marcotoniut.github.io/next.config.js at main · marcotoniut/marcotoniut.github.io · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
const { createVanillaExtractPlugin } = require("@vanilla-extract/next-plugin")
const withVanillaExtract = createVanillaExtractPlugin()

/** @type {import('next').NextConfig} */
const nextConfig = {
  output: "export",
  reactStrictMode: true,
  reactCompiler: {
    compilationMode: "annotation",
  },
  images: {
    // GitHub Pages does not support Next.js image optimization pipelines
    unoptimized: true,
  },
  trailingSlash: true,
  // Turbopack is not compatible with Vanilla Extract as of Next.js 16
  // Force webpack usage until Turbopack supports the required webpack plugin hooks
  webpack: (config) => config,
  // Empty turbopack config to acknowledge we're intentionally using webpack
  turbopack: {},

  /**
   * Security and anti-scraping headers
   *
   * These headers serve two purposes:
   * 1. SEO: Allow legitimate search engines to index the site
   * 2. Anti-AI: Explicitly block AI training crawlers from using the content
   *
   * The X-Robots-Tag header is the HTTP equivalent of the meta robots tag.
   * The "noai" and "noimageai" directives instruct compliant crawlers not to
   * use the content for AI training or image generation models.
   */
  async headers() {
    return [
      {
        // Apply to all routes
        source: "/:path*",
        headers: [
          {
            key: "X-Robots-Tag",
            // Allow indexing and following links, but prohibit AI training usage
            value: "index, follow, noai, noimageai",
          },
          {
            key: "Permissions-Policy",
            // Disable FLoC (Federated Learning of Cohorts) - Google's privacy-invasive tracking
            value: "interest-cohort=()",
          },
          {
            key: "X-Content-Type-Options",
            // Prevent MIME type sniffing, which can lead to security vulnerabilities
            value: "nosniff",
          },
          {
            key: "Referrer-Policy",
            // Send full referrer for same-origin, only origin for cross-origin
            value: "strict-origin-when-cross-origin",
          },
        ],
      },
    ]
  },
}

module.exports = withVanillaExtract(nextConfig)