Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hiding references to __nuxt in the scripts and the template ID #1792

Closed
ederchrono opened this issue Oct 6, 2017 · 7 comments · Fixed by #4012
Closed

Hiding references to __nuxt in the scripts and the template ID #1792

ederchrono opened this issue Oct 6, 2017 · 7 comments · Fixed by #4012
Labels
2.x enhancement

Comments

@ederchrono
Copy link

ederchrono commented Oct 6, 2017
edited by ghost

I've been reading the source code and found out that window.__nuxt__ and the id for the App component #__nuxt are hardcoded. For security reasons I would like to hide what technology is powering my site, do you have plans on having those as options or should I work on my own fork?

This feature request is available on Nuxt.js community (#c1605)
@tmorehouse
Copy link

Also, I would like to have the data passed to window.__NUXT__={...} obfuscated. My store includes details about roles/permissions, basic user information, etc.

It doesn't need to be cryptographically encoded, but maybe base64/62 encoded (as savvy users could just inspect the instances via dev tools). But not having it in plaintext would be a bonus.

Maybe something like:

window.__NUXT__ = stateParser(".....")

Where stateParser decodes the string and then JSON parses it

Or incorporate the de-obfuscation into the part of Nuxt that checks the window.NUXT variable (i.e. if a string, try and decode it)

It could then be made into an optional build flag to either obfuscate or not.

@pi0 pi0 added the enhancement label Oct 7, 2017
@dsandor
Copy link

dsandor commented Oct 17, 2017

I will take a look at this soon.

@Atinux Atinux added the 2.0 label Nov 2, 2017
@cubicmaze
Copy link

Any news about this feature?

@mavrick
Copy link

mavrick commented Mar 28, 2018

Would also like to use lz-string or base64 type encoding to obfuscate the json objects

@baermowei
Copy link

I have the same question ,how to do with it?

@akkuan
Copy link

akkuan commented Apr 28, 2018

window.NUXT = stateParser(".....")

I have the same question,how to do whith it?

Which files do I need to modify

@JuliaNeumann JuliaNeumann mentioned this issue Jul 11, 2018
Closed
@volkovmqx volkovmqx mentioned this issue Aug 6, 2018
Closed
@manniL manniL mentioned this issue Aug 31, 2018
Closed
@galvez galvez mentioned this issue Oct 1, 2018
Merged
7 tasks
@pi0 pi0 closed this as completed in #4012 Oct 9, 2018
@lock
Copy link

lock bot commented Nov 8, 2018

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Nov 8, 2018
@danielroe danielroe added the 2.x label Jan 18, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
2.x enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: configurable global name nuxt/nuxt