const SUPABASE_URL = new URL(`https://${process.env.NEXT_PUBLIC_SUPABASE_URL_SOURCE}`).hostname; const nextConfig = { reactStrictMode: true, images: { remotePatterns: [ { protocol: "https", hostname: SUPABASE_URL, port: "", pathname: "/storage/v1/object/sign/**", }, { protocol: "https", hostname: SUPABASE_URL, port: "", pathname: "/storage/v1/object/public/**", }, { protocol: "https", hostname: "upload.wikimedia.org", pathname: "/wikipedia/**", }, { protocol: "https", hostname: "avatars.githubusercontent.com", pathname: "/**", }, { protocol: "https", hostname: "assets.republic.com", pathname: "/**", }, { protocol: "https", hostname: "media.licdn.com", pathname: "/**", }, ], }, async headers() { return [ { source: "/:path*", headers: [ { key: "X-Content-Type-Options", value: "nosniff", }, { key: "X-XSS-Protection", value: "1; mode=block", }, { key: "X-Frame-Options", value: "DENY", }, { key: "Referrer-Policy", value: "strict-origin-when-cross-origin", }, { key: "Strict-Transport-Security", value: "max-age=63072000; includeSubDomains; preload", }, { key: "Permissions-Policy", value: "geolocation=(), microphone=(), camera=()", }, { key: "Content-Security-Policy", value: ` default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https://${SUPABASE_URL} https://upload.wikimedia.org https://avatars.githubusercontent.com https://assets.republic.com https://media.licdn.com; font-src 'self' fonts.gstatic.com; connect-src 'self' https://${SUPABASE_URL}; frame-ancestors 'none'; object-src 'none'; ` .replace(/\s{2,}/g, " ") .trim(), }, ], }, ]; }, }; export default nextConfig;