portabase/next.config.ts at main · Portabase/portabase · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
import type {NextConfig} from "next";
import {PORTABASE_DEFAULT_SETTINGS} from "./portabase.config";

const isDev = process.env.NODE_ENV === "development";


function buildCSPHeader(): string {
    const {CSP} = PORTABASE_DEFAULT_SETTINGS.SECURITY;

    const directives = [
        `default-src ${CSP.DEFAULT_SRC.join(" ")}`,
        `script-src ${CSP.SCRIPT_SRC.join(" ")}`,
        `style-src ${CSP.STYLE_SRC.join(" ")}`,
        `img-src ${CSP.IMG_SRC.join(" ")}`,
        `font-src ${CSP.FONT_SRC.join(" ")}`,
        `object-src ${CSP.OBJECT_SRC.join(" ")}`,
        `connect-src ${CSP.CONNECT_SRC.join(" ")}`,
        `base-uri ${CSP.BASE_URI.join(" ")}`,
        `form-action ${CSP.FORM_ACTION.join(" ")}`,
        `frame-ancestors ${CSP.FRAME_ANCESTORS.join(" ")}`,
    ];

    if (CSP.BLOCK_ALL_MIXED_CONTENT) {
        directives.push("block-all-mixed-content");
    }

    if (CSP.UPGRADE_INSECURE_REQUESTS) {
        directives.push("upgrade-insecure-requests");
    }

    return directives.join("; ");
}

function buildPermissionsPolicy(): string {
    return Object.entries(PORTABASE_DEFAULT_SETTINGS.SECURITY.PERMISSIONS_POLICY)
        .map(([feature, values]) => `${feature.toLowerCase()}=${values.join(", ")}`)
        .join(", ");
}


const nextConfig: NextConfig = {
    output: "standalone",
    typescript: {
        ignoreBuildErrors: true,
    },
    experimental: {
        serverActions: {
            bodySizeLimit: "10gb",
        },
        proxyClientMaxBodySize: '10gb',
    },
    async rewrites() {
        if (!isDev) return [];

        return [
            {
                source: "/tus/:path*",
                destination: "http://localhost:1080/tus/:path*",
            },
        ];
    },

    async headers() {
        return [
            {
                source: "/(.*)",
                headers: [
                    {
                        key: "Content-Security-Policy",
                        value: buildCSPHeader(),
                    },
                    {
                        key: "Permissions-Policy",
                        value: buildPermissionsPolicy(),
                    },
                    {
                        key: 'X-Content-Type-Options',
                        value: 'nosniff',
                    },
                    {
                        key: 'X-Frame-Options',
                        value: 'DENY',
                    },
                    {
                        key: 'Referrer-Policy',
                        value: 'strict-origin-when-cross-origin',
                    },
                    {
                        key: 'Strict-Transport-Security',
                        value: 'max-age=63072000; includeSubDomains; preload',
                    }
                    // ...other security headers
                ],
            },
        ];
    },
};

export default nextConfig;