@dargmuesli/nuxt-vio 18.1.0 → 18.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/nuxt.config.ts +1 -1
  2. package/package.json +11 -11
  3. package/server/plugins/security.ts +2 -3
  4. package/shared/utils/constants.ts +13 -13
  5. package/shared/utils/site.ts +9 -0
package/nuxt.config.ts CHANGED
@@ -73,7 +73,7 @@ export default defineNuxtConfig(
73
73
  "'unsafe-inline'", // nuxt-color-mode (https://github.com/nuxt-modules/color-mode/issues/266), runtimeConfig (static)
74
74
  ],
75
75
  },
76
- VIO_GET_CSP(SITE_URL),
76
+ VIO_GET_CSP({ siteUrl: new URL(SITE_URL) }),
77
77
  nuxtConfigSecurityHeaders.contentSecurityPolicy,
78
78
  )
79
79
  }
package/package.json CHANGED
@@ -1,21 +1,21 @@
1
1
  {
2
2
  "dependencies": {
3
- "@dargmuesli/nuxt-cookie-control": "8.5.4",
3
+ "@dargmuesli/nuxt-cookie-control": "8.5.5",
4
4
  "@eslint/compat": "1.2.7",
5
5
  "@heroicons/vue": "2.2.0",
6
6
  "@http-util/status-i18n": "0.9.0",
7
7
  "@intlify/eslint-plugin-vue-i18n": "4.0.0",
8
- "@nuxt/devtools": "2.3.0",
8
+ "@nuxt/devtools": "2.3.2",
9
9
  "@nuxt/eslint": "1.2.0",
10
10
  "@nuxt/image": "1.10.0",
11
11
  "@nuxtjs/color-mode": "3.5.2",
12
12
  "@nuxtjs/html-validator": "2.1.0",
13
- "@nuxtjs/i18n": "9.3.2",
13
+ "@nuxtjs/i18n": "9.4.0",
14
14
  "@nuxtjs/seo": "3.0.1",
15
15
  "@pinia/nuxt": "0.10.1",
16
16
  "@tailwindcss/forms": "0.5.10",
17
17
  "@tailwindcss/typography": "0.5.16",
18
- "@tailwindcss/vite": "4.0.14",
18
+ "@tailwindcss/vite": "4.0.17",
19
19
  "@types/lodash-es": "4.17.12",
20
20
  "@urql/core": "5.1.1",
21
21
  "@urql/vue": "1.4.3",
@@ -23,10 +23,10 @@
23
23
  "@vuelidate/validators": "2.0.4",
24
24
  "clipboardy": "4.0.0",
25
25
  "dayjs": "2.0.0-alpha.4",
26
- "eslint": "9.22.0",
26
+ "eslint": "9.23.0",
27
27
  "eslint-config-prettier": "10.1.1",
28
28
  "eslint-plugin-compat": "6.0.2",
29
- "eslint-plugin-prettier": "5.2.3",
29
+ "eslint-plugin-prettier": "5.2.5",
30
30
  "eslint-plugin-yml": "1.17.0",
31
31
  "globals": "16.0.0",
32
32
  "jiti": "2.4.2",
@@ -37,7 +37,7 @@
37
37
  "vue-tsc": "2.2.8"
38
38
  },
39
39
  "devDependencies": {
40
- "@types/node": "22.13.10",
40
+ "@types/node": "22.13.14",
41
41
  "@urql/devtools": "2.0.3",
42
42
  "@urql/exchange-graphcache": "7.2.3",
43
43
  "consola": "3.4.2",
@@ -50,11 +50,11 @@
50
50
  "prettier-plugin-tailwindcss": "0.6.11",
51
51
  "serve": "14.2.4",
52
52
  "sharp": "0.33.5",
53
- "stylelint": "16.16.0",
53
+ "stylelint": "16.17.0",
54
54
  "stylelint-config-recommended-vue": "1.6.0",
55
55
  "stylelint-config-standard": "37.0.0",
56
56
  "stylelint-no-unsupported-browser-features": "8.0.4",
57
- "tailwindcss": "4.0.14",
57
+ "tailwindcss": "4.0.17",
58
58
  "vue": "3.5.13",
59
59
  "vue-router": "4.5.0"
60
60
  },
@@ -74,7 +74,7 @@
74
74
  "main": "nuxt.config.ts",
75
75
