MCPcopy Index your code
hub / github.com/simstudioai/sim / headers

Function headers

apps/sim/next.config.ts:177–286  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

175 '@sim/workflow-renderer',
176 ],
177 async headers() {
178 return [
179 {
180 source: '/:all*(svg|jpg|jpeg|png|gif|ico|webp|avif|woff|woff2|ttf|eot)',
181 headers: [
182 {
183 key: 'Cache-Control',
184 value: 'public, max-age=86400, stale-while-revalidate=604800',
185 },
186 ],
187 },
188 {
189 source: '/.well-known/:path*',
190 headers: [
191 { key: 'Access-Control-Allow-Origin', value: '*' },
192 { key: 'Access-Control-Allow-Methods', value: 'GET, OPTIONS' },
193 { key: 'Access-Control-Allow-Headers', value: 'Content-Type, Accept' },
194 ],
195 },
196 // /api/* CORS is set at runtime in proxy.ts (resolveApiCorsPolicy).
197 {
198 source: '/api/workflows/:id/execute',
199 headers: [
200 { key: 'Cross-Origin-Embedder-Policy', value: 'unsafe-none' },
201 { key: 'Cross-Origin-Opener-Policy', value: 'unsafe-none' },
202 {
203 key: 'Content-Security-Policy',
204 value: getWorkflowExecutionCSPPolicy(),
205 },
206 ],
207 },
208 {
209 // Exclude Vercel internal resources and static assets from strict COEP, Google Drive Picker
210 // and the /demo Cal.com booking embed to prevent 'refused to connect' / slow-load issues
211 source: '/((?!_next|_vercel|api|favicon.ico|w/.*|workspace/.*|api/tools/drive|demo).*)',
212 headers: [
213 {
214 key: 'Cross-Origin-Embedder-Policy',
215 value: 'credentialless',
216 },
217 {
218 key: 'Cross-Origin-Opener-Policy',
219 value: 'same-origin',
220 },
221 ],
222 },
223 {
224 // For main app routes, Google Drive Picker, the /demo Cal.com embed, and Vercel resources - use permissive policies
225 source: '/(w/.*|workspace/.*|api/tools/drive|demo.*|_next/.*|_vercel/.*)',
226 headers: [
227 {
228 key: 'Cross-Origin-Embedder-Policy',
229 value: 'unsafe-none',
230 },
231 {
232 key: 'Cross-Origin-Opener-Policy',
233 value: 'same-origin-allow-popups',
234 },

Callers

nothing calls this directly

Calls 3

getChatEmbedCSPPolicyFunction · 0.90
getMainCSPPolicyFunction · 0.90

Tested by

no test coverage detected