|
|
@ -3,7 +3,7 @@ import path from "node:path"; |
|
|
import process from "node:process"; |
|
|
import process from "node:process"; |
|
|
import tailwindcss from "@tailwindcss/vite"; |
|
|
import tailwindcss from "@tailwindcss/vite"; |
|
|
import react from "@vitejs/plugin-react"; |
|
|
import react from "@vitejs/plugin-react"; |
|
|
import { defineConfig } from "vite"; |
|
|
import { defineConfig, loadEnv } from "vite"; |
|
|
import { createHtmlPlugin } from "vite-plugin-html"; |
|
|
import { createHtmlPlugin } from "vite-plugin-html"; |
|
|
|
|
|
|
|
|
let hash = ""; |
|
|
let hash = ""; |
|
|
@ -24,18 +24,22 @@ try { |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
const CONTENT_SECURITY_POLICY = |
|
|
const CONTENT_SECURITY_POLICY = |
|
|
"script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' data: https://rsms.me https://cdn.jsdelivr.net; img-src 'self' data:; font-src 'self' data: https://rsms.me https://cdn.jsdelivr.net; worker-src 'self' blob:; object-src 'none'; base-uri 'self';"; |
|
|
"script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn-cookieyes.com; style-src 'self' 'unsafe-inline' data: https://rsms.me https://cdn.jsdelivr.net; img-src 'self' data:; font-src 'self' data: https://rsms.me https://cdn.jsdelivr.net; worker-src 'self' blob:; object-src 'none'; base-uri 'self';"; |
|
|
|
|
|
|
|
|
export default defineConfig({ |
|
|
export default defineConfig(({ mode }) => { |
|
|
|
|
|
const env = loadEnv(mode, process.cwd()); |
|
|
|
|
|
|
|
|
|
|
|
return { |
|
|
plugins: [ |
|
|
plugins: [ |
|
|
react(), |
|
|
react(), |
|
|
tailwindcss(), |
|
|
tailwindcss(), |
|
|
// adding CookieYes script if VITE_COOKIEYES_CLIENT_ID is set (it only runs while in Vercel) for GDPR/CCPA compliance
|
|
|
// This is for GDPR/CCPA compliance
|
|
|
createHtmlPlugin({ |
|
|
createHtmlPlugin({ |
|
|
inject: { |
|
|
inject: { |
|
|
data: { |
|
|
data: { |
|
|
cookieScript: process.env.VITE_COOKIEYES_CLIENT_ID |
|
|
cookieYesScript: |
|
|
? `<script async src="https://cdn-cookieyes.com/client_data/${process.env.VITE_COOKIEYES_CLIENT_ID}/script.js"></script>` |
|
|
mode === "production" && env.VITE_COOKIEYES_CLIENT_ID |
|
|
|
|
|
? `<script async src="https://cdn-cookieyes.com/client_data/${env.VITE_COOKIEYES_CLIENT_ID}/script.js"></script>` |
|
|
: "", |
|
|
: "", |
|
|
}, |
|
|
}, |
|
|
}, |
|
|
}, |
|
|
@ -77,7 +81,12 @@ export default defineConfig({ |
|
|
headers: { |
|
|
headers: { |
|
|
"content-security-policy": CONTENT_SECURITY_POLICY, |
|
|
"content-security-policy": CONTENT_SECURITY_POLICY, |
|
|
"Cross-Origin-Opener-Policy": "same-origin", |
|
|
"Cross-Origin-Opener-Policy": "same-origin", |
|
|
"Cross-Origin-Embedder-Policy": "require-corp", |
|
|
"Cross-Origin-Embedder-Policy": "credentialless", |
|
|
|
|
|
"X-Content-Type-Options": "nosniff", |
|
|
|
|
|
"Strict-Transport-Security": |
|
|
|
|
|
"max-age=63072000; includeSubDomains; preload", |
|
|
|
|
|
"Referrer-Policy": "strict-origin-when-cross-origin", |
|
|
}, |
|
|
}, |
|
|
}, |
|
|
}, |
|
|
|
|
|
}; |
|
|
}); |
|
|
}); |
|
|
|