Mannu
80390e7f13
Checkout.razorpay.com script + payment iframe were blocked by CSP (CHECKOUT_LOAD_FAILED). Added Razorpay to: - script-src: https://checkout.razorpay.com - frame-src: https://*.razorpay.com https://api.razorpay.com (payment iframe) - connect-src: https://*.razorpay.com + lumberjack.razorpay.com (telemetry) - img-src: https://*.razorpay.com (payment-method logos) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
38 lines
1.5 KiB
TypeScript
38 lines
1.5 KiB
TypeScript
import type { NextConfig } from "next";
|
|
import withSerwistInit from "@serwist/next";
|
|
|
|
const withSerwist = withSerwistInit({
|
|
swSrc: "src/app/sw.ts",
|
|
swDest: "public/sw.js",
|
|
// Disable in dev so it never interferes with HMR / hot reload
|
|
disable: process.env.NODE_ENV === "development",
|
|
});
|
|
|
|
const nextConfig: NextConfig = {
|
|
output: "standalone",
|
|
async headers() {
|
|
return [
|
|
{
|
|
source: "/(.*)",
|
|
headers: [
|
|
{ key: "X-Frame-Options", value: "DENY" },
|
|
{ key: "X-Content-Type-Options", value: "nosniff" },
|
|
{ key: "Referrer-Policy", value: "strict-origin-when-cross-origin" },
|
|
{ key: "Permissions-Policy", value: "camera=(), microphone=(), geolocation=()" },
|
|
{ key: "Strict-Transport-Security", value: "max-age=31536000; includeSubDomains" },
|
|
{ key: "Content-Security-Policy", value:
|
|
"default-src 'self'; " +
|
|
"img-src 'self' data: https://*.r2.cloudflarestorage.com https://*.r2.dev https://*.razorpay.com; " +
|
|
"script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.razorpay.com; " +
|
|
"style-src 'self' 'unsafe-inline'; " +
|
|
"connect-src 'self' https://llm.manohargupta.com https://analytics.manohargupta.com https://*.razorpay.com https://lumberjack.razorpay.com; " +
|
|
"frame-src 'self' https://*.razorpay.com https://api.razorpay.com; " +
|
|
"font-src 'self' data:;"
|
|
},
|
|
],
|
|
},
|
|
];
|
|
},
|
|
};
|
|
|
|
export default withSerwist(nextConfig);
|