josh
f610883dea
Build and Deploy / Build & Push (push) Successful in 56s
The script was already in layout.tsx but CSP blocked both loading and sending beacons to tracking.thewrightserver.net. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
33 lines
987 B
TypeScript
33 lines
987 B
TypeScript
import type { NextConfig } from "next";
|
|
|
|
const CSP = [
|
|
"default-src 'self'",
|
|
"script-src 'self' 'unsafe-inline' https://tracking.thewrightserver.net", // Next.js requires unsafe-inline for hydration
|
|
"style-src 'self' 'unsafe-inline'",
|
|
"img-src 'self' data:",
|
|
"font-src 'self'",
|
|
"connect-src 'self' https://queue-times.com https://tracking.thewrightserver.net",
|
|
"frame-ancestors 'none'",
|
|
].join("; ");
|
|
|
|
const nextConfig: NextConfig = {
|
|
output: "standalone",
|
|
|
|
async headers() {
|
|
return [
|
|
{
|
|
source: "/(.*)",
|
|
headers: [
|
|
{ key: "X-Content-Type-Options", value: "nosniff" },
|
|
{ key: "X-Frame-Options", value: "DENY" },
|
|
{ key: "Referrer-Policy", value: "strict-origin-when-cross-origin" },
|
|
{ key: "Permissions-Policy", value: "geolocation=(), microphone=(), camera=()" },
|
|
{ key: "Content-Security-Policy", value: CSP },
|
|
],
|
|
},
|
|
];
|
|
},
|
|
};
|
|
|
|
export default nextConfig;
|