  "name": "@dargmuesli/nuxt-vio",
76
76
  "peerDependencies": {
77
- "nuxt": "3.16.0",
77
+ "nuxt": "3.16.1",
78
78
  "vue": "3.5.13",
79
79
  "vue-router": "4.5.0"
80
80
  },
@@ -106,5 +106,5 @@
106
106
  "start:static": "serve .playground/.output/public --ssl-cert ./.config/certificates/ssl.crt --ssl-key ./.config/certificates/ssl.key"
107
107
  },
108
108
  "type": "module",
109
- "version": "18.1.0"
109
+ "version": "18.2.1"
110
110
  }
package/server/plugins/security.ts CHANGED
@@ -28,14 +28,13 @@ export const cleanupCsp = (
28
28
 
29
29
  export default defineNitroPlugin((nitroApp) => {
30
30
  nitroApp.hooks.hook('nuxt-security:routeRules', async (routeRules) => {
31
- const runtimeConfig = useRuntimeConfig()
32
- const siteUrl = runtimeConfig.public.site.url
31
+ const { siteUrlTyped: siteUrl } = useSiteUrl()
33
32
 
34
33
  routeRules['/**'] = cleanupCsp(
35
34
  defu(
36
35
  {
37
36
  headers: {
38
- contentSecurityPolicy: VIO_GET_CSP(siteUrl),
37
+ contentSecurityPolicy: VIO_GET_CSP({ siteUrl }),
39
38
  },
40
39
  },
41
40
  routeRules['/**'],
package/shared/utils/constants.ts CHANGED
@@ -14,7 +14,7 @@ export const COOKIE_CONTROL_CONSENT_COOKIE_NAME =
14
14
  export const COOKIE_PREFIX = VIO_SITE_NAME.toLocaleLowerCase()
15
15
  export const COOKIE_SEPARATOR = '_'
16
16
  export const FETCH_RETRY_AMOUNT = 3
17
- export const VIO_GET_CSP = (siteUrl: string) =>
17
+ export const VIO_GET_CSP = ({ siteUrl }: { siteUrl: URL }) =>
18
18
  defu(
19
19
  {
20
20
  // Cloudflare
@@ -23,7 +23,7 @@ export const VIO_GET_CSP = (siteUrl: string) =>
23
23
  'connect-src': ['https://cloudflareinsights.com'], // analytics
24
24
  'script-src-elem': [
25
25
  'https://static.cloudflareinsights.com', // analytics
26
- `${siteUrl}/cdn-cgi/`, // https://developers.cloudflare.com/fundamentals/reference/cdn-cgi-endpoint/
26
+ `${siteUrl}cdn-cgi/`, // https://developers.cloudflare.com/fundamentals/reference/cdn-cgi-endpoint/
27
27
  ],
28
28
  }
29
29
  : {}),
@@ -47,7 +47,7 @@ export const VIO_GET_CSP = (siteUrl: string) =>
47
47
  },
48
48
  {
49
49
  // vio
50
- 'manifest-src': [`${siteUrl}/site.webmanifest`],
50
+ 'manifest-src': [`${siteUrl}site.webmanifest`],
51
51
  'script-src-elem': [
52
52
  'https://cdnjs.cloudflare.com/polyfill/v3/polyfill.min.js', // ESLint plugin compat
53
53
  ],
@@ -56,7 +56,7 @@ export const VIO_GET_CSP = (siteUrl: string) =>
56
56
  // // nuxt-link-checker
57
57
  // ...(process.env.NODE_ENV === 'development'
58
58
  // ? {
59
- // 'connect-src': [`${siteUrl}/api/__link_checker__/inspect`],
59
+ // 'connect-src': [`${siteUrl}api/__link_checker__/inspect`],
60
60
  // }
61
61
  // : {}),
62
62
  // },
@@ -64,7 +64,7 @@ export const VIO_GET_CSP = (siteUrl: string) =>
64
64
  // nuxt-og-image
65
65
  ...(process.env.NODE_ENV === 'development'
66
66
  ? {
67
