mirror of
https://github.com/versia-pub/frontend.git
synced 2025-12-06 08:28:20 +01:00
refactor: 🔒 Improve security of frontend with nonce, CSP and security headers
This commit is contained in:
Jesse Wierzbinski
parent
8eaccb31c2
commit
74425cd62e
|
|
@ -7,10 +7,29 @@ export default defineNuxtConfig({
|
||||||
"nuxt-headlessui",
|
"nuxt-headlessui",
|
||||||
"@nuxt/fonts",
|
"@nuxt/fonts",
|
||||||
"nuxt-icon",
|
"nuxt-icon",
|
||||||
"@vee-validate/nuxt",
|
|
||||||
//"nuxt-shiki",
|
//"nuxt-shiki",
|
||||||
|
"@vee-validate/nuxt",
|
||||||
|
"nuxt-security",
|
||||||
],
|
],
|
||||||
|
security: {
|
||||||
|
headers: {
|
||||||
|
// Nuxt DevTools
|
||||||
|
crossOriginEmbedderPolicy:
|
||||||
|
process.env.NODE_ENV === "development"
|
||||||
|
? "unsafe-none"
|
||||||
|
: "require-corp",
|
||||||
|
contentSecurityPolicy: {
|
||||||
|
"img-src": ["'self'", "data:", "https:"],
|
||||||
|
"script-src": ["'nonce-{{nonce}}'", "'strict-dynamic'"],
|
||||||
|
},
|
||||||
|
xFrameOptions: "DENY",
|
||||||
|
},
|
||||||
|
rateLimiter: {
|
||||||
|
headers: true,
|
||||||
|
tokensPerInterval: 300,
|
||||||
|
interval: 300000,
|
||||||
|
},
|
||||||
|
},
|
||||||
app: {
|
app: {
|
||||||
head: {
|
head: {
|
||||||
link: [
|
link: [
|
||||||
|
|
|
||||||
|
|
@ -38,6 +38,7 @@
|
||||||
"nuxt": "^3.11.2",
|
"nuxt": "^3.11.2",
|
||||||
"nuxt-headlessui": "^1.2.0",
|
"nuxt-headlessui": "^1.2.0",
|
||||||
"nuxt-icon": "^0.6.10",
|
"nuxt-icon": "^0.6.10",
|
||||||
|
"nuxt-security": "^1.4.3",
|
||||||
"nuxt-shiki": "^0.3.0",
|
"nuxt-shiki": "^0.3.0",
|
||||||
"shiki": "^1.3.0",
|
"shiki": "^1.3.0",
|
||||||
"vue": "^3.4.21",
|
"vue": "^3.4.21",
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue