forked from filipedeschamps/tabnews.com.br
-
Notifications
You must be signed in to change notification settings - Fork 0
/
next.config.js
110 lines (108 loc) · 2.51 KB
/
next.config.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
module.exports = {
experimental: {
scrollRestoration: true,
},
pageExtensions: ['public.js'],
eslint: {
ignoreDuringBuilds: true,
},
compiler: {
styledComponents: true,
},
async redirects() {
return [
{
source: '/rss',
destination: '/recentes/rss',
permanent: true,
},
{
source: '/rss.xml',
destination: '/recentes/rss',
permanent: true,
},
{
source: '/pagina/1',
destination: '/',
permanent: true,
},
{
source: '/recentes',
destination: '/recentes/pagina/1',
permanent: true,
},
{
source: '/recentes/comentarios',
destination: '/recentes/comentarios/1',
permanent: true,
},
{
source: '/recentes/todos',
destination: '/recentes/todos/1',
permanent: true,
},
];
},
async rewrites() {
return [
{
source: '/recentes/rss',
destination: '/api/v1/contents/rss',
},
];
},
async headers() {
// Security Headers based on: https://nextjs.org/docs/advanced-features/security-headers
// TODO: implement "Content-Security-Policy" section
const securityHeaders = [
{
key: 'X-DNS-Prefetch-Control',
value: 'on',
},
{
key: 'Strict-Transport-Security',
value: 'max-age=63072000; includeSubDomains; preload',
},
{
key: 'X-XSS-Protection',
value: '1; mode=block',
},
{
key: 'X-Frame-Options',
value: 'SAMEORIGIN',
},
{
key: 'Permissions-Policy',
value: 'camera=(), microphone=(), geolocation=()',
},
{
key: 'X-Content-Type-Options',
value: 'nosniff',
},
{
key: 'Referrer-Policy',
value: 'origin-when-cross-origin',
},
];
return [
{
source: '/:path*',
headers: securityHeaders,
},
// ENABLES CORS
{
source: '/api/:path*',
headers: [
{ key: 'Access-Control-Allow-Credentials', value: 'true' },
{ key: 'Access-Control-Allow-Origin', value: '*' },
{ key: 'Access-Control-Allow-Methods', value: 'GET,OPTIONS,PATCH,DELETE,POST,PUT' },
{
key: 'Access-Control-Allow-Headers',
value:
'X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version',
},
],
},
];
},
};