diff --git a/packages/config/next.config.ts b/packages/config/next.config.ts index f8a773b..f58c2d1 100644 --- a/packages/config/next.config.ts +++ b/packages/config/next.config.ts @@ -1,57 +1,49 @@ import { NextConfig, defaultConfig } from 'next/dist/server/config-shared' import { PHASE_DEVELOPMENT_SERVER } from 'next/constants' +import { objectLoop } from '@dzeio/object-util' // @ts-expect-error next-pre-css has no typing available import preCSS from 'next-pre-css' +interface Options { + /** + * Hold the lit of additionnal hosts the frontend might connect to + */ + hosts?: Partial +>> +} + /** * Return a default NextJS hardened configuration with experimental features enabled and headers preset */ -export const config = (additionnalHost: string): typeof defaultConfig & NextConfig => ({ - // Experimentals - experimental: { - plugins: true, - profiling: process.env.NODE_ENV === 'developpment', - isrFlushToDisk: true, - - // Bugged - // https://github.com/vercel/next.js/issues/18913 - // reactRoot: true, - workerThreads: true, - - pageEnv: true, - optimizeImages: true, - optimizeCss: true, - - scrollRestoration: true, - - stats: process.env.NODE_ENV === 'developpment', - externalDir: true, - conformance: true, - disableOptimizedLoading: false, - gzipSize: process.env.NODE_ENV === 'developpment', - craCompat: false, - - - - }, - +export const config = (options?: Options): typeof defaultConfig & NextConfig => ({ excludeDefaultMomentLocales: true, trailingSlash: false, cleanDistDir: true, generateEtags: true, compress: false, - // Non experimental config - // target: 'serverless', + poweredByHeader: false, reactStrictMode: true, - // Futures - future: { - strictPostcssConfiguration: true, - }, + crossOrigin: 'anonymous', + swcMinify: true, + // Headers and rewrites async headers() { + const hosts = options?.hosts ?? {} + + + let hostlist: Array = [] + + objectLoop(hosts, (it) => { + hostlist.push(...it) + }) + + hostlist = hostlist.filter((it, index, arr) => arr.indexOf(it) === index) + // CSS no CSP, x-xss-protection const CSP = { key: 'Content-Security-Policy', @@ -62,11 +54,11 @@ export const config = (additionnalHost: string): typeof defaultConfig & NextConf "form-action 'self'; " + "manifest-src 'self'; " + "prefetch-src 'self'; " + - `script-src 'self' 'unsafe-inline' 'unsafe-eval' ${additionnalHost}; ` + - "style-src 'self' 'unsafe-inline'; " + - "img-src data: 'self'; " + - "font-src 'self'; " + - `connect-src 'self' ${additionnalHost}; ` + + `script-src 'self' 'unsafe-inline' 'unsafe-eval' ${hosts?.script?.join(' ')}; ` + + `style-src 'self' 'unsafe-inline' ${hosts?.style?.join(' ')}; ` + + `img-src data: 'self' ${hosts?.img?.join(' ')}; ` + + `font-src 'self' ${hosts?.font?.join(' ')}; ` + + `connect-src 'self' ${hostlist.join(' ')}; ` + "base-uri 'self';" } const XXssProtection = { diff --git a/packages/config/package.json b/packages/config/package.json index 6c64417..d55fe79 100644 --- a/packages/config/package.json +++ b/packages/config/package.json @@ -1,6 +1,6 @@ { "name": "@dzeio/config", - "version": "1.1.6", + "version": "1.1.7", "description": "global configuration files for programming", "author": "Avior", "license": "MIT", @@ -16,7 +16,8 @@ "peerDependencies": { "@typescript-eslint/parser": ">=5.18.0", "next": ">=12.1.0", - "next-pre-css": ">=1.0.0" + "next-pre-css": ">=1.0.0", + "@dzeio/object-util": ">=1.4.2" }, "peerDependenciesMeta": { "next": {