-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwithCors.js
74 lines (67 loc) · 2.1 KB
/
withCors.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
const {PHASE_DEVELOPMENT_SERVER} = require('next/constants');
/**
* @type {Array<string>} The cors definitions.
*/
const corsDev = [
'default-src \'unsafe-eval\' blob:',
'base-uri \'self\'',
'connect-src \'self\'',
'font-src \'self\' https: data:',
'form-action \'self\'',
'frame-ancestors \'self\' https: http:',
'frame-src \'self\'',
'img-src \'self\' data: https: blob:',
'media-src \'self\' data: https: blob:',
'object-src \'none\'',
'script-src \'self\' \'unsafe-eval\' \'unsafe-inline\' blob:',
'script-src-attr \'none\'',
'style-src \'self\' https: \'unsafe-inline\'',
'block-all-mixed-content'
];
/**
* @type {Array<string>} The cors definitions.
*/
const corsProd = [
'default-src \'unsafe-eval\' blob:',
'base-uri \'self\'',
'connect-src \'self\'',
'font-src \'self\' https: data:',
'form-action \'self\'',
'frame-ancestors \'self\'',
'frame-src \'self\'',
'img-src \'self\' data: https: blob:',
'media-src \'self\' data: https: blob:',
'object-src \'none\'',
'script-src \'self\' \'unsafe-eval\' \'unsafe-inline\' blob:',
'script-src-attr \'none\'',
'style-src \'self\' https: \'unsafe-inline\'',
'block-all-mixed-content'
];
/**
* Plugin for cors.
*
* @param {import('next').NextConfig} nextConfig The next config.
* @param {object} options The options.
* @param {string} options.phase The phase.
*
* @returns {import('next').NextConfig} The next config.
*/
module.exports = (nextConfig, {phase}) => {
const isDev = phase === PHASE_DEVELOPMENT_SERVER;
const oldHeaders = nextConfig.headers;
// eslint-disable-next-line no-param-reassign
nextConfig.headers = async () => {
const headers = await oldHeaders?.() ?? [];
headers.push({
headers: [
{
key: 'Content-Security-Policy',
value: isDev ? corsDev.join(';') : corsProd.join(';')
}
],
source: '/(.*)'
});
return headers;
};
return nextConfig;
};