Skip to content

Commit

Permalink
Merge pull request #181 from trijpstra-fourlights/fix/nonce-and-ssg
Browse files Browse the repository at this point in the history 
fix: nonce and ssg usage
  • Loading branch information
@Baroshem
Baroshem committed Jul 19, 2023
2 parents 4cb390a + 0c24f69 commit b0bfb83
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 10 deletions.
20 changes: 10 additions & 10 deletions src/module.ts
View file
Expand Up @@ -230,32 +230,32 @@ const registerSecurityNitroPlugins = (
config.plugins.push(
normalize(
fileURLToPath(
new URL("./runtime/nitro/plugins/hidePoweredBy", import.meta.url)
new URL("./runtime/nitro/plugins/01-hidePoweredBy", import.meta.url)
)
)
);
}

// Nitro plugin to enable nonce for CSP
if (nuxt.options.security.nonce) {
// Register nitro plugin to enable CSP for SSG
if (
typeof securityOptions.headers === "object" &&
securityOptions.headers.contentSecurityPolicy
) {
config.plugins.push(
normalize(
fileURLToPath(
new URL("./runtime/nitro/plugins/cspNonce", import.meta.url)
new URL("./runtime/nitro/plugins/02-cspSsg", import.meta.url)
)
)
);
}

// Register nitro plugin to enable CSP for SSG
if (
typeof securityOptions.headers === "object" &&
securityOptions.headers.contentSecurityPolicy
) {
// Nitro plugin to enable nonce for CSP
if (nuxt.options.security.nonce) {
config.plugins.push(
normalize(
fileURLToPath(
new URL("./runtime/nitro/plugins/cspSsg", import.meta.url)
new URL("./runtime/nitro/plugins/99-cspNonce", import.meta.url)
)
)
);
Expand Down
0 src/runtime/nitro/plugins/hidePoweredBy.ts → ...runtime/nitro/plugins/01-hidePoweredBy.ts
View file
File renamed without changes.
0 src/runtime/nitro/plugins/cspSsg.ts → src/runtime/nitro/plugins/02-cspSsg.ts
View file
File renamed without changes.
6 changes: 6 additions & 0 deletions src/runtime/nitro/plugins/cspNonce.ts → src/runtime/nitro/plugins/99-cspNonce.ts
View file
Expand Up @@ -27,6 +27,12 @@ export default <NitroAppPlugin> function (nitro) {

if (!nonce) { return }

// Replace nonce attribute in http-equiv meta tag
html.head = html.head.map((meta) => {
if (!meta.startsWith('<meta http-equiv="Content-Security-Policy"')) { return meta }
return meta.replaceAll('{{nonce}}', nonce)
})

// Add nonce attribute to all link tags
html.head = html.head.map(link => link.replaceAll(tagNotPrecededByQuotes('link'), `<link nonce="${nonce}"`))
html.bodyAppend = html.bodyAppend.map(link => link.replaceAll(tagNotPrecededByQuotes('link'), `<link nonce="${nonce}"`))
Expand Down

1 comment on commit b0bfb83

@vercel
Copy link

@vercel vercel bot commented on b0bfb83 Jul 19, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Successfully deployed to the following URLs:

nuxt-security – ./

nuxt-security.vercel.app
nuxt-security-git-main-baroshem.vercel.app
nuxt-security-baroshem.vercel.app

Please sign in to comment.