@djangocfg/nextjs 2.1.5 → 2.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@djangocfg/nextjs",
|
|
3
|
-
"version": "2.1.
|
|
3
|
+
"version": "2.1.6",
|
|
4
4
|
"description": "Next.js server utilities: sitemap, health, OG images, contact forms, navigation, config",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"nextjs",
|
|
@@ -104,13 +104,13 @@
|
|
|
104
104
|
"ai-docs": "tsx src/ai/cli.ts"
|
|
105
105
|
},
|
|
106
106
|
"peerDependencies": {
|
|
107
|
-
"@djangocfg/api": "^2.1.
|
|
107
|
+
"@djangocfg/api": "^2.1.6",
|
|
108
108
|
"next": "^15.5.7"
|
|
109
109
|
},
|
|
110
110
|
"devDependencies": {
|
|
111
|
-
"@djangocfg/imgai": "^2.1.
|
|
112
|
-
"@djangocfg/layouts": "^2.1.
|
|
113
|
-
"@djangocfg/typescript-config": "^2.1.
|
|
111
|
+
"@djangocfg/imgai": "^2.1.6",
|
|
112
|
+
"@djangocfg/layouts": "^2.1.6",
|
|
113
|
+
"@djangocfg/typescript-config": "^2.1.6",
|
|
114
114
|
"@types/node": "^24.7.2",
|
|
115
115
|
"@types/react": "19.2.2",
|
|
116
116
|
"@types/react-dom": "19.2.1",
|
|
@@ -53,6 +53,11 @@ export interface BaseNextConfigOptions {
|
|
|
53
53
|
checkPackages?: boolean;
|
|
54
54
|
/** Auto-install missing packages without prompting (default: false) */
|
|
55
55
|
autoInstall?: boolean;
|
|
56
|
+
/**
|
|
57
|
+
* Allow embedding this app in iframe from specified origins
|
|
58
|
+
* Set to ['*'] to allow all origins, or specify domains like ['https://djangocfg.com']
|
|
59
|
+
*/
|
|
60
|
+
allowIframeFrom?: string[];
|
|
56
61
|
/** Custom webpack configuration function (called after base webpack logic) */
|
|
57
62
|
webpack?: (
|
|
58
63
|
config: WebpackConfig,
|
|
@@ -118,9 +123,9 @@ export function createBaseNextConfig(
|
|
|
118
123
|
unoptimized: true,
|
|
119
124
|
},
|
|
120
125
|
|
|
121
|
-
// CORS headers for static files
|
|
126
|
+
// CORS headers for static files and iframe embedding
|
|
122
127
|
async headers() {
|
|
123
|
-
|
|
128
|
+
const headers: { source: string; headers: { key: string; value: string }[] }[] = [
|
|
124
129
|
{
|
|
125
130
|
source: '/static/:path*',
|
|
126
131
|
headers: [
|
|
@@ -130,6 +135,29 @@ export function createBaseNextConfig(
|
|
|
130
135
|
],
|
|
131
136
|
},
|
|
132
137
|
];
|
|
138
|
+
|
|
139
|
+
// Add iframe embedding headers if allowIframeFrom is specified
|
|
140
|
+
if (options.allowIframeFrom && options.allowIframeFrom.length > 0) {
|
|
141
|
+
const frameAncestors = options.allowIframeFrom.includes('*')
|
|
142
|
+
? '*'
|
|
143
|
+
: `'self' ${options.allowIframeFrom.join(' ')}`;
|
|
144
|
+
|
|
145
|
+
headers.push({
|
|
146
|
+
source: '/:path*',
|
|
147
|
+
headers: [
|
|
148
|
+
// Content-Security-Policy frame-ancestors directive
|
|
149
|
+
{ key: 'Content-Security-Policy', value: `frame-ancestors ${frameAncestors}` },
|
|
150
|
+
// X-Frame-Options for older browsers (ALLOW-FROM is deprecated, use CSP instead)
|
|
151
|
+
// Only set SAMEORIGIN if allowing all, otherwise browsers will use CSP
|
|
152
|
+
...(options.allowIframeFrom.includes('*')
|
|
153
|
+
? []
|
|
154
|
+
: [{ key: 'X-Frame-Options', value: 'SAMEORIGIN' }]
|
|
155
|
+
),
|
|
156
|
+
],
|
|
157
|
+
});
|
|
158
|
+
}
|
|
159
|
+
|
|
160
|
+
return headers;
|
|
133
161
|
},
|
|
134
162
|
|
|
135
163
|
// Transpile packages (merge with user-provided)
|
|
@@ -218,6 +246,7 @@ export function createBaseNextConfig(
|
|
|
218
246
|
delete (finalConfig as any).forceCheckWorkspace;
|
|
219
247
|
delete (finalConfig as any).checkPackages;
|
|
220
248
|
delete (finalConfig as any).autoInstall;
|
|
249
|
+
delete (finalConfig as any).allowIframeFrom;
|
|
221
250
|
|
|
222
251
|
return finalConfig;
|
|
223
252
|
}
|