From 94de5ce2d2a15a7996445dac092d1ec9658975fe Mon Sep 17 00:00:00 2001
From: Vula Builder <deploy@vula.app>
Date: Thu, 4 Jun 2026 11:25:09 +0000
Subject: [PATCH] Deploy

---
 next.config.js | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 next.config.js

diff --git a/next.config.js b/next.config.js
new file mode 100644
index 0000000..791671e
--- /dev/null
+++ b/next.config.js
@@ -0,0 +1,28 @@
+/** @type {import('next').NextConfig} */
+const nextConfig = {
+  images: {
+    remotePatterns: [
+      { protocol: 'https', hostname: 'images.pexels.com' },
+      { protocol: 'https', hostname: 'images.unsplash.com' },
+      // Supabase storage — user-uploaded images via the Replace Image chip
+      { protocol: 'https', hostname: '**.supabase.co' },
+      // Medusa product images served from local dev backend
+      { protocol: 'http', hostname: 'localhost' },
+      { protocol: 'https', hostname: 'localhost' },
+    ],
+  },
+  // Silence Next.js 14+ cross-origin warning when the preview iframe is served
+  // from sandbox.vulai.co.za but /_next/* assets are fetched from the same origin.
+  allowedDevOrigins: ['sandbox.vulai.co.za', 'localhost:3100', '*.vulai.co.za'],
+  // Allow Vula IDE to embed this preview in an iframe.
+  async headers() {
+    return [
+      {
+        source: '/(.*)',
+        headers: [{ key: 'X-Frame-Options', value: 'ALLOWALL' }],
+      },
+    ]
+  },
+}
+
+module.exports = nextConfig