@dargmuesli/nuxt-vio 8.3.3 → 8.3.4
Sign up to get free protection for your applications and to get access to all the features.
- package/nuxt.config.ts +58 -1
- package/package.json +1 -1
package/nuxt.config.ts
CHANGED
|
@@ -49,9 +49,38 @@ export default defineNuxtConfig(
|
|
|
49
49
|
'@nuxtjs/html-validator',
|
|
50
50
|
'@nuxtjs/i18n',
|
|
51
51
|
'@nuxtjs/tailwindcss',
|
|
52
|
-
'@nuxtseo/module',
|
|
53
52
|
'@pinia/nuxt',
|
|
53
|
+
// nuxt-security: remove invalid `'none'`s
|
|
54
|
+
(_options, nuxt) => {
|
|
55
|
+
const nuxtConfigSecurity = nuxt.options.security
|
|
56
|
+
|
|
57
|
+
if (
|
|
58
|
+
typeof nuxtConfigSecurity.headers !== 'boolean' &&
|
|
59
|
+
nuxtConfigSecurity.headers.contentSecurityPolicy &&
|
|
60
|
+
typeof nuxtConfigSecurity.headers.contentSecurityPolicy !==
|
|
61
|
+
'boolean' &&
|
|
62
|
+
typeof nuxtConfigSecurity.headers.contentSecurityPolicy !== 'string'
|
|
63
|
+
) {
|
|
64
|
+
for (const [key, value] of Object.entries(
|
|
65
|
+
nuxtConfigSecurity.headers.contentSecurityPolicy,
|
|
66
|
+
)) {
|
|
67
|
+
if (!Array.isArray(value)) continue
|
|
68
|
+
|
|
69
|
+
const valueFiltered = value.filter((x) => x !== "'none'")
|
|
70
|
+
|
|
71
|
+
if (valueFiltered.length) {
|
|
72
|
+
;(
|
|
73
|
+
nuxtConfigSecurity.headers.contentSecurityPolicy as Record<
|
|
74
|
+
string,
|
|
75
|
+
any
|
|
76
|
+
>
|
|
77
|
+
)[key] = valueFiltered
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
},
|
|
54
82
|
'nuxt-security',
|
|
83
|
+
'@nuxtseo/module',
|
|
55
84
|
],
|
|
56
85
|
nitro: {
|
|
57
86
|
compressPublicAssets: true,
|
|
@@ -144,6 +173,17 @@ export default defineNuxtConfig(
|
|
|
144
173
|
security: {
|
|
145
174
|
headers: {
|
|
146
175
|
contentSecurityPolicy: defu(
|
|
176
|
+
{
|
|
177
|
+
// Cloudflare
|
|
178
|
+
...(process.env.NODE_ENV === 'production'
|
|
179
|
+
? {
|
|
180
|
+
'connect-src': [`${SITE_URL}/cdn-cgi/rum`],
|
|
181
|
+
'script-src-elem': [
|
|
182
|
+
'https://static.cloudflareinsights.com',
|
|
183
|
+
],
|
|
184
|
+
}
|
|
185
|
+
: {}),
|
|
186
|
+
},
|
|
147
187
|
{
|
|
148
188
|
// Google Analytics 4 (https://developers.google.com/tag-platform/tag-manager/web/csp)
|
|
149
189
|
'connect-src': [
|
|
@@ -180,6 +220,21 @@ export default defineNuxtConfig(
|
|
|
180
220
|
: []),
|
|
181
221
|
],
|
|
182
222
|
},
|
|
223
|
+
{
|
|
224
|
+
// nuxt-og-image
|
|
225
|
+
...(process.env.NODE_ENV === 'development'
|
|
226
|
+
? {
|
|
227
|
+
'font-src': ['https://fonts.gstatic.com/s/inter/'],
|
|
228
|
+
'frame-ancestors': ["'self'"],
|
|
229
|
+
'frame-src': ["'self'"],
|
|
230
|
+
'script-src-elem': ['https://cdn.tailwindcss.com/'],
|
|
231
|
+
'style-src': [
|
|
232
|
+
// TODO: replace with `style-src-elem` once Webkit supports it
|
|
233
|
+
'https://cdn.jsdelivr.net/npm/gardevoir https://fonts.googleapis.com/css2',
|
|
234
|
+
],
|
|
235
|
+
}
|
|
236
|
+
: {}),
|
|
237
|
+
},
|
|
183
238
|
{
|
|
184
239
|
// nuxt-simple-sitemap
|
|
185
240
|
'script-src-elem': [`${SITE_URL}/__sitemap__/style.xsl`],
|
|
@@ -224,6 +279,8 @@ export default defineNuxtConfig(
|
|
|
224
279
|
'prefetch-src': [],
|
|
225
280
|
'report-to': [],
|
|
226
281
|
'report-uri': [],
|
|
282
|
+
// TODO: evaluate header (https://github.com/maevsi/maevsi/issues/830) // https://stackoverflow.com/questions/62081028/this-document-requires-trustedscripturl-assignment
|
|
283
|
+
// 'require-trusted-types-for': ["'script'"], // csp-evaluator
|
|
227
284
|
sandbox: [],
|
|
228
285
|
'script-src': [],
|
|
229
286
|
'script-src-attr': [],
|