|
| 1 | +import * as nosecone from "@nosecone/next"; |
| 2 | + |
| 3 | +const noseconeConfig: nosecone.NoseconeOptions = { |
| 4 | + ...nosecone.defaults, |
| 5 | + contentSecurityPolicy: { |
| 6 | + ...nosecone.defaults.contentSecurityPolicy, |
| 7 | + directives: { |
| 8 | + ...nosecone.defaults.contentSecurityPolicy.directives, |
| 9 | + imgSrc: [ |
| 10 | + ...nosecone.defaults.contentSecurityPolicy.directives.imgSrc, |
| 11 | + "https://vercel.com", // Deploy button |
| 12 | + "https://www.netlify.com", // Deploy button |
| 13 | + ], |
| 14 | + scriptSrc: [ |
| 15 | + // We have to use unsafe-inline because next-themes and Vercel Analytics |
| 16 | + // do not support nonce |
| 17 | + // https://github.com/pacocoursey/next-themes/issues/106 |
| 18 | + // https://github.com/vercel/analytics/issues/122 |
| 19 | + //...nosecone.defaults.contentSecurityPolicy.directives.scriptSrc, |
| 20 | + "'self'", |
| 21 | + "'unsafe-inline'", |
| 22 | + "'unsafe-eval'", |
| 23 | + "https://plausible.io", // Analytics |
| 24 | + ], |
| 25 | + connectSrc: [ |
| 26 | + ...nosecone.defaults.contentSecurityPolicy.directives.connectSrc, |
| 27 | + "https://plausible.io", // Analytics |
| 28 | + ], |
| 29 | + // We only set this in production because the server may be started |
| 30 | + // without HTTPS |
| 31 | + upgradeInsecureRequests: process.env.NODE_ENV === "production", |
| 32 | + }, |
| 33 | + }, |
| 34 | + crossOriginEmbedderPolicy: { |
| 35 | + policy: "credentialless", // Allows embedding the deploy buttons |
| 36 | + }, |
| 37 | +} as const; |
| 38 | + |
| 39 | +const noseconeMiddleware = nosecone.createMiddleware( |
| 40 | + process.env.VERCEL_ENV === "preview" |
| 41 | + ? nosecone.withVercelToolbar(noseconeConfig) |
| 42 | + : noseconeConfig, |
| 43 | +); |
| 44 | + |
| 45 | +export default noseconeMiddleware; |
0 commit comments