/** @type {import('next').NextConfig} */ const { version } = require('./package.json') const isDev = process.env.NODE_ENV !== 'production' const securityHeaders = [ { key: 'X-XSS-Protection', value: '1; mode=block', }, { key: 'X-Frame-Options', value: 'DENY', }, { key: 'X-Content-Type-Options', value: 'nosniff', }, { key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin', }, // Note, causes a problem for firefox: https://github.com/MetaMask/metamask-extension/issues/3133 { key: 'Content-Security-Policy', value: `default-src 'self'; script-src 'self'${ isDev ? " 'unsafe-eval'" : '' }; connect-src *; img-src 'self' data:; style-src 'self' 'unsafe-inline' https://*.googleapis.com; font-src 'self' data:; base-uri 'self'; form-action 'self'; frame-src 'self' https://*.solflare.com https://*.walletconnect.com;`, }, ] const nextConfig = { async headers() { return [ { source: '/(.*)', headers: securityHeaders, }, ] }, // TODO consider restricting image sources images: { remotePatterns: [ { protocol: "https", hostname: "**", }, ], }, env: { NEXT_PUBLIC_VERSION: version, }, reactStrictMode: true, swcMinify: true, } module.exports = nextConfig