Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

implement headers with routeRules #27

Closed
danielroe opened this issue Oct 20, 2022 · 7 comments · Fixed by #33
Closed

implement headers with routeRules #27

danielroe opened this issue Oct 20, 2022 · 7 comments · Fixed by #33
Labels
enhancement New feature or request

Comments

@danielroe
Copy link
Contributor

It feels like you could implement setting various headers with routeRules - e.g. a default value imposed via:

export default defineNuxtConfig({
  routeRules: {
    '/**': {
      // default headers
    }
  }
})

That way they could also be overridden with other route rules.

Moreover, it would be good to configure cors in the same way, and for the same reason. As a heads-up, likely future cors enhancements are anticipated directly within nitro.
@danielroe danielroe added the enhancement New feature or request label Oct 20, 2022
@danielroe danielroe mentioned this issue Oct 20, 2022
Merged
@pi0 pi0 mentioned this issue Oct 21, 2022
Closed
@Baroshem
Copy link
Collaborator

I will implement the route roules the way you recommended but for cors I will leave it for now as it was quite a recent feature :)

Later on I will reconfigure the cors to work similar way

@Baroshem Baroshem mentioned this issue Oct 21, 2022
Merged
6 tasks
@maxdzin
Copy link

maxdzin commented May 2, 2023

Hi @Baroshem!

I wondering about the possibility to apply the headers rules per route (for example, contentSecurityPolicy).
For current nuxt-security v0.13.0 it seems not possible. But maybe you can advise on how to do that?

@Baroshem
Copy link
Collaborator

Baroshem commented May 5, 2023

Hey @maxdzin

It is possible.

Take a look at this example file https://github.com/Baroshem/nuxt-security/blob/main/playground/nuxt.config.ts

export default defineNuxtConfig({
  modules: ['nuxt-security'],

  // Per route configuration
  routeRules: {
    'secret': {
      headers: {
        'X-XSS-Protection': '1' // Here you need to pass 'Content-Security-Policy': 'your values here'
      },
    },
  },
})

@maxdzin
Copy link

maxdzin commented May 5, 2023
edited
Loading

Hi @Baroshem!

OK, thank you! So it seems the headers are supported (I didn't yet check that under the hood).

Then at least its declaration needs to be updated, because there's a TS error:

Object literal may only specify known properties, and 'headers' does not exist in type

The route rules don't include headers:

interface NuxtSecurityRouteRules {
    requestSizeLimiter?: RequestSizeLimiter | false;
    rateLimiter?: RateLimiter | false;
    xssValidator?: XssValidator | false;
    corsHandler?: CorsOptions | false;
    allowedMethodsRestricter: AllowedHTTPMethods | false;
}

So cannot go further since typecheck error.

@Baroshem
Copy link
Collaborator

Baroshem commented May 5, 2023

@maxdzin

Ah I see. You are correct. Could you please create a new issue with this type bug?

If you have some time and would like to contribute, the PR will be more than welcome :)

@maxdzin
Copy link

maxdzin commented May 5, 2023

@Baroshem Ok, sure. I'll create a PR then.

@maxdzin
Copy link

maxdzin commented May 19, 2023

@Baroshem here's the issue + question there:
#151

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Chore/0.4.0 nuxt-modules/security
3 participants
@maxdzin @danielroe @Baroshem