diff --git a/Dockerfile b/Dockerfile index 37789ba6a..19027bc71 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ FROM oven/bun:1.2.8 AS deps WORKDIR /app # Copy workspace configuration -COPY package.json bun.lock bunfig.toml ./ +COPY package.json bun.lock ./ # Copy package.json files for all packages COPY packages/db/package.json ./packages/db/ diff --git a/apps/app/next.config.ts b/apps/app/next.config.ts index 088345ef9..f58c2e0c6 100644 --- a/apps/app/next.config.ts +++ b/apps/app/next.config.ts @@ -32,6 +32,58 @@ const config: NextConfig = { outputFileTracingIncludes: { '/api/**/*': ['./node_modules/.prisma/client/**/*'], }, + async headers() { + return [ + { + // Apply CORS headers to all API routes + source: '/api/:path*', + headers: [ + { + key: 'Access-Control-Allow-Origin', + value: '*', + }, + { + key: 'Access-Control-Allow-Methods', + value: 'GET, POST, PUT, DELETE, PATCH, OPTIONS', + }, + { + key: 'Access-Control-Allow-Headers', + value: 'Content-Type, Authorization, X-Requested-With, Accept, Origin, x-pathname', + }, + { + key: 'Access-Control-Allow-Credentials', + value: 'true', + }, + { + key: 'Access-Control-Max-Age', + value: '86400', // 24 hours + }, + ], + }, + { + // Apply security headers to all routes + source: '/(.*)', + headers: [ + { + key: 'X-DNS-Prefetch-Control', + value: 'on', + }, + { + key: 'X-Frame-Options', + value: 'SAMEORIGIN', + }, + { + key: 'X-Content-Type-Options', + value: 'nosniff', + }, + { + key: 'Referrer-Policy', + value: 'origin-when-cross-origin', + }, + ], + }, + ]; + }, async rewrites() { return [ {