From 9eae4703c97c50e82d959a3e0859fe1553889b15 Mon Sep 17 00:00:00 2001
From: Armand Philippot <git@armandphilippot.com>
Date: Tue, 15 Feb 2022 22:14:03 +0100
Subject: feat: add HTTP security headers

I also renamed and changed the format of some environment variables so
I can reuse them inside the CSP security header.
---
 .env.example | 29 ++++++++++++++++-------------
 1 file changed, 16 insertions(+), 13 deletions(-)

(limited to '.env.example')

diff --git a/.env.example b/.env.example
index 8572b45..3200101 100644
--- a/.env.example
+++ b/.env.example
@@ -1,19 +1,22 @@
-FRONTEND_URL="https://www.frontend.com"
-BACKEND_URL="https://www.backend.com"
-GRAPHQL_ENDPOINT="/graphql"
+APP_FRONTEND_DOMAIN="www.frontend.com"
+APP_BACKEND_DOMAIN="www.backend.com"
+APP_PROTOCOL="https"
+APP_GRAPHQL_ENDPOINT="/graphql"
+APP_AUTHOR_NAME="Your Name"
+APP_AUTHOR_EMAIL="your@email.com"
+APP_AUTHOR_URL="https://www.yourWebsite.com/"
+APP_FEED_DESCRIPTION="What you want..."
 
-AUTHOR_NAME="Your Name"
-AUTHOR_EMAIL="your@email.com"
-AUTHOR_URL="https://www.yourWebsite.com/"
-FEED_DESCRIPTION="What you want..."
-
-NEXT_PUBLIC_FRONTEND_URL="$FRONTEND_URL"
-NEXT_PUBLIC_GRAPHQL_API="$BACKEND_URL$GRAPHQL_ENDPOINT"
-
-NEXT_PUBLIC_MATOMO_SITE_ID=0
-NEXT_PUBLIC_MATOMO_URL="https://matomoUrl.com"
+NEXT_PUBLIC_APP_DOMAIN="$APP_FRONTEND_DOMAIN"
+NEXT_PUBLIC_APP_PROTOCOL="$APP_PROTOCOL"
+NEXT_PUBLIC_GRAPHQL_API="https://$APP_BACKEND_DOMAIN$APP_GRAPHQL_ENDPOINT"
+NEXT_PUBLIC_MATOMO_SITE_ID=1
+NEXT_PUBLIC_MATOMO_DOMAIN="www.analyticsDomain.com"
 
 # Use this only in development mode. It prevents "unable to verify the first
 # certificate" error when using a local domain with mkcert certificate for
 # backend.
 #NODE_TLS_REJECT_UNAUTHORIZED=0
+
+# Set node environment to not install dev dependencies.
+#NODE_ENV=production
-- 
cgit v1.2.3