next.config.js

/* eslint-disable @typescript-eslint/no-var-requires */
const bundleAnalyzer = require("@next/bundle-analyzer")
const transpiler = require("next-transpile-modules")
const { createSecureHeaders } = require("next-secure-headers")

const withBundleAnalyzer = bundleAnalyzer({
  enabled: process.env.ANALYZE === "true",
})

const withTranspiler = transpiler(["@roninnetwork/walletgo"])

const cspSecurityHeaders = createSecureHeaders({
  xssProtection: "block-rendering",
  contentSecurityPolicy: {
    directives: {
      baseURI: `'self'`,
      defaultSrc: [
        `'self'`,
        // `'unsafe-inline'`,
        `'unsafe-eval'`,
        "*.walletconnect.com",
        "*.walletconnect.org",
        "*.axieinfinity.com",
        "cdn.axieinfinity.com",
        "*.googletagmanager.com",
        "*.google-analytics.com",
      ],
      scriptSrc: [
        `'self'`,
        // `'unsafe-inline'`,
        `'unsafe-eval'`,
        `'nonce-0242ab120002'`,
        "*.walletconnect.com",
        "*.walletconnect.org",
        "*.axieinfinity.com",
        "cdn.axieinfinity.com",
        "*.googletagmanager.com",
        "*.google-analytics.com",
        "*.geevisit.com",
        "*.geetest.com",
      ],
      styleSrc: [
        `'self'`,
        `'unsafe-inline'`,
        "*.walletconnect.com",
        "*.walletconnect.org",
        "*.axieinfinity.com",
        "cdn.axieinfinity.com",
        "fonts.googleapis.com",
        "*.geetest.com",
      ],
      styleSrcAttr: [
        `'self'`,
        `'unsafe-inline'`,
        "*.walletconnect.com",
        "*.axieinfinity.com",
        "cdn.axieinfinity.com",
        "*.walletconnect.org",
        "fonts.googleapis.com",
        "*.geetest.com",
      ],
      styleSrcElem: [
        `'self'`,
        `'unsafe-inline'`,
        "*.walletconnect.com",
        "cdn.axieinfinity.com",
        "*.axieinfinity.com",
        "*.walletconnect.org",
        "fonts.googleapis.com",
        "*.geetest.com",
      ],
      objectSrc: ["cdn.axieinfinity.com/marketplace-website/accessories"],
      imgSrc: [
        `'self'`,
        " data:",

        "cdn.axieinfinity.com",
        "*.axieinfinity.com",
        "*.walletconnect.com",
        "*.walletconnect.org",
        "*.google-analytics.com",
        "*.analytics.google.com",
        "*.googletagmanager.com",
        "*.g.doubleclick.net",
        "*.google.com",
        "storage.googleapis.com",
        "cdn.skymavis.com",
        "axiecdn.axieinfinity.com",
        "assets.axieinfinity.com",
        "ipfs.io/ipfs/bafybeiam4m5mjsyxqx74cpkxb3x3em2rye4ghsgruoxiemzr6lkxvzlypa/",
        "ipfs.io/ipfs/bafybeibkxkfzqj7yyfs2bwlef47n2f3l7kk2xiux445avhxlbfgnfi4oze/",
        "https://bafybeifikbw5ng7hvkd6dewqbofybowqqa6hd2ol7ctxwodkkcqryyldby.ipfs.nftstorage.link/MetaLend%20NFT%20-%20TOP%2010.gif",
        "https://bafybeifikbw5ng7hvkd6dewqbofybowqqa6hd2ol7ctxwodkkcqryyldby.ipfs.nftstorage.link/MetaLend%20NFT%20-%2010-25.gif",
        "https://bafybeifikbw5ng7hvkd6dewqbofybowqqa6hd2ol7ctxwodkkcqryyldby.ipfs.nftstorage.link/MetaLend%20NFT%20-%2025%2B.gif",
        "https://cdn-marketplace.skymavis.com/axiechat/NFTImage2023.jpeg",
        "*.geetest.com",
      ],
      frameSrc: [`'self'`, "verify.walletconnect.com"],
      frameAncestors: ["multisig.roninchain.com"],
      fontSrc: [`'self'`, "fonts.gstatic.com", "*.axieinfinity.com", "cdn.axieinfinity.com"],
      connectSrc: [
        `'self'`,
        "*.walletconnect.com",
        "ws://*.walletconnect.org",
        "*.walletconnect.org",
        "wss://*.walletconnect.org",
        "wss://*.walletconnect.com",
        "*.axieinfinity.com",
        "cdn.axieinfinity.com",
        "*.google-analytics.com",
        "*.analytics.google.com",
        "*.googletagmanager.com",
        "*.g.doubleclick.net",
        "*.google.com",

        "api.roninchain.com",
        "explorer-api.roninchain.com",
        "explorer-api-pre.roninchain.com",
        "testnet-explorer-api.skymavis.one",
        "thegraph.roninchain.com",
        "thegraph.axieinfinity.co",
        "testnet.skymavis.one",
        "exchange-rate.skymavis.one",
        "exchange-rate.axieinfinity.com",
        "decoder-mainnet.skymavis.one",
        "decoder-mainnet.roninchain.com",
        "decoder-testnet.roninchain.com",
        "decoder-testnet.skymavis.one",
        "origin-dev.skymavis.one",
        "game-api-origin.skymavis.com",
        "explorer-kintsugi.skymavis.one",
        "explorer-kintsugi.roninchain.com",
        "testnet-explorer-api-v3.skymavis.one",
        "explorer-api-v3.skymavis.one",
        "explorerv3-api.roninchain.com",
        "explorer-api.default.svc.cluster.local:8999",
        "storage.googleapis.com",
        "cdn.axieinfinity.com",
        "saigon-thegraph.roninchain.com",
        "hcm-devnet.skymavis.one",
        "hcm-explorer-api.skymavis.one",
        "supply-api.roninchain.com",
        "api.thegraph.com",
        "thegraph-v2.roninchain.com",
        "indexer.roninchain.com",
        "ronstakingcalculator.vercel.app",
        "saigon-testnet.roninchain.com",
        "saigon-indexer.roninchain.com",
        "captcha-stag.skymavis.one",
        "captcha.axieinfinity.com",
        "*.geevisit.com",
        "*.geetest.com",
      ],
      mediaSrc: [`'self'`, " data:", "cdn.axieinfinity.com", "*.axieinfinity.com"],
      prefetchSrc: [
        `'self'`,
        "*.walletconnect.com",
        "*.walletconnect.org",
        "*.geetest.com",
        "*.walletconnect.org",
        "cdn.axieinfinity.com",
        "*.axieinfinity.com",
        "fonts.googleapis.com",
        "fonts.gstatic.com",
        "*.geetest.com",
      ],
    },
  },
})

module.exports = withBundleAnalyzer(
  withTranspiler({
    images: {
      dangerouslyAllowSVG: false,
      contentSecurityPolicy: "default-src 'self'; script-src 'none'; sandbox; style-src 'none",
    },
    async headers() {
      return [{ source: "/(.*)", headers: cspSecurityHeaders }]
    },
  }),
)