Update v4 - Merge pre-push to main (#71)

* Create build-test.yml

* initial v4 commit

* update: github workflow

* update: push on branch

* Update .github/ISSUE_TEMPLATE/bug_report.md

* configuring next.config.js file

1 files changed, 89 insertions, 52 deletions

diff --git a/next.config.js b/next.config.js
index f7da518..b3cf9a1 100644
--- a/next.config.js
+++ b/next.config.js
@@ -1,10 +1,11 @@
 /** @type {import('next').NextConfig} */
-// const { createSecureHeaders } = require("next-secure-headers");
+const nextSafe = require("next-safe");
 
 const withPWA = require("next-pwa")({
   dest: "public",
   register: true,
   disable: process.env.NODE_ENV === "development",
+  skipWaiting: true,
 });
 
 module.exports = withPWA({
@@ -18,57 +19,93 @@ module.exports = withPWA({
       },
     ],
   },
-  // distDir: process.env.BUILD_DIR || ".next",
+  distDir: process.env.BUILD_DIR || ".next",
   trailingSlash: true,
   output: "standalone",
-  // async headers() {
-  //   return [
-  //     {
-  //       // matching all API routes
-  //       source: "/api/:path*",
-  //       headers: [
-  //         { key: "Access-Control-Allow-Credentials", value: "true" },
-  //         {
-  //           key: "Access-Control-Allow-Origin",
-  //           value: "https://moopa.live",
-  //         }, // replace this your actual origin
-  //         {
-  //           key: "Access-Control-Allow-Methods",
-  //           value: "GET,DELETE,PATCH,POST,PUT",
-  //         },
-  //         {
-  //           key: "Access-Control-Allow-Headers",
-  //           value:
-  //             "X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version",
-  //         },
-  //       ],
-  //     },
-  //     {
-  //       source: "/(.*)",
-  //       headers: createSecureHeaders({
-  //         contentSecurityPolicy: {
-  //           directives: {
-  //             styleSrc: [
-  //               "'self'",
-  //               "'unsafe-inline'",
-  //               "https://cdnjs.cloudflare.com",
-  //               "https://fonts.googleapis.com",
-  //             ],
-  //             imgSrc: [
-  //               "'self'",
-  //               "https://s4.anilist.co",
-  //               "data:",
-  //               "https://media.kitsu.io",
-  //               "https://artworks.thetvdb.com",
-  //               "https://img.moopa.live",
-  //             ],
-  //             baseUri: "self",
-  //             formAction: "self",
-  //             frameAncestors: true,
-  //           },
-  //         },
-  //       }),
-  //     },
-  //   ];
-  // },
+  async headers() {
+    return [
+      {
+        // matching all API routes
+        source: "/api/:path*",
+        headers: [
+          { key: "Access-Control-Allow-Credentials", value: "true" },
+          {
+            key: "Access-Control-Allow-Origin",
+            value: "https://moopa.live",
+          }, // replace this your actual origin
+          {
+            key: "Access-Control-Allow-Methods",
+            value: "GET,DELETE,PATCH,POST,PUT",
+          },
+          {
+            key: "Access-Control-Allow-Headers",
+            value:
+              "X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version",
+          },
+        ],
+      },
+      {
+        source: "/:path*",
+        headers: nextSafe({
+          contentTypeOptions: "nosniff",
+          contentSecurityPolicy: {
+            "base-uri": "'none'",
+            "child-src": "'none'",
+            "connect-src": [
+              "'self'",
+              "webpack://*",
+              "https://graphql.anilist.co/",
+              "https://api.aniskip.com/",
+              "https://m3u8proxy.moopa.workers.dev/",
+            ],
+            "default-src": "'self'",
+            "font-src": [
+              "'self'",
+              "https://cdnjs.cloudflare.com/",
+              "https://fonts.gstatic.com/",
+            ],
+            "form-action": "'self'",
+            "frame-ancestors": "'none'",
+            "frame-src": "'none'",
+            "img-src": [
+              "'self'",
+              "https://s4.anilist.co",
+              "data:",
+              "https://media.kitsu.io",
+              "https://artworks.thetvdb.com",
+              "https://img.moopa.live",
+              "https://meo.comick.pictures",
+              "https://kitsu-production-media.s3.us-west-002.backblazeb2.com",
+            ],
+            "manifest-src": "'self'",
+            "media-src": ["'self'", "blob:"],
+            "object-src": "'none'",
+            "prefetch-src": false,
+            "script-src": [
+              "'self'",
+              "https://static.cloudflareinsights.com",
+              "'unsafe-inline'",
+              "'unsafe-eval'",
+            ],
+
+            "style-src": [
+              "'self'",
+              "'unsafe-inline'",
+              "https://cdnjs.cloudflare.com",
+              "https://fonts.googleapis.com",
+            ],
+            "worker-src": "'self'",
+            mergeDefaultDirectives: false,
+            reportOnly: false,
+          },
+          frameOptions: "DENY",
+          permissionsPolicy: false,
+          // permissionsPolicyDirectiveSupport: ["proposed", "standard"],
+          isDev: false,
+          referrerPolicy: "no-referrer",
+          xssProtection: "1; mode=block",
+        }),
+      },
+    ];
+  },
 });