@dargmuesli/nuxt-vio 9.0.2 → 9.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/nuxt.config.ts +22 -19
- package/package.json +2 -2
package/nuxt.config.ts
CHANGED
@@ -162,7 +162,7 @@ export default defineNuxtConfig(
|
|
162
162
|
locales: ['en', 'de'],
|
163
163
|
},
|
164
164
|
htmlValidator: {
|
165
|
-
failOnError: true,
|
165
|
+
// failOnError: true, // TODO: enable once headers match requirements (https://github.com/unjs/unhead/issues/199#issuecomment-1815728703)
|
166
166
|
logLevel: 'warning',
|
167
167
|
},
|
168
168
|
i18n: {
|
@@ -182,9 +182,7 @@ export default defineNuxtConfig(
|
|
182
182
|
...(process.env.NODE_ENV === 'production'
|
183
183
|
? {
|
184
184
|
'connect-src': ["'self'"], // `${SITE_URL}/cdn-cgi/rum`
|
185
|
-
'script-src
|
186
|
-
'https://static.cloudflareinsights.com',
|
187
|
-
],
|
185
|
+
'script-src': ['https://static.cloudflareinsights.com'], // TODO: replace with `script-src-elem` once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
|
188
186
|
}
|
189
187
|
: {}),
|
190
188
|
},
|
@@ -199,15 +197,15 @@ export default defineNuxtConfig(
|
|
199
197
|
'https://*.google-analytics.com',
|
200
198
|
'https://*.googletagmanager.com',
|
201
199
|
],
|
202
|
-
'script-src
|
200
|
+
'script-src': ['https://*.googletagmanager.com'], // TODO: replace with `script-src-elem` once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
|
203
201
|
},
|
204
202
|
{
|
205
203
|
// vio
|
206
204
|
'connect-src': ["'self'"], // `${SITE_URL}/api/healthcheck`
|
207
205
|
'manifest-src': [`${SITE_URL}/site.webmanifest`],
|
208
|
-
'script-src
|
206
|
+
'script-src': [
|
209
207
|
'https://polyfill.io/v3/polyfill.min.js', // ESLint plugin compat
|
210
|
-
],
|
208
|
+
], // TODO: replace with `script-src-elem` once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
|
211
209
|
},
|
212
210
|
{
|
213
211
|
// @nuxt/devtools
|
@@ -219,6 +217,14 @@ export default defineNuxtConfig(
|
|
219
217
|
}
|
220
218
|
: {}),
|
221
219
|
},
|
220
|
+
{
|
221
|
+
// nuxt-i18n
|
222
|
+
...(process.env.NODE_ENV === 'development'
|
223
|
+
? {}
|
224
|
+
: {
|
225
|
+
'script-src': ["'self'"], // 'http://localhost:3000/_nuxt/i18n.config.*.js' // TOD: add with subresource integrity?
|
226
|
+
}),
|
227
|
+
},
|
222
228
|
{
|
223
229
|
// nuxt-link-checker
|
224
230
|
...(process.env.NODE_ENV === 'development'
|
@@ -234,7 +240,7 @@ export default defineNuxtConfig(
|
|
234
240
|
'font-src': ['https://fonts.gstatic.com/s/inter/'],
|
235
241
|
'frame-ancestors': ["'self'"],
|
236
242
|
'frame-src': ["'self'"],
|
237
|
-
'script-src
|
243
|
+
'script-src': ['https://cdn.tailwindcss.com/'], // TODO: replace with `script-src-elem` once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
|
238
244
|
'style-src': [
|
239
245
|
// TODO: replace with `style-src-elem` once Webkit supports it
|
240
246
|
'https://cdn.jsdelivr.net/npm/gardevoir https://fonts.googleapis.com/css2',
|
@@ -244,7 +250,7 @@ export default defineNuxtConfig(
|
|
244
250
|
},
|
245
251
|
{
|
246
252
|
// nuxt-simple-sitemap
|
247
|
-
'script-src
|
253
|
+
'script-src': [`${SITE_URL}/__sitemap__/style.xsl`], // TODO: replace with `script-src-elem` once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
|
248
254
