mirror of
https://github.com/complexcaresolutions/cms.c2sgmbh.git
synced 2026-03-17 16:14:12 +00:00
Martin Porwoll
a5f8c43f81
The 403 "Forbidden" on production was caused by ModSecurity WAF (OWASP CRS 3.3.7) blocking PATCH/POST requests at the nginx layer, not by Next.js server actions CSRF. Nginx proxy_set_header Host $host ensures Origin and Host always match, making allowedOrigins redundant. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
23 lines
641 B
JavaScript
23 lines
641 B
JavaScript
import { withPayload } from '@payloadcms/next/withPayload'
|
|
|
|
/** @type {import('next').NextConfig} */
|
|
const nextConfig = {
|
|
// Reduce memory usage during build
|
|
experimental: {
|
|
// Use fewer workers for builds on low-memory systems
|
|
workerThreads: false,
|
|
cpus: 1,
|
|
},
|
|
// Webpack configuration for TypeScript/ESM compatibility
|
|
webpack: (webpackConfig) => {
|
|
webpackConfig.resolve.extensionAlias = {
|
|
'.cjs': ['.cts', '.cjs'],
|
|
'.js': ['.ts', '.tsx', '.js', '.jsx'],
|
|
'.mjs': ['.mts', '.mjs'],
|
|
}
|
|
|
|
return webpackConfig
|
|
},
|
|
}
|
|
|
|
export default withPayload(nextConfig, { devBundleServerPackages: false })
|