feat: add security headers (with nuxt-security) (#1025)

This commit is contained in:
jviide 2023-01-16 03:00:44 +02:00 committed by GitHub
parent 7c58d89044
commit d24c1da35e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 88 additions and 0 deletions

View file

@ -25,6 +25,7 @@ export default defineNuxtConfig({
'@vue-macros/nuxt', '@vue-macros/nuxt',
'@nuxtjs/i18n', '@nuxtjs/i18n',
'@nuxtjs/color-mode', '@nuxtjs/color-mode',
'nuxt-security',
'~/modules/purge-comments', '~/modules/purge-comments',
'~/modules/setup-components', '~/modules/setup-components',
'~/modules/build-env', '~/modules/build-env',
@ -142,6 +143,30 @@ export default defineNuxtConfig({
], ],
}, },
}, },
security: {
headers: {
crossOriginEmbedderPolicy: false,
contentSecurityPolicy: {
value: {
'default-src': ['\'self\''],
'base-uri': ['\'self\''],
'connect-src': ['\'self\'', 'https:', 'http:', 'wss:', 'ws:'],
'font-src': ['\'self\''],
'form-action': ['\'none\''],
'frame-ancestors': ['\'none\''],
'img-src': ['\'self\'', 'https:', 'http:', 'data:'],
'media-src': ['\'self\'', 'https:', 'http:'],
'object-src': ['\'none\''],
'script-src': ['\'self\'', '\'unsafe-inline\''],
'script-src-attr': ['\'none\''],
'style-src': ['\'self\'', '\'unsafe-inline\''],
'upgrade-insecure-requests': true,
},
route: '/**',
},
},
rateLimiter: false,
},
colorMode: { classSuffix: '' }, colorMode: { classSuffix: '' },
i18n, i18n,
pwa, pwa,

View file

@ -100,6 +100,7 @@
"jsdom": "^21.0.0", "jsdom": "^21.0.0",
"lint-staged": "^13.1.0", "lint-staged": "^13.1.0",
"nuxt": "^3.0.0", "nuxt": "^3.0.0",
"nuxt-security": "^0.10.0",
"postcss-nested": "^6.0.0", "postcss-nested": "^6.0.0",
"prettier": "^2.8.2", "prettier": "^2.8.2",
"rollup-plugin-node-polyfills": "^0.2.1", "rollup-plugin-node-polyfills": "^0.2.1",

