import type { NoseconeOptions } from '@nosecone/next';
import { defaults as noseconeDefaults } from '@nosecone/next';
const noseconeOptions: NoseconeOptions = {
...noseconeDefaults,
contentSecurityPolicy: {
...noseconeDefaults.contentSecurityPolicy,
directives: {
...noseconeDefaults.contentSecurityPolicy.directives,
scriptSrc: [
// We have to use unsafe-inline because next-themes and Vercel Analytics
// do not support nonce
// https://github.com/pacocoursey/next-themes/issues/106
// https://github.com/vercel/analytics/issues/122
//...noseconeDefaults.contentSecurityPolicy.directives.scriptSrc,
"'self'",
"'unsafe-inline'",
"https://www.googletagmanager.com",
"https://*.clerk.accounts.dev",
"https://va.vercel-scripts.com",
],
connectSrc: [
...noseconeDefaults.contentSecurityPolicy.directives.connectSrc,
"https://*.clerk.accounts.dev",
"https://*.google-analytics.com",
"https://clerk-telemetry.com",
],
workerSrc: [
...noseconeDefaults.contentSecurityPolicy.directives.workerSrc,
"blob:",
"https://*.clerk.accounts.dev"
],
imgSrc: [
...noseconeDefaults.contentSecurityPolicy.directives.imgSrc,
"https://img.clerk.com"
],
objectSrc: [
...noseconeDefaults.contentSecurityPolicy.directives.objectSrc,
],
// We only set this in production because the server may be started
// without HTTPS
upgradeInsecureRequests: process.env.NODE_ENV === "production",
},
},
}