import type { NextConfig } from "next"; const isDev = process.env.NODE_ENV === "development"; const contentSecurityPolicy = [ "default-src 'self'", `script-src 'self' 'unsafe-inline'${isDev ? " 'unsafe-eval'" : ""}`, "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com", "img-src 'self' blob: data:", "font-src 'self' data: https://fonts.gstatic.com", "connect-src 'self'", "object-src 'none'", "frame-src 'none'", "frame-ancestors 'none'", "form-action 'self'", "base-uri 'self'", "upgrade-insecure-requests", ].join("; "); const nextConfig: NextConfig = { output: "standalone", poweredByHeader: false, serverExternalPackages: ['better-sqlite3'], headers: async () => { return [ { source: '/:path*', headers: [ { key: 'X-Frame-Options', value: 'DENY', }, { key: 'Content-Security-Policy', value: contentSecurityPolicy, }, { key: 'X-Content-Type-Options', value: 'nosniff', }, { key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin', }, { key: 'Permissions-Policy', value: 'camera=(), microphone=(), geolocation=(), interest-cohort=()', }, { key: 'Cross-Origin-Opener-Policy', value: 'same-origin', }, { key: 'X-DNS-Prefetch-Control', value: 'off', }, ], }, ]; }, }; export default nextConfig;