apunkt/SurfSense
1
0
Fork 0
mirror of https://github.com/MODSetter/SurfSense.git synced 2026-05-08 07:12:39 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(next.config): enable remote SVG support with enhanced content security policy

Browse source
This commit is contained in:
DESKTOP-RTLN3BA\$punk 2026-05-05 19:13:38 -07:00
parent 0654662d29
commit a2ad697a29
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
surfsense_web/next.config.ts
View file

@ -29,6 +29,13 @@ const nextConfig: NextConfig = {
hostname: "**", hostname: "**",
}, },
], ],
// Allow remote SVGs (e.g. README badges from img.shields.io, trendshift.io,
// etc.) which are otherwise blocked by next/image. The CSP below sandboxes
// the SVG and forbids any embedded scripts, which is the mitigation
// recommended by Vercel's NEXTJS_SAFE_SVG_IMAGES conformance rule.
dangerouslyAllowSVG: true,
contentDispositionType: "attachment",
contentSecurityPolicy: "default-src 'self'; script-src 'none'; sandbox;",
}, },
experimental: { experimental: {
optimizePackageImports: [ optimizePackageImports: [