opensource/dify
2
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-05-13 08:57:28 +08:00
Code Issues Packages Projects Releases Wiki Activity
83d14e0540
dify/web/next.config.ts
GareArc 1f7da9c191
Merge branch 'main' into feat/cli 
Conflicts resolved:
- api/services/app_service.py: extend AppListParams with status + openapi_visible fields so the openapi caller's per-page visibility gate survives the dict->BaseModel refactor; openapi controller now constructs AppListParams.
- pnpm-workspace.yaml: union of CLI-only entries (@napi-rs/keyring, @oclif/*) with main's bumped versions (@next/*, @orpc/*, eslint-plugin-sonarjs, eslint-plugin-storybook); kept eventsource-parser.
- pnpm-lock.yaml: regenerated.
- web/app/signin/utils/post-login-redirect.ts: union impl — keep main's resolvePostLoginRedirect(searchParams) + setOAuthPendingRedirect; add hardened sessionStorage-based setPostLoginRedirect for device flow with same-origin + path whitelist; device redirect takes precedence over oauth pending.
2026-05-11 19:29:37 -07:00

58 lines
1.9 KiB
TypeScript
Raw Blame History

import type { NextConfig } from '@/next'
import createMDX from '@next/mdx'
import { codeInspectorPlugin } from 'code-inspector-plugin'
import { env } from './env'
const isDev = process.env.NODE_ENV === 'development'
const withMDX = createMDX()
const allowedDevOrigins = process.env.NEXT_ALLOWED_DEV_ORIGINS?.split(',')
.map(origin => origin.trim())
.filter(Boolean)
const nextConfig: NextConfig = {
basePath: env.NEXT_PUBLIC_BASE_PATH,
...(allowedDevOrigins?.length ? { allowedDevOrigins } : {}),
transpilePackages: ['@t3-oss/env-core', '@t3-oss/env-nextjs', 'echarts', 'zrender'],
turbopack: {
rules: codeInspectorPlugin({
bundler: 'turbopack',
}),
},
productionBrowserSourceMaps: false, // enable browser source map generation during the production build
// Configure pageExtensions to include md and mdx
pageExtensions: ['ts', 'tsx', 'js', 'jsx', 'md', 'mdx'],
typescript: {
// https://nextjs.org/docs/api-reference/next.config.js/ignoring-typescript-errors
ignoreBuildErrors: true,
},
async redirects() {
return [
{
source: '/',
destination: '/apps',
permanent: false,
},
]
},
// Anti-framing for device-flow surfaces. A framed /device page could UI-trick
// a victim with a valid device_approval_grant cookie into approving a
// device_code — functionally CSRF, bypasses the double-submit token. Deny
// framing outright on every device-flow route; no trusted embedder exists.
async headers() {
const antiFrame = [
{ key: 'X-Frame-Options', value: 'DENY' },
{ key: 'Content-Security-Policy', value: "frame-ancestors 'none'" },
]
return [
{ source: '/device', headers: antiFrame },
{ source: '/device/:path*', headers: antiFrame },
]
},
output: 'standalone',
compiler: {
removeConsole: isDev ? false : { exclude: ['warn', 'error'] },
},
}
export default withMDX(nextConfig)
Reference in New Issue View Git Blame Copy Permalink