Mannu
a89ab96a12
Browser was blocking the POST to analytics.manohargupta.com/api/send with 'Failed to fetch' because the Content-Security-Policy connect-src only listed plausible.io (old analytics tool, now removed). - connect-src: replace plausible.io with analytics.manohargupta.com - script-src: remove plausible.io (no longer needed, Umami script is self-hosted) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
37 lines
1.3 KiB
TypeScript
37 lines
1.3 KiB
TypeScript
import type { NextConfig } from "next";
|
|
import withSerwistInit from "@serwist/next";
|
|
|
|
const withSerwist = withSerwistInit({
|
|
swSrc: "src/app/sw.ts",
|
|
swDest: "public/sw.js",
|
|
// Disable in dev so it never interferes with HMR / hot reload
|
|
disable: process.env.NODE_ENV === "development",
|
|
});
|
|
|
|
const nextConfig: NextConfig = {
|
|
output: "standalone",
|
|
async headers() {
|
|
return [
|
|
{
|
|
source: "/(.*)",
|
|
headers: [
|
|
{ key: "X-Frame-Options", value: "DENY" },
|
|
{ key: "X-Content-Type-Options", value: "nosniff" },
|
|
{ key: "Referrer-Policy", value: "strict-origin-when-cross-origin" },
|
|
{ key: "Permissions-Policy", value: "camera=(), microphone=(), geolocation=()" },
|
|
{ key: "Strict-Transport-Security", value: "max-age=31536000; includeSubDomains" },
|
|
{ key: "Content-Security-Policy", value:
|
|
"default-src 'self'; " +
|
|
"img-src 'self' data: https://*.r2.cloudflarestorage.com https://*.r2.dev; " +
|
|
"script-src 'self' 'unsafe-inline' 'unsafe-eval'; " +
|
|
"style-src 'self' 'unsafe-inline'; " +
|
|
"connect-src 'self' https://llm.manohargupta.com https://analytics.manohargupta.com; " +
|
|
"font-src 'self' data:;"
|
|
},
|
|
],
|
|
},
|
|
];
|
|
},
|
|
};
|
|
|
|
export default withSerwist(nextConfig);
|