View file

@ -94,6 +94,7 @@ importers:
lru-cache: ^7.14.1 lru-cache: ^7.14.1
masto: ^5.4.0 masto: ^5.4.0
nuxt: ^3.0.0 nuxt: ^3.0.0
nuxt-security: ^0.10.0
pinia: ^2.0.28 pinia: ^2.0.28
postcss-nested: ^6.0.0 postcss-nested: ^6.0.0
prettier: ^2.8.2 prettier: ^2.8.2
@ -198,6 +199,7 @@ importers:
jsdom: 21.0.0 jsdom: 21.0.0
lint-staged: 13.1.0 lint-staged: 13.1.0
nuxt: 3.0.0_iukboom6ndih5an6iafl45j2fe nuxt: 3.0.0_iukboom6ndih5an6iafl45j2fe
nuxt-security: 0.10.0
postcss-nested: 6.0.0 postcss-nested: 6.0.0
prettier: 2.8.2 prettier: 2.8.2
rollup-plugin-node-polyfills: 0.2.1 rollup-plugin-node-polyfills: 0.2.1
@ -2048,6 +2050,15 @@ packages:
fastq: 1.15.0 fastq: 1.15.0
dev: true dev: true
/@nozomuikuta/h3-cors/0.1.8_defu@6.1.1:
resolution: {integrity: sha512-qWe2mUfnjxaBwTYKNM/9GrGK0nciyynn5Lk/sv8wYpKbloaoJFB98onBWMTotV5e/l8CCoelsr1oz4qYb7FdHg==}
peerDependencies:
defu: ^6.1.0
h3: ^0.8.6
dependencies:
defu: 6.1.1
dev: true
/@nuxt-themes/docus/1.4.4_nuxt@3.0.0: /@nuxt-themes/docus/1.4.4_nuxt@3.0.0:
resolution: {integrity: sha512-hVbFWD/2qotFVBQtau2eeR2g74k9lLdKZBU+voB2GTo6TbtC1SfVEUlh/KeSbR3DqvfIO1pNQnSTJFGvc4vMdg==} resolution: {integrity: sha512-hVbFWD/2qotFVBQtau2eeR2g74k9lLdKZBU+voB2GTo6TbtC1SfVEUlh/KeSbR3DqvfIO1pNQnSTJFGvc4vMdg==}
dependencies: dependencies:
@ -4570,6 +4581,13 @@ packages:
resolution: {integrity: sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==} resolution: {integrity: sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==}
dev: true dev: true
/basic-auth/2.0.1:
resolution: {integrity: sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg==}
engines: {node: '>= 0.8'}
dependencies:
safe-buffer: 5.1.2
dev: true
/binary-extensions/2.2.0: /binary-extensions/2.2.0:
resolution: {integrity: sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==} resolution: {integrity: sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==}
engines: {node: '>=8'} engines: {node: '>=8'}
@ -5182,6 +5200,10 @@ packages:
hasBin: true hasBin: true
dev: true dev: true
/cssfilter/0.0.10:
resolution: {integrity: sha512-FAaLDaplstoRsDR8XGYH51znUN0UY7nMc6Z9/fvE8EXGwvJE9hu7W2vHwx1+bd6gCYnln9nLbzxFTrcO9YQDZw==}
dev: true
/cssnano-preset-default/5.2.13_postcss@8.4.19: /cssnano-preset-default/5.2.13_postcss@8.4.19:
resolution: {integrity: sha512-PX7sQ4Pb+UtOWuz8A1d+Rbi+WimBIxJTRyBdgGp1J75VU0r/HFQeLnMYgHiCAp6AR4rqrc7Y4R+1Rjk3KJz6DQ==} resolution: {integrity: sha512-PX7sQ4Pb+UtOWuz8A1d+Rbi+WimBIxJTRyBdgGp1J75VU0r/HFQeLnMYgHiCAp6AR4rqrc7Y4R+1Rjk3KJz6DQ==}
engines: {node: ^10 || ^12 || >=14.0} engines: {node: ^10 || ^12 || >=14.0}
@ -7809,6 +7831,10 @@ packages:
engines: {node: '>=0.10.0'} engines: {node: '>=0.10.0'}
dev: true dev: true
/just-performance/4.3.0:
resolution: {integrity: sha512-L7RjvtJsL0QO8xFs5wEoDDzzJwoiowRw6Rn/GnvldlchS2JQr9wFYPiwZcDfrbbujEKqKN0tvENdbjXdYhDp5Q==}
dev: true
/kleur/3.0.3: /kleur/3.0.3:
resolution: {integrity: sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w==} resolution: {integrity: sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w==}
