69f222e51f
- Replace D3/SVG choropleth with react-map-gl MapGL component - Use Natural Earth projection for proper world view - Embed traffic data (norm, total, blocked, alpha2) as GeoJSON properties - Use feature state only for hover highlighting - Add 1h and 12h interval options to analytics - Add worker-src blob: to CSP for MapLibre web workers Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
46 lines
1.6 KiB
JavaScript
46 lines
1.6 KiB
JavaScript
import { fileURLToPath } from 'node:url';
|
|
|
|
/** @type {import('next').NextConfig} */
|
|
const nextConfig = {
|
|
experimental: {
|
|
serverActions: {
|
|
bodySizeLimit: '2mb'
|
|
}
|
|
},
|
|
output: 'standalone',
|
|
async headers() {
|
|
const isDev = process.env.NODE_ENV === "development";
|
|
return [
|
|
{
|
|
// Applied to all routes; API routes get no-op CSP but benefit from other headers
|
|
source: "/(.*)",
|
|
headers: [
|
|
{ key: "X-Content-Type-Options", value: "nosniff" },
|
|
// X-Frame-Options kept for legacy browsers that don't support frame-ancestors CSP directive
|
|
{ key: "X-Frame-Options", value: "DENY" },
|
|
{ key: "Referrer-Policy", value: "strict-origin-when-cross-origin" },
|
|
{ key: "Permissions-Policy", value: "camera=(), microphone=(), geolocation=(), interest-cohort=()" },
|
|
{
|
|
key: "Content-Security-Policy",
|
|
value: [
|
|
"default-src 'self'",
|
|
// unsafe-eval/unsafe-inline required only for Next.js HMR in development
|
|
isDev
|
|
? "script-src 'self' 'unsafe-inline' 'unsafe-eval'"
|
|
: "script-src 'self' 'unsafe-inline'",
|
|
"style-src 'self' 'unsafe-inline' https://fonts.googleapis.com",
|
|
"font-src 'self' https://fonts.gstatic.com",
|
|
"img-src 'self' data: blob:",
|
|
"worker-src blob:",
|
|
"connect-src 'self'",
|
|
"frame-ancestors 'none'",
|
|
].join("; "),
|
|
},
|
|
],
|
|
},
|
|
];
|
|
},
|
|
};
|
|
|
|
export default nextConfig;
|