expected-after-patch.js

 1// Reference output for agent/human review — not executed by tests.
 2// After the Shape 2 (inline-headers) CSP patch is applied, next.config.js
 3// should look like this.
 4
 5/** @type {import('next').NextConfig} */
 6
 7// Dev-only allowance so impeccable live mode can load. Empty string in any
 8// non-development environment.
 9const __impeccableLiveDev =
10  process.env.NODE_ENV === "development" ? " http://localhost:8400" : "";
11
12module.exports = {
13  async headers() {
14    return [
15      {
16        source: "/(.*)",
17        headers: [
18          {
19            key: "Content-Security-Policy",
20            value:
21              "default-src 'self'; " +
22              `script-src 'self' 'unsafe-inline' 'unsafe-eval'${__impeccableLiveDev}; ` +
23              "style-src 'self' 'unsafe-inline'; " +
24              "img-src 'self' data: blob:; " +
25              `connect-src 'self'${__impeccableLiveDev}; ` +
26              "frame-ancestors 'self';",
27          },
28          { key: "X-Frame-Options", value: "SAMEORIGIN" },
29        ],
30      },
31    ];
32  },
33};