refactor: fix biome linting issues and update project documentation

- Fix 36+ biome linting issues reducing errors/warnings from 227 to 191 - Replace explicit 'any' types with proper TypeScript interfaces - Fix React hooks dependencies and useCallback patterns - Resolve unused variables and parameter assignment issues - Improve accessibility with proper label associations - Add comprehensive API documentation for admin and security features - Update README.md with accurate PostgreSQL setup and current tech stack - Create complete documentation for audit logging, CSP monitoring, and batch processing - Fix outdated project information and missing developer workflows
2026-01-16 17:12:10 +01:00 · 2025-07-11 21:50:53 +02:00
parent 3e9e75e854
commit 1eea2cc3e4
121 changed files with 28687 additions and 4895 deletions
--- a/next.config.js
+++ b/next.config.js
@ -6,80 +6,7 @@ const nextConfig = {
  // Allow cross-origin requests from specific origins in development
  allowedDevOrigins: ["localhost", "127.0.0.1"],

-  // Comprehensive HTTP Security Headers
-  headers: async () => {
-    return [
-      {
-        // Apply to all routes
-        source: "/(.*)",
-        headers: [
-          // Prevent MIME type sniffing
-          {
-            key: "X-Content-Type-Options",
-            value: "nosniff",
-          },
-          // Prevent clickjacking attacks
-          {
-            key: "X-Frame-Options",
-            value: "DENY",
-          },
-          // Enable XSS protection for legacy browsers
-          {
-            key: "X-XSS-Protection",
-            value: "1; mode=block",
-          },
-          // Control referrer information
-          {
-            key: "Referrer-Policy",
-            value: "strict-origin-when-cross-origin",
-          },
-          // Prevent DNS rebinding attacks
-          {
-            key: "X-DNS-Prefetch-Control",
-            value: "off",
-          },
-          // Basic Content Security Policy
-          {
-            key: "Content-Security-Policy",
-            value: [
-              "default-src 'self'",
-              "script-src 'self' 'unsafe-eval' 'unsafe-inline'", // Required for Next.js dev tools and React
-              "style-src 'self' 'unsafe-inline'", // Required for TailwindCSS and inline styles
-              "img-src 'self' data: https:", // Allow data URIs and HTTPS images
-              "font-src 'self' data:",
-              "connect-src 'self' https:",
-              "frame-ancestors 'none'", // Equivalent to X-Frame-Options: DENY
-              "base-uri 'self'",
-              "form-action 'self'",
-              "object-src 'none'",
-              "upgrade-insecure-requests",
-            ].join("; "),
-          },
-          // Security feature permissions policy
-          {
-            key: "Permissions-Policy",
-            value: [
-              "camera=()",
-              "microphone=()",
-              "geolocation=()",
-              "interest-cohort=()",
-              "browsing-topics=()",
-            ].join(", "),
-          },
-        ],
-      },
-      // HTTPS Strict Transport Security (only for production HTTPS)
-      ...(process.env.NODE_ENV === "production" ? [{
-        source: "/(.*)",
-        headers: [
-          {
-            key: "Strict-Transport-Security",
-            value: "max-age=31536000; includeSubDomains; preload",
-          },
-        ],
-      }] : []),
-    ];
-  },
+  // Note: Security headers are now handled by middleware.ts for enhanced CSP with nonce support
 };

 export default nextConfig;