|
},
|
249
255
|
{
|
250
256
|
// nuxt
|
@@ -262,7 +268,7 @@ export default defineNuxtConfig(
|
|
262
268
|
"'self'", // TODO: replace with `"'nonce-{{nonce}}'",`
|
263
269
|
'data:', // external link icon
|
264
270
|
],
|
265
|
-
'script-src
|
271
|
+
'script-src': ["'nonce-{{nonce}}'"], // TODO: replace with `script-src-elem` once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
|
266
272
|
'style-src': [
|
267
273
|
// TODO: replace with `style-src-elem` once Webkit supports it
|
268
274
|
"'self'", // TODO: replace with `"'nonce-{{nonce}}'",` (https://github.com/vitejs/vite/pull/11864)
|
@@ -274,9 +280,9 @@ export default defineNuxtConfig(
|
|
274
280
|
'connect-src': ["'self'"] /* swagger
|
275
281
|
'http://localhost:3000/_nitro/openapi.json',
|
276
282
|
'http://localhost:3000/_nitro/swagger', */,
|
277
|
-
'script-src
|
283
|
+
'script-src': [
|
278
284
|
'https://cdn.jsdelivr.net/npm/', // swagger // TODO: increase precision (https://github.com/unjs/nitro/issues/1757)
|
279
|
-
],
|
285
|
+
], // TODO: replace with `script-src-elem` once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
|
280
286
|
'style-src': [
|
281
287
|
'https://cdn.jsdelivr.net/npm/', // swagger // TODO: increase precision (https://github.com/unjs/nitro/issues/1757)
|
282
288
|
],
|
@@ -302,11 +308,11 @@ export default defineNuxtConfig(
|
|
302
308
|
// 'require-trusted-types-for': ["'script'"], // csp-evaluator
|
303
309
|
sandbox: [],
|
304
310
|
'script-src': [],
|
305
|
-
'script-src-attr':
|
306
|
-
'script-src-elem':
|
311
|
+
'script-src-attr': false as const, // TODO: enable once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-attr)
|
312
|
+
'script-src-elem': false as const, // TODO: enable once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
|
307
313
|
'style-src': [],
|
308
|
-
'style-src-attr':
|
309
|
-
'style-src-elem':
|
314
|
+
'style-src-attr': false as const, // TODO: enable once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_style-src-attr)
|
315
|
+
'style-src-elem': false as const, // TODO: enable once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_style-src-elem)
|
310
316
|
'upgrade-insecure-requests': false, // TODO: set to `process.env.NODE_ENV === 'production'` or `true` when tests run on https
|
311
317
|
'worker-src': [],
|
312
318
|
},
|
@@ -322,9 +328,6 @@ export default defineNuxtConfig(
|
|
322
328
|
: false,
|
323
329
|
xXSSProtection: '1; mode=block', // TODO: set back to `0` once CSP does not use `unsafe-*` anymore (https://github.com/maevsi/maevsi/issues/1047)
|
324
330
|
},
|
325
|
-
nonce: {
|
326
|
-
enabled: true,
|
327
|
-
},
|
328
331
|
},
|
329
332
|
seo: {
|
330
333
|
splash: false,
|
package/package.json
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
{
|
2
2
|
"name": "@dargmuesli/nuxt-vio",
|
3
|
-
"version": "9.0.
|
3
|
+
"version": "9.0.3",
|
4
4
|
"repository": {
|
5
5
|
"type": "git",
|
6
6
|
"url": "git+https://github.com/dargmuesli/vio.git"
|
@@ -54,7 +54,7 @@
|
|
54
54
|
"clipboardy": "4.0.0",
|
55
55
|
"dayjs": "2.0.0-alpha.4",
|
56
56
|
"jose": "5.1.1",
|
57
|
-
"nuxt-security": "1.0.0-rc.
|
57
|
+
"nuxt-security": "1.0.0-rc.4",
|
58
58
|
"sweetalert2": "11.10.0",
|
59
59
|
"vue-gtag": "2.0.1"
|
60
60
|
},
|