Skip to content

Commit

Permalink
Merge pull request #262 from Baroshem/chore/1.0.0-rc.3
Browse files Browse the repository at this point in the history 
Chore/1.0.0 rc.3
  • Loading branch information
@Baroshem
Baroshem committed Nov 1, 2023
2 parents faef0d2 + b2c0b2a commit 7ef4988
Show file tree
Hide file tree
Showing 47 changed files with 2,842 additions and 2,410 deletions.
5 changes: 1 addition & 4 deletions .eslintrc
View file
@@ -1,6 +1,3 @@
{
"extends": ["@nuxtjs/eslint-config-typescript"],
"rules": {
"@typescript-eslint/no-unused-vars": ["off"]
}
"extends": ["@nuxt/eslint-config"]
}
3 changes: 3 additions & 0 deletions .gitignore
View file
Expand Up @@ -49,3 +49,6 @@ coverage
Network Trash Folder
Temporary Items
.apdisk

# Yarn is the package manager, do not commit npm lock file
package-lock.json
2 changes: 2 additions & 0 deletions .npmrc
View file
@@ -0,0 +1,2 @@
shamefully-hoist=true
strict-peer-dependencies=false
3 changes: 2 additions & 1 deletion .nuxtrc
View file
@@ -1 +1,2 @@
imports.autoImport=true
imports.autoImport=false
typescript.includeWorkspace=true
1 change: 1 addition & 0 deletions .stackblitz/.gitignore
View file
Expand Up @@ -6,3 +6,4 @@ node_modules
.output
.env
dist
.vercel
2 changes: 1 addition & 1 deletion .stackblitz/package.json
View file
Expand Up @@ -11,6 +11,6 @@
"nuxt": "3.7.3"
},
"dependencies": {
"nuxt-security": "^1.0.0-rc.2"
"nuxt-security": "^1.0.0-rc.3"
}
}
129 changes: 119 additions & 10 deletions .stackblitz/yarn.lock
View file
Expand Up @@ -638,7 +638,7 @@
unimport "^3.3.0"
untyped "^1.4.0"

"@nuxt/kit@^3.7.1", "@nuxt/kit@^3.7.3", "@nuxt/kit@^3.7.4":
"@nuxt/kit@^3.7.1", "@nuxt/kit@^3.7.4":
version "3.7.4"
resolved "https://registry.yarnpkg.com/@nuxt/kit/-/kit-3.7.4.tgz#31c0bd57397cc56a1098af5d6504353cc2e855a2"
integrity sha512-/S5abZL62BITCvC/TY3KWA6N721U1Osln3cQdBb56XHIeafZCBVqTi92Xb0o7ovl72mMRhrKwRu7elzvz9oT/g==
Expand All @@ -662,6 +662,30 @@
unimport "^3.3.0"
untyped "^1.4.0"

"@nuxt/kit@^3.8.0":
version "3.8.0"
resolved "https://registry.yarnpkg.com/@nuxt/kit/-/kit-3.8.0.tgz#cd8a32981c2fe151e0acde7145f7e4ca38920f24"
integrity sha512-oIthQxeMIVs4ESVP5FqLYn8tj0S1sLd+eYreh+dNYgnJ2pTi7+THR12ONBNHjk668jqEe7ErUJ8UlGwqBzgezg==
dependencies:
"@nuxt/schema" "3.8.0"
c12 "^1.5.1"
consola "^3.2.3"
defu "^6.1.2"
globby "^13.2.2"
hash-sum "^2.0.0"
ignore "^5.2.4"
jiti "^1.20.0"
knitwork "^1.0.0"
mlly "^1.4.2"
pathe "^1.1.1"
pkg-types "^1.0.3"
scule "^1.0.0"
semver "^7.5.4"
ufo "^1.3.1"
unctx "^2.3.1"
unimport "^3.4.0"
untyped "^1.4.0"

"@nuxt/schema@3.7.3":
version "3.7.3"
resolved "https://registry.yarnpkg.com/@nuxt/schema/-/schema-3.7.3.tgz#84b2ee481200f764ac76201ba92de0a2fa04f3f1"
Expand Down Expand Up @@ -695,6 +719,23 @@
unimport "^3.3.0"
untyped "^1.4.0"

"@nuxt/schema@3.8.0":
version "3.8.0"
resolved "https://registry.yarnpkg.com/@nuxt/schema/-/schema-3.8.0.tgz#0d6f279f4e30b217c3423215753d8fd23878b49d"
integrity sha512-VEDVeCjdVowhoY5vIBSz94+SSwmM204jN6TNe/ShBJ2d/vZiy9EtLbhOwqaPNFHwnN1fl/XFHThwJiexdB9D1w==
dependencies:
"@nuxt/ui-templates" "^1.3.1"
consola "^3.2.3"
defu "^6.1.2"
hookable "^5.5.3"
pathe "^1.1.1"
pkg-types "^1.0.3"
postcss-import-resolver "^2.0.0"
std-env "^3.4.3"
ufo "^1.3.1"
unimport "^3.4.0"
untyped "^1.4.0"

"@nuxt/telemetry@^2.4.1":
version "2.5.2"
resolved "https://registry.yarnpkg.com/@nuxt/telemetry/-/telemetry-2.5.2.tgz#d894dae887e1cade4f8d53289dd0b00c930fb9d8"
Expand Down Expand Up @@ -1420,6 +1461,23 @@ c12@^1.4.2:
pkg-types "^1.0.3"
rc9 "^2.1.1"

c12@^1.5.1:
version "1.5.1"
resolved "https://registry.yarnpkg.com/c12/-/c12-1.5.1.tgz#41554f3cf6bc63b124e81e2b193f619aa60d4d84"
integrity sha512-BWZRJgDEveT8uI+cliCwvYSSSSvb4xKoiiu5S0jaDbKBopQLQF7E+bq9xKk1pTcG+mUa3yXuFO7bD9d8Lr9Xxg==
dependencies:
chokidar "^3.5.3"
defu "^6.1.2"
dotenv "^16.3.1"
giget "^1.1.3"
jiti "^1.20.0"
mlly "^1.4.2"
ohash "^1.1.3"
pathe "^1.1.1"
perfect-debounce "^1.0.0"
pkg-types "^1.0.3"
rc9 "^2.1.1"

cac@^6.7.14:
version "6.7.14"
resolved "https://registry.yarnpkg.com/cac/-/cac-6.7.14.tgz#804e1e6f506ee363cb0e3ccbb09cad5dd9870959"
Expand Down Expand Up @@ -1467,6 +1525,31 @@ chalk@^5.3.0:
resolved "https://registry.yarnpkg.com/chalk/-/chalk-5.3.0.tgz#67c20a7ebef70e7f3970a01f90fa210cb6860385"
integrity sha512-dLitG79d+GV1Nb/VYcCDFivJeK1hiukt9QjRNVOsUtTy1rR1YJsmpGGTZ3qJos+uw7WmWF4wUwBd9jxjocFC2w==

cheerio-select@^2.1.0:
version "2.1.0"
resolved "https://registry.yarnpkg.com/cheerio-select/-/cheerio-select-2.1.0.tgz#4d8673286b8126ca2a8e42740d5e3c4884ae21b4"
integrity sha512-9v9kG0LvzrlcungtnJtpGNxY+fzECQKhK4EGJX2vByejiMX84MFNQw4