admin/podcastdistributiona
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Comprehensive admin + user dashboards (production-ready)

Browse Source
This commit is contained in:
Leon Serfaty
2026-06-07 17:54:30 -04:00
parent 155507f21a
commit f033f00379
122 changed files with 7878 additions and 805 deletions
Download Patch File Download Diff File Expand all files Collapse all files
next.config.mjs
+35 -1
View File
@@ -10,13 +10,47 @@ const nextConfig = {
images: {
remotePatterns: [
// DALL·E asset URLs (OpenAI blob storage) used before they are persisted to local disk.
// Scoped to the single OpenAI host actually used — no broad *.blob.core.windows.net wildcard.
{ protocol: "https", hostname: "oaidalleapiprodscus.blob.core.windows.net" },
{ protocol: "https", hostname: "**.blob.core.windows.net" },
],
},
// Server-only packages that should be required at runtime, not bundled by webpack.
// better-auth ships internal adapters (kysely) that break webpack's ESM analysis.
serverExternalPackages: ["pg-boss", "@prisma/client", "better-auth"],
// Security headers applied to every route.
async headers() {
// Pragmatic CSP: Next.js's inline/runtime bootstrap currently requires
// 'unsafe-inline'/'unsafe-eval' in script-src. Future improvement: tighten
// to per-request nonces (and drop 'unsafe-*') once the app is migrated.
const csp = [
"default-src 'self'",
"img-src 'self' data: https://*.blob.core.windows.net",
"media-src 'self'",
"style-src 'self' 'unsafe-inline'",
"script-src 'self' 'unsafe-inline' 'unsafe-eval'",
"connect-src 'self'",
"frame-ancestors 'none'",
"base-uri 'self'",
"form-action 'self'",
].join("; ");
return [
{
source: "/:path*",
headers: [
{ key: "X-Frame-Options", value: "DENY" },
{ key: "X-Content-Type-Options", value: "nosniff" },
{ key: "Referrer-Policy", value: "strict-origin-when-cross-origin" },
{ key: "X-DNS-Prefetch-Control", value: "off" },
{ key: "Permissions-Policy", value: "camera=(), microphone=(), geolocation=()" },
{
key: "Strict-Transport-Security",
value: "max-age=63072000; includeSubDomains; preload",
},
{ key: "Content-Security-Policy", value: csp },
],
},
];
},
};
export default nextConfig;