engines: {node: '>=6'} engines: {node: '>=6'}
@ -7864,6 +7890,12 @@ packages:
engines: {node: '>=10'} engines: {node: '>=10'}
dev: true dev: true
/limiter/2.1.0:
resolution: {integrity: sha512-361TYz6iay6n+9KvUUImqdLuFigK+K79qrUtBsXhJTLdH4rIt/r1y8r1iozwh8KbZNpujbFTSh74mJ7bwbAMOw==}
dependencies:
just-performance: 4.3.0
dev: true
/lines-and-columns/1.2.4: /lines-and-columns/1.2.4:
resolution: {integrity: sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==} resolution: {integrity: sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==}
dev: true dev: true
@ -8284,6 +8316,10 @@ packages:
resolution: {integrity: sha512-/sKlQJCBYVY9Ers9hqzKou4H6V5UWc/M59TH2dvkt+84itfnq7uFOMLpOiOS4ujvHP4etln18fmIxA5R5fll0g==} resolution: {integrity: sha512-/sKlQJCBYVY9Ers9hqzKou4H6V5UWc/M59TH2dvkt+84itfnq7uFOMLpOiOS4ujvHP4etln18fmIxA5R5fll0g==}
dev: true dev: true
/memory-cache/0.2.0:
resolution: {integrity: sha512-OcjA+jzjOYzKmKS6IQVALHLVz+rNTMPoJvCztFaZxwG14wtAW7VRZjwTQu06vKCYOxh4jVnik7ya0SXTB0W+xA==}
dev: true
/memory-fs/0.5.0: /memory-fs/0.5.0:
resolution: {integrity: sha512-jA0rdU5KoQMC0e6ppoNRtpp6vjFq6+NY7r8hywnC7V+1Xj/MtHwGIbB1QaK/dunyjWteJzmkpd7ooeWg10T7GA==} resolution: {integrity: sha512-jA0rdU5KoQMC0e6ppoNRtpp6vjFq6+NY7r8hywnC7V+1Xj/MtHwGIbB1QaK/dunyjWteJzmkpd7ooeWg10T7GA==}
engines: {node: '>=4.3.0 <5.0.0 || >=5.10'} engines: {node: '>=4.3.0 <5.0.0 || >=5.10'}
@ -8998,6 +9034,23 @@ packages:
- vue - vue
dev: true dev: true
/nuxt-security/0.10.0:
resolution: {integrity: sha512-+wAnVnDcuOxzMsCd8fCmMCFULUmdzWICNEiggq/+F8fDmc5bs1v5JjbIttGIeV6FLL2Kpz3HfKuYfzCRBgRdQA==}
dependencies:
'@nozomuikuta/h3-cors': 0.1.8_defu@6.1.1
'@nuxt/kit': 3.0.0
basic-auth: 2.0.1
defu: 6.1.1
limiter: 2.1.0
memory-cache: 0.2.0
pathe: 1.0.0
xss: 1.0.14
transitivePeerDependencies:
- h3
- rollup
- supports-color
dev: true
/nuxt/3.0.0: /nuxt/3.0.0:
resolution: {integrity: sha512-RNlD78uv04ZiXWmlx9f1tnJfrqsYAWHU+4gbgOTQpIBmQzHWPWiox+fm/1m93iKfEd5sJi9TJUoXX5yBObVZYw==} resolution: {integrity: sha512-RNlD78uv04ZiXWmlx9f1tnJfrqsYAWHU+4gbgOTQpIBmQzHWPWiox+fm/1m93iKfEd5sJi9TJUoXX5yBObVZYw==}
engines: {node: ^14.16.0 || ^16.10.0 || ^17.0.0 || ^18.0.0 || ^19.0.0} engines: {node: ^14.16.0 || ^16.10.0 || ^17.0.0 || ^18.0.0 || ^19.0.0}
@ -12802,6 +12855,15 @@ packages:
engines: {node: '>=0.4.0'} engines: {node: '>=0.4.0'}
dev: true dev: true
/xss/1.0.14:
resolution: {integrity: sha512-og7TEJhXvn1a7kzZGQ7ETjdQVS2UfZyTlsEdDOqvQF7GoxNfY+0YLCzBy1kPdsDDx4QuNAonQPddpsn6Xl/7sw==}
engines: {node: '>= 0.10.0'}
hasBin: true
dependencies:
commander: 2.20.3
cssfilter: 0.0.10
dev: true
/xxhashjs/0.2.2: /xxhashjs/0.2.2:
resolution: {integrity: sha512-AkTuIuVTET12tpsVIQo+ZU6f/qDmKuRUcjaqR+OIvm+aCBsZ95i7UVY5WJ9TMsSaZ0DA2WxoZ4acu0sPH+OKAw==} resolution: {integrity: sha512-AkTuIuVTET12tpsVIQo+ZU6f/qDmKuRUcjaqR+OIvm+aCBsZ95i7UVY5WJ9TMsSaZ0DA2WxoZ4acu0sPH+OKAw==}
dependencies: dependencies: