@dargmuesli/nuxt-vio 9.0.2 → 9.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/nuxt.config.ts +22 -19
  2. package/package.json +2 -2
package/nuxt.config.ts CHANGED
@@ -162,7 +162,7 @@ export default defineNuxtConfig(
162
162
  locales: ['en', 'de'],
163
163
  },
164
164
  htmlValidator: {
165
- failOnError: true,
165
+ // failOnError: true, // TODO: enable once headers match requirements (https://github.com/unjs/unhead/issues/199#issuecomment-1815728703)
166
166
  logLevel: 'warning',
167
167
  },
168
168
  i18n: {
@@ -182,9 +182,7 @@ export default defineNuxtConfig(
182
182
  ...(process.env.NODE_ENV === 'production'
183
183
  ? {
184
184
  'connect-src': ["'self'"], // `${SITE_URL}/cdn-cgi/rum`
185
- 'script-src-elem': [
186
- 'https://static.cloudflareinsights.com',
187
- ],
185
+ 'script-src': ['https://static.cloudflareinsights.com'], // TODO: replace with `script-src-elem` once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
188
186
  }
189
187
  : {}),
190
188
  },
@@ -199,15 +197,15 @@ export default defineNuxtConfig(
199
197
  'https://*.google-analytics.com',
200
198
  'https://*.googletagmanager.com',
201
199
  ],
202
- 'script-src-elem': ['https://*.googletagmanager.com'],
200
+ 'script-src': ['https://*.googletagmanager.com'], // TODO: replace with `script-src-elem` once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
203
201
  },
204
202
  {
205
203
  // vio
206
204
  'connect-src': ["'self'"], // `${SITE_URL}/api/healthcheck`
207
205
  'manifest-src': [`${SITE_URL}/site.webmanifest`],
208
- 'script-src-elem': [
206
+ 'script-src': [
209
207
  'https://polyfill.io/v3/polyfill.min.js', // ESLint plugin compat
210
- ],
208
+ ], // TODO: replace with `script-src-elem` once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
211
209
  },
212
210
  {
213
211
  // @nuxt/devtools
@@ -219,6 +217,14 @@ export default defineNuxtConfig(
219
217
  }
220
218
  : {}),
221
219
  },
220
+ {
221
+ // nuxt-i18n
222
+ ...(process.env.NODE_ENV === 'development'
223
+ ? {}
224
+ : {
225
+ 'script-src': ["'self'"], // 'http://localhost:3000/_nuxt/i18n.config.*.js' // TOD: add with subresource integrity?
226
+ }),
227
+ },
222
228
  {
223
229
  // nuxt-link-checker
224
230
  ...(process.env.NODE_ENV === 'development'
@@ -234,7 +240,7 @@ export default defineNuxtConfig(
234
240
  'font-src': ['https://fonts.gstatic.com/s/inter/'],
235
241
  'frame-ancestors': ["'self'"],
236
242
  'frame-src': ["'self'"],
237
- 'script-src-elem': ['https://cdn.tailwindcss.com/'],
243
+ 'script-src': ['https://cdn.tailwindcss.com/'], // TODO: replace with `script-src-elem` once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
238
244
  'style-src': [
239
245
  // TODO: replace with `style-src-elem` once Webkit supports it
240
246
  'https://cdn.jsdelivr.net/npm/gardevoir https://fonts.googleapis.com/css2',
@@ -244,7 +250,7 @@ export default defineNuxtConfig(
244
250
  },
245
251
  {
246
252
  // nuxt-simple-sitemap
247
- 'script-src-elem': [`${SITE_URL}/__sitemap__/style.xsl`],
253
+ 'script-src': [`${SITE_URL}/__sitemap__/style.xsl`], // TODO: replace with `script-src-elem` once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
248
254
  },
249
255
  {
250
256
  // nuxt
@@ -262,7 +268,7 @@ export default defineNuxtConfig(
262
268
  "'self'", // TODO: replace with `"'nonce-{{nonce}}'",`
263
269
  'data:', // external link icon
264
270
  ],
265
- 'script-src-elem': ["'nonce-{{nonce}}'"],
271
+ 'script-src': ["'nonce-{{nonce}}'"], // TODO: replace with `script-src-elem` once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
266
272
  'style-src': [
267
273
  // TODO: replace with `style-src-elem` once Webkit supports it
268
274
  "'self'", // TODO: replace with `"'nonce-{{nonce}}'",` (https://github.com/vitejs/vite/pull/11864)
@@ -274,9 +280,9 @@ export default defineNuxtConfig(
274
280
  'connect-src': ["'self'"] /* swagger
275
281
  'http://localhost:3000/_nitro/openapi.json',
276
282
  'http://localhost:3000/_nitro/swagger', */,
277
- 'script-src-elem': [
283
+ 'script-src': [
278
284
  'https://cdn.jsdelivr.net/npm/', // swagger // TODO: increase precision (https://github.com/unjs/nitro/issues/1757)
279
- ],
285
+ ], // TODO: replace with `script-src-elem` once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
280
286
  'style-src': [
281
287
  'https://cdn.jsdelivr.net/npm/', // swagger // TODO: increase precision (https://github.com/unjs/nitro/issues/1757)
282
288
  ],
@@ -302,11 +308,11 @@ export default defineNuxtConfig(
302
308
  // 'require-trusted-types-for': ["'script'"], // csp-evaluator
303
309
  sandbox: [],
304
310
  'script-src': [],
305
- 'script-src-attr': [],
306
- 'script-src-elem': [],
311
+ 'script-src-attr': false as const, // TODO: enable once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-attr)
312
+ 'script-src-elem': false as const, // TODO: enable once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
307
313
  'style-src': [],
308
- 'style-src-attr': [],
309
- 'style-src-elem': [],
314
+ 'style-src-attr': false as const, // TODO: enable once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_style-src-attr)
315
+ 'style-src-elem': false as const, // TODO: enable once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_style-src-elem)
310
316
  'upgrade-insecure-requests': false, // TODO: set to `process.env.NODE_ENV === 'production'` or `true` when tests run on https
311
317
  'worker-src': [],
312
318
  },
@@ -322,9 +328,6 @@ export default defineNuxtConfig(
322
328
  : false,
323
329
  xXSSProtection: '1; mode=block', // TODO: set back to `0` once CSP does not use `unsafe-*` anymore (https://github.com/maevsi/maevsi/issues/1047)
324
330
  },
325
- nonce: {
326
- enabled: true,
327
- },
328
331
  },
329
332
  seo: {
330
333
  splash: false,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@dargmuesli/nuxt-vio",
3
- "version": "9.0.2",
3
+ "version": "9.0.3",
4
4
  "repository": {
5
5
  "type": "git",
6
6
  "url": "git+https://github.com/dargmuesli/vio.git"
@@ -54,7 +54,7 @@
54
54
  "clipboardy": "4.0.0",
55
55
  "dayjs": "2.0.0-alpha.4",
56
56
  "jose": "5.1.1",
57
- "nuxt-security": "1.0.0-rc.2",
57
+ "nuxt-security": "1.0.0-rc.4",
58
58
  "sweetalert2": "11.10.0",
59
59
  "vue-gtag": "2.0.1"
60
60
  },