From e38aa6b57d300d70ee6c2ad05cb12b419cfa690d Mon Sep 17 00:00:00 2001 From: Thomas Rijpstra Date: Mon, 17 Jul 2023 10:55:24 +0200 Subject: [PATCH] chore: update `nonce` documentation - show usage of new composable - add comment about workaround unhead bug on ssr --- docs/content/2.security/1.headers.md | 30 ++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/docs/content/2.security/1.headers.md b/docs/content/2.security/1.headers.md index 1bbdbc7f..f6ae638e 100644 --- a/docs/content/2.security/1.headers.md +++ b/docs/content/2.security/1.headers.md @@ -3,7 +3,7 @@ title: Headers description: '' --- -A set of **global** Nuxt `routeRules` that will add appriopriate security headers to your response that will make your application more secure by default. All headers can be overriden by using the module configuration. Check out all the available types [here](https://github.com/Baroshem/nuxt-security/blob/main/src/types.ts). +A set of **global** Nuxt `routeRules` that will add appropriate security headers to your response that will make your application more secure by default. All headers can be overriden by using the module configuration. Check out all the available types [here](https://github.com/Baroshem/nuxt-security/blob/main/src/types.ts). It will help you solve [this](https://cheatsheetseries.owasp.org/cheatsheets/Nodejs_Security_Cheat_Sheet.html#use-appropriate-security-headers) security problem. @@ -72,10 +72,19 @@ export default defineNuxtConfig({ nonce: true, headers: { contentSecurityPolicy: { + 'style-src': [ + "'self'", // fallback value for older browsers, automatically removed if `strict-dynamic` is supported. + "'nonce-{{nonce}}'", + ], 'script-src': [ "'self'", // fallback value for older browsers, automatically removed if `strict-dynamic` is supported. "'nonce-{{nonce}}'", "'strict-dynamic'" + ], + 'script-src-attr': [ + "'self'", // fallback value for older browsers, automatically removed if `strict-dynamic` is supported. + "'nonce-{{nonce}}'", + "'strict-dynamic'" ] } } @@ -83,7 +92,7 @@ export default defineNuxtConfig({ }) ``` -This will add a `nonce` attribute to all `