fix: 1.4.2 import defuReplaceArray

.stackblitz/package.json

@@ -11,6 +11,6 @@
     "nuxt": "3.9.3"
   },
   "dependencies": {
-    "nuxt-security": "^1.4.0"
+    "nuxt-security": "^1.4.2"
   }
 }

.stackblitz/yarn.lock

@@ -4296,10 +4296,10 @@ nuxt-csurf@^1.5.1:
     defu "^6.1.4"
     uncsrf "^1.1.1"
 
-nuxt-security@^1.4.0:
-  version "1.4.0"
-  resolved "https://registry.yarnpkg.com/nuxt-security/-/nuxt-security-1.4.0.tgz#c7ec8dfd586bbf327e297601bf5b012b1752c823"
-  integrity sha512-oBpA7bNWt+U1oafWospfGV5htzkpUcyP4RStR3LoEnP7bJSyAnXac9sjeBe+kVF4K9aWBnDuoH1bya96UMQq0Q==
+nuxt-security@^1.4.2:
+  version "1.4.2"
+  resolved "https://registry.yarnpkg.com/nuxt-security/-/nuxt-security-1.4.2.tgz#8ebff7b36c42373192322f6c115e80195c8daa26"
+  integrity sha512-0rxruaiKcSXqZS9bEQuXTzUMfw3Jd73Kx+AtqT9mwsstTihPZjdaQ/125KLrnBKrH9gGSPXiCNo09TgBvgf5DQ==
   dependencies:
     "@nuxt/kit" "^3.11.2"
     basic-auth "^2.0.1"

package.json

@@ -1,6 +1,6 @@
 {
   "name": "nuxt-security",
-  "version": "1.4.0",
+  "version": "1.4.2",
   "license": "MIT",
   "type": "module",
   "homepage": "https://nuxt-security.vercel.app",

src/runtime/nitro/plugins/00-routeRules.ts

@@ -1,6 +1,6 @@
 import { defineNitroPlugin, useRuntimeConfig } from "#imports"
 import { NuxtSecurityRouteRules } from "../../../types"
-import { defuReplaceArray } from "../../../utils"
+import { defuReplaceArray } from "../utils"
 import { OptionKey, SecurityHeaders } from "../../../types/headers"
 import { getKeyFromName, headerObjectFromString } from "../../utils/headers"
 
@@ -26,7 +26,7 @@ export default defineNitroPlugin((nitroApp) => {
     securityOptions,
     securityRouteRules['/**']
   )
-  
+
   // Then insert route specific security headers
   for (const route in runtimeConfig.nitro.routeRules) {
     const rule = runtimeConfig.nitro.routeRules[route]
@@ -61,7 +61,7 @@ export default defineNitroPlugin((nitroApp) => {
 })
 
 /**
- * Convert standard headers string format to security headers object format, returning undefined if no valid security header is found 
+ * Convert standard headers string format to security headers object format, returning undefined if no valid security header is found
  */
 function standardToSecurity(standardHeaders?: Record<string, any>) {
   if (!standardHeaders) {
@@ -78,7 +78,7 @@ function standardToSecurity(standardHeaders?: Record<string, any>) {
         const objectValue: any = headerObjectFromString(optionKey, headerValue)
         standardHeadersAsObject[optionKey] = objectValue
       } else {
-        // Here we ensure backwards compatibility 
+        // Here we ensure backwards compatibility
         // Because in the pre-rc1 syntax, standard headers could also be supplied in object format
         standardHeadersAsObject[optionKey] = headerValue
         //standardHeaders[headerName] = headerStringFromObject(optionKey, headerValue)
@@ -94,7 +94,7 @@ function standardToSecurity(standardHeaders?: Record<string, any>) {
 }
 
 /**
- * 
+ *
  * Ensure backwards compatibility with pre-rc1 syntax, returning undefined if no securityHeaders is passed
  */
 function backwardsCompatibleSecurity(securityHeaders?: SecurityHeaders | false) {

src/runtime/nitro/utils/index.ts

@@ -2,7 +2,7 @@
 import type { NuxtSecurityRouteRules } from "../../../types"
 import { createRouter, toRouteMatcher } from "radix3"
 import type { H3Event } from "h3"
-import { defuReplaceArray } from "../../../../src/utils"
+import { createDefu } from 'defu'
 
 export function resolveSecurityRules(event: H3Event) {
   const routeRules = event.context.security?.routeRules
@@ -19,4 +19,11 @@ export function resolveSecurityRoute(event: H3Event) {
   const router = createRouter<{ name: string }>({ routes: routeNames})
   const match = router.lookup(event.path.split('?')[0])
   return match?.name
-}
+}
+
+export const defuReplaceArray = createDefu((obj, key, value) => {
+  if (Array.isArray(obj[key]) || Array.isArray(value)) {
+    obj[key] = value
+    return true
+  }
+})