src/middleware.ts

import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';

export function middleware(request: NextRequest) {
  const response = NextResponse.next();

  // IFRAME_ALLOW_ORIGINS: 允许嵌入 iframe 的外部域名（逗号分隔）
  const allowOrigins = process.env.IFRAME_ALLOW_ORIGINS || '';

  const origins = allowOrigins.split(',').map(s => s.trim()).filter(Boolean);

  if (origins.length > 0) {
    response.headers.set('Content-Security-Policy', `frame-ancestors 'self' ${origins.join(' ')}`);
  }

  return response;
}

export const config = {
  matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],
};
feat: migrate payment provider to easy-pay, add order history and refund support - Replace zpay with easy-pay payment provider (new lib/easy-pay/ module) - Add order history page for users (pay/orders) - Add GET /api/orders/my endpoint to list user's own orders - Add GET /api/users/[id] endpoint for sub2api user lookup - Add order status tracking module (lib/order/status.ts) - Update config to support easy-pay credentials (merchant ID, key, gateway) - Update PaymentForm and PaymentQRCode components for easy-pay flow - Update pay page and admin page with new order management UI - Update order service to support easy-pay, cancellation, and refund 2026-03-01 03:04:24 +08:00			`import { NextResponse } from 'next/server';`
			`import type { NextRequest } from 'next/server';`

			`export function middleware(request: NextRequest) {`
			`const response = NextResponse.next();`

			`// IFRAME_ALLOW_ORIGINS: 允许嵌入 iframe 的外部域名（逗号分隔）`
			`const allowOrigins = process.env.IFRAME_ALLOW_ORIGINS \|\| '';`

			`const origins = allowOrigins.split(',').map(s => s.trim()).filter(Boolean);`

			`if (origins.length > 0) {`
			response.headers.set('Content-Security-Policy', `frame-ancestors 'self' ${origins.join(' ')}`);
			`}`

			`return response;`
			`}`

			`export const config = {`
			`matcher: ['/((?!_next/static\|_next/image\|favicon.ico).*)'],`
			`};`