- // 'connect-src': [`${siteUrl}/__og-image__/`],
67
+ // 'connect-src': [`${siteUrl}__og-image__/`],
68
68
  'frame-ancestors': ["'self'"],
69
69
  }
70
70
  : {}),
@@ -73,7 +73,7 @@ export const VIO_GET_CSP = (siteUrl: string) =>
73
73
  // // nuxt-schema-org
74
74
  // ...(process.env.NODE_ENV === 'development'
75
75
  // ? {
76
- // 'connect-src': [`${siteUrl}/__schema-org__/debug.json`],
76
+ // 'connect-src': [`${siteUrl}__schema-org__/debug.json`],
77
77
  // }
78
78
  // : {}),
79
79
  // },
@@ -82,8 +82,8 @@ export const VIO_GET_CSP = (siteUrl: string) =>
82
82
  // ...(process.env.NODE_ENV === 'development'
83
83
  // ? {
84
84
  // 'connect-src': [
85
- // `${siteUrl}/__robots__/debug.json`,
86
- // `${siteUrl}/__robots__/debug-path.json`,
85
+ // `${siteUrl}__robots__/debug.json`,
86
+ // `${siteUrl}__robots__/debug-path.json`,
87
87
  // ],
88
88
  // }
89
89
  // : {}),
@@ -92,7 +92,7 @@ export const VIO_GET_CSP = (siteUrl: string) =>
92
92
  // // nuxt-simple-sitemap
93
93
  // ...(process.env.NODE_ENV === 'development'
94
94
  // ? {
95
- // 'connect-src': [`${siteUrl}/__sitemap__/debug.json`],
95
+ // 'connect-src': [`${siteUrl}__sitemap__/debug.json`],
96
96
  // }
97
97
  // : {}),
98
98
  // },
@@ -100,7 +100,7 @@ export const VIO_GET_CSP = (siteUrl: string) =>
100
100
  // // nuxt-site-config
101
101
  // ...(process.env.NODE_ENV === 'development'
102
102
  // ? {
103
- // 'connect-src': [`${siteUrl}/__site-config__/debug.json`],
103
+ // 'connect-src': [`${siteUrl}__site-config__/debug.json`],
104
104
  // }
105
105
  // : {}),
106
106
  // },
@@ -108,7 +108,7 @@ export const VIO_GET_CSP = (siteUrl: string) =>
108
108
  // nuxt
109
109
  ...(process.env.NODE_ENV === 'development'
110
110
  ? {
111
- 'frame-src': [`${siteUrl}/__nuxt_devtools__/client/`], // devtools
111
+ 'frame-src': [`${siteUrl}__nuxt_devtools__/client/`], // devtools
112
112
  }
113
113
  : {}),
114
114
  'connect-src': [
@@ -128,11 +128,11 @@ export const VIO_GET_CSP = (siteUrl: string) =>
128
128
  ],
129
129
  'script-src-elem': [
130
130
  "'nonce-{{nonce}}'",
131
- `${siteUrl}/_nuxt/`, // bundle
131
+ `${siteUrl}_nuxt/`, // bundle
132
132
  ],
133
133
  'style-src': [
134
134
  "'unsafe-inline'", // TODO: replace with "'nonce-{{nonce}}'" once Sweetalert supports it
135
- "'self'", // TODO: `${siteUrl}/_nuxt/`, // bundle
135
+ "'self'", // TODO: `${siteUrl}_nuxt/`, // bundle
136
136
  ], // TODO: use `style-src-elem` once Playwright WebKit supports it
137
137
  },
138
138
  )
package/shared/utils/site.ts ADDED
@@ -0,0 +1,9 @@
1
+ export const useSiteUrl = () => {
2
+ const runtimeConfig = useRuntimeConfig()
3
+ const siteUrl = runtimeConfig.public.site?.url
4
+
5
+ return {
6
+ siteUrl,
7
+ siteUrlTyped: new URL(siteUrl), // eslint-disable-line compat/compat
8
+ }
9
+ }