/** * Next.js Configuration * * Security enhancements: * - React Strict Mode enabled (development warnings) * - Security headers configured via middleware * * LAN / phone dev: If you set NEXT_DEV_ALLOWED_ORIGINS in .env.local, Next.js will * enforce that list for /_next/* (strict). If you leave it unset, Next only warns in * the terminal (nothing is blocked) — best default when your Wi‑Fi IP changes often. */ /** @type {import('next').NextConfig} */ const devOriginsFromEnv = (process.env.NEXT_DEV_ALLOWED_ORIGINS || '') .split(',') .map((s) => s.trim()) .filter(Boolean) const nextConfig = { reactStrictMode: true, // Only set when you opt in — avoids blocking when your LAN IP ≠ a hardcoded value. ...(devOriginsFromEnv.length > 0 ? { allowedDevOrigins: [...new Set([...devOriginsFromEnv, '127.0.0.1', 'localhost'])], } : {}), // Allow importing Python modules (for API routes) serverRuntimeConfig: { // Will be available only on the server side }, publicRuntimeConfig: { // Will be available on both server and client }, // Security: Disable X-Powered-By header poweredByHeader: false, } module.exports = nextConfig