forked from hyperlane-xyz/hyperlane-warp-ui-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
next.config.js
executable file
·112 lines (100 loc) · 2.62 KB
/
next.config.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
/** @type {import('next').NextConfig} */
const { version } = require('./package.json')
const { withSentryConfig } = require("@sentry/nextjs");
const withBundleAnalyzer = require('@next/bundle-analyzer')({
enabled: process.env.ANALYZE === 'true',
})
const isDev = process.env.NODE_ENV !== 'production'
// Sometimes useful to disable this during development
const ENABLE_CSP_HEADER = true;
const FRAME_SRC_HOSTS = ['https://*.walletconnect.com', 'https://*.walletconnect.org','https://*.solflare.com'];
const STYLE_SRC_HOSTS = ['https://*.googleapis.com']
const IMG_SRC_HOSTS = ['https://*.walletconnect.com', 'https://*.githubusercontent.com'];
const cspHeader = `
default-src 'self';
script-src 'self'${isDev ? " 'unsafe-eval'" : ''};
style-src 'self' 'unsafe-inline' ${STYLE_SRC_HOSTS.join(' ')};
connect-src *;
img-src 'self' blob: data: ${IMG_SRC_HOSTS.join(' ')};
font-src 'self' data:;
object-src 'none';
base-uri 'self';
form-action 'self';
frame-src 'self' ${FRAME_SRC_HOSTS.join(' ')};
frame-ancestors 'none';
${!isDev ? 'block-all-mixed-content;' : ''}
${!isDev ? 'upgrade-insecure-requests;' : ''}
`.replace(/\s{2,}/g, ' ').trim();
const securityHeaders = [
{
key: 'X-XSS-Protection',
value: '1; mode=block',
},
{
key: 'X-Frame-Options',
value: 'DENY',
},
{
key: 'X-Content-Type-Options',
value: 'nosniff',
},
{
key: 'Referrer-Policy',
value: 'strict-origin-when-cross-origin',
},
// Note, causes a problem for firefox: https://github.com/MetaMask/metamask-extension/issues/3133
...(ENABLE_CSP_HEADER
? [
{
key: 'Content-Security-Policy',
value: cspHeader,
},
]
: [])
]
const nextConfig = {
webpack(config) {
config.module.rules.push({
test: /\.ya?ml$/,
use: 'yaml-loader',
});
return config;
},
async headers() {
return [
{
source: '/(.*)',
headers: securityHeaders,
},
]
},
// TODO consider restricting image sources
images: {
remotePatterns: [
{
protocol: "https",
hostname: "**",
},
],
},
env: {
NEXT_PUBLIC_VERSION: version,
},
reactStrictMode: true,
swcMinify: true,
sentry: {
hideSourceMaps: true,
tunnelRoute: "/monitoring-tunnel",
},
}
const sentryWebpackPluginOptions = {
org: "hyperlane",
project: "warp-ui",
authToken: process.env.SENTRY_AUTH_TOKEN,
bundleSizeOptimizations: {
excludeDebugStatements: true,
excludeReplayIframe: true,
excludeReplayShadowDom: true,
},
};
module.exports = withBundleAnalyzer(withSentryConfig(nextConfig, sentryWebpackPluginOptions));