@dargmuesli/nuxt-vio 8.3.3 → 8.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/nuxt.config.ts +58 -1
- package/package.json +1 -1
package/nuxt.config.ts
CHANGED
|
@@ -49,9 +49,38 @@ export default defineNuxtConfig(
|
|
|
49
49
|
'@nuxtjs/html-validator',
|
|
50
50
|
'@nuxtjs/i18n',
|
|
51
51
|
'@nuxtjs/tailwindcss',
|
|
52
|
-
'@nuxtseo/module',
|
|
53
52
|
'@pinia/nuxt',
|
|
53
|
+
// nuxt-security: remove invalid `'none'`s
|
|
54
|
+
(_options, nuxt) => {
|
|
55
|
+
const nuxtConfigSecurity = nuxt.options.security
|
|
56
|
+
|
|
57
|
+
if (
|
|
58
|
+
typeof nuxtConfigSecurity.headers !== 'boolean' &&
|
|
59
|
+
nuxtConfigSecurity.headers.contentSecurityPolicy &&
|
|
60
|
+
typeof nuxtConfigSecurity.headers.contentSecurityPolicy !==
|
|
61
|
+
'boolean' &&
|
|
62
|
+
typeof nuxtConfigSecurity.headers.contentSecurityPolicy !== 'string'
|
|
63
|
+
) {
|
|
64
|
+
for (const [key, value] of Object.entries(
|
|
65
|
+
nuxtConfigSecurity.headers.contentSecurityPolicy,
|
|
66
|
+
)) {
|
|
67
|
+
if (!Array.isArray(value)) continue
|
|
68
|
+
|
|
69
|
+
const valueFiltered = value.filter((x) => x !== "'none'")
|
|
70
|
+
|
|
71
|
+
if (valueFiltered.length) {
|
|
72
|
+
;(
|
|
73
|
+
nuxtConfigSecurity.headers.contentSecurityPolicy as Record<
|
|
74
|
+
string,
|
|
75
|
+
any
|
|
76
|
+
>
|
|
77
|
+
)[key] = valueFiltered
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
},
|
|
54
82
|
'nuxt-security',
|
|
83
|
+
'@nuxtseo/module',
|
|
55
84
|
],
|
|
56
85
|
nitro: {
|
|
57
86
|
compressPublicAssets: true,
|
|
@@ -144,6 +173,17 @@ export default defineNuxtConfig(
|
|
|
144
173
|
security: {
|
|
145
174
|
headers: {
|
|
146
175
|
contentSecurityPolicy: defu(
|
|
176
|
+
{
|
|
177
|
+
// Cloudflare
|
|
178
|
+
...(process.env.NODE_ENV === 'production'
|
|
179
|
+
? {
|
|
180
|
+
'connect-src': [`${SITE_URL}/cdn-cgi/rum`],
|
|
181
|
+
'script-src-elem': [
|
|
182
|
+
'https://static.cloudflareinsights.com',
|
|
183
|
+
],
|
|
184
|
+
}
|
|
185
|
+
: {}),
|
|
186
|
+
},
|
|
147
187
|
{
|
|
148
188
|
// Google Analytics 4 (https://developers.google.com/tag-platform/tag-manager/web/csp)
|
|
149
189
|
'connect-src': [
|
|
@@ -180,6 +220,21 @@ export default defineNuxtConfig(
|
|
|
180
220
|
: []),
|
|
181
221
|
],
|
|
182
222
|
},
|
|
223
|
+
{
|
|
224
|
+
// nuxt-og-image
|
|
225
|
+
...(process.env.NODE_ENV === 'development'
|
|
226
|
+
? {
|
|
227
|
+
'font-src': ['https://fonts.gstatic.com/s/inter/'],
|
|
228
|
+
'frame-ancestors': ["'self'"],
|
|
229
|
+
'frame-src': ["'self'"],
|
|
230
|
+
'script-src-elem': ['https://cdn.tailwindcss.com/'],
|
|
231
|
+
'style-src': [
|
|
232
|
+
// TODO: replace with `style-src-elem` once Webkit supports it
|
|
233
|
+
'https://cdn.jsdelivr.net/npm/gardevoir https://fonts.googleapis.com/css2',
|
|
234
|
+
],
|
|
235
|
+
}
|
|
236
|
+
: {}),
|
|
237
|
+
},
|
|
183
238
|
{
|
|
184
239
|
// nuxt-simple-sitemap
|
|
185
240
|
'script-src-elem': [`${SITE_URL}/__sitemap__/style.xsl`],
|
|
@@ -224,6 +279,8 @@ export default defineNuxtConfig(
|
|
|
224
279
|
'prefetch-src': [],
|
|
225
280
|
'report-to': [],
|
|
226
281
|
'report-uri': [],
|
|
282
|
+
// TODO: evaluate header (https://github.com/maevsi/maevsi/issues/830) // https://stackoverflow.com/questions/62081028/this-document-requires-trustedscripturl-assignment
|
|
283
|
+
// 'require-trusted-types-for': ["'script'"], // csp-evaluator
|
|
227
284
|
sandbox: [],
|
|
228
285
|
'script-src': [],
|
|
229
286
|
'script-src-attr': [],
|