From 895d1b8c083583425f3083f16fc1d474848f9f25 Mon Sep 17 00:00:00 2001 From: Atash03 Date: Mon, 26 Jan 2026 00:14:44 +0500 Subject: [PATCH] fix: add CSP headers to allow blob URLs for media playback --- next.config.js | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/next.config.js b/next.config.js index edd51af..e78109a 100644 --- a/next.config.js +++ b/next.config.js @@ -2,6 +2,20 @@ const nextConfig = { reactStrictMode: false, + async headers() { + return [ + { + source: '/:path*', + headers: [ + { + key: 'Content-Security-Policy', + value: "default-src 'self'; media-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; connect-src 'self' https:; font-src 'self' data:; frame-src 'self' https:;" + } + ] + } + ] + }, + images: { domains: ["turkmentv.gov.tm", "smstv.gov.tm", "turkmenistaninfo.gov.tm"], remotePatterns: [