jsonapi-frontend-next/next.config.js at master · code-wheel/jsonapi-frontend-next · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
/** @type {import('next').NextConfig} */
function normalizeHost(input) {
  if (!input) return null
  const raw = String(input).trim()
  if (!raw) return null

  if (raw.includes("://")) {
    try {
      return new URL(raw).hostname
    } catch {
      return null
    }
  }

  return raw
}

function getDrupalImageHosts() {
  if (process.env.DRUPAL_IMAGE_DOMAIN) {
    return process.env.DRUPAL_IMAGE_DOMAIN.split(",").map(normalizeHost).filter(Boolean)
  }

  if (process.env.DRUPAL_BASE_URL) {
    try {
      return [new URL(process.env.DRUPAL_BASE_URL).hostname]
    } catch {
      return []
    }
  }

  return []
}

const drupalImageHosts = getDrupalImageHosts()
const isProd = process.env.NODE_ENV === "production"

const nextConfig = {
  // Allow images from Drupal
  // IMPORTANT: For production, restrict images to your Drupal host.
  images: drupalImageHosts.length
    ? {
        remotePatterns: drupalImageHosts.flatMap((hostname) => [
          { protocol: "https", hostname },
          { protocol: "http", hostname },
        ]),
      }
    : isProd
    ? {
        // SECURITY: In production, do not allow wildcard remote images. If no allowlist
        // is configured, disable optimization (avoids SSRF via the image optimizer).
        unoptimized: true,
      }
    : {
        // Development fallback only.
        remotePatterns: [
          { protocol: "https", hostname: "**" },
          { protocol: "http", hostname: "**" },
        ],
      },
}

module.exports = nextConfig