Apply Composer changes: comprehensive API updates, migrations, middleware, and infrastructure improvements
- Add comprehensive database migrations (001-024) for schema evolution - Enhance API schema with expanded type definitions and resolvers - Add new middleware: audit logging, rate limiting, MFA enforcement, security, tenant auth - Implement new services: AI optimization, billing, blockchain, compliance, marketplace - Add adapter layer for cloud integrations (Cloudflare, Kubernetes, Proxmox, storage) - Update Crossplane provider with enhanced VM management capabilities - Add comprehensive test suite for API endpoints and services - Update frontend components with improved GraphQL subscriptions and real-time updates - Enhance security configurations and headers (CSP, CORS, etc.) - Update documentation and configuration files - Add new CI/CD workflows and validation scripts - Implement design system improvements and UI enhancements
This commit is contained in:
defiQUG
@@ -2,6 +2,10 @@
|
||||
const nextConfig = {
|
||||
reactStrictMode: true,
|
||||
swcMinify: true,
|
||||
// Configure cache busting with build ID
|
||||
generateBuildId: async () => {
|
||||
return process.env.BUILD_ID || `build-${Date.now()}`
|
||||
},
|
||||
images: {
|
||||
domains: [],
|
||||
formats: ['image/avif', 'image/webp'],
|
||||
@@ -55,10 +59,20 @@ const nextConfig = {
|
||||
return config
|
||||
},
|
||||
async headers() {
|
||||
const isDev = process.env.NODE_ENV === 'development'
|
||||
|
||||
return [
|
||||
{
|
||||
source: '/:path*',
|
||||
headers: [
|
||||
{
|
||||
key: 'Content-Type',
|
||||
value: 'text/html; charset=utf-8',
|
||||
},
|
||||
{
|
||||
key: 'X-Content-Type-Options',
|
||||
value: 'nosniff',
|
||||
},
|
||||
{
|
||||
key: 'X-DNS-Prefetch-Control',
|
||||
value: 'on',
|
||||
@@ -71,14 +85,7 @@ const nextConfig = {
|
||||
key: 'X-Frame-Options',
|
||||
value: 'DENY',
|
||||
},
|
||||
{
|
||||
key: 'X-Content-Type-Options',
|
||||
value: 'nosniff',
|
||||
},
|
||||
{
|
||||
key: 'X-XSS-Protection',
|
||||
value: '1; mode=block',
|
||||
},
|
||||
// X-XSS-Protection removed - deprecated and not needed with CSP
|
||||
{
|
||||
key: 'Referrer-Policy',
|
||||
value: 'strict-origin-when-cross-origin',
|
||||
@@ -87,19 +94,52 @@ const nextConfig = {
|
||||
key: 'Permissions-Policy',
|
||||
value: 'camera=(), microphone=(), geolocation=()',
|
||||
},
|
||||
// CSP is required for security
|
||||
// In development, Next.js requires 'unsafe-eval' for hot reloading
|
||||
// In production, we use stricter CSP without eval
|
||||
{
|
||||
key: 'Content-Security-Policy',
|
||||
value: [
|
||||
"default-src 'self'",
|
||||
"script-src 'self' 'unsafe-eval' 'unsafe-inline'",
|
||||
isDev
|
||||
? "script-src 'self' 'unsafe-eval' 'unsafe-inline'"
|
||||
: "script-src 'self' 'unsafe-inline'",
|
||||
"style-src 'self' 'unsafe-inline'",
|
||||
"img-src 'self' data: https:",
|
||||
"font-src 'self' data:",
|
||||
"connect-src 'self' https:",
|
||||
"connect-src 'self' https: ws: wss:",
|
||||
].join('; '),
|
||||
},
|
||||
],
|
||||
},
|
||||
// Content-Type headers for static assets (Next.js handles these automatically, but we ensure charset)
|
||||
{
|
||||
source: '/_next/static/:path*',
|
||||
headers: [
|
||||
{
|
||||
key: 'Cache-Control',
|
||||
value: 'public, max-age=31536000, immutable',
|
||||
},
|
||||
],
|
||||
},
|
||||
{
|
||||
source: '/_next/static/css/:path*.css',
|
||||
headers: [
|
||||
{
|
||||
key: 'Content-Type',
|
||||
value: 'text/css; charset=utf-8',
|
||||
},
|
||||
],
|
||||
},
|
||||
{
|
||||
source: '/_next/static/chunks/:path*.js',
|
||||
headers: [
|
||||
{
|
||||
key: 'Content-Type',
|
||||
value: 'text/javascript; charset=utf-8',
|
||||
},
|
||||
],
|
||||
},
|
||||
]
|
||||
},
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user