+			source: `/:path*((?!^\\/_next\\/image)|${excludedExtensions})`,
+			headers: [...headers, XXssProtection, CSP]
+		}, {
+			source: '/',
+			headers: [...headers, XXssProtection, CSP]
+		}, {
+			// No CSP, XXssProtection
+			source: `/:path*(\\.${excludedExtensions}$)`,
+			headers: headers
+		}, {
+			// No CSP, XXssProtection
+			source: '/_next/image:path*',
+			headers: headers
+		}]
+	},
+})
+
+export const plugins = [preCSS, {
+	cssModules: true,
+	cssLoaderOptions: {
+		localIdentName: "[hash:base64:6]",
+	},
+	[PHASE_DEVELOPMENT_SERVER]: {
+		cssLoaderOptions: {
+			localIdentName: "[path][name]__[local]"
+		}
+	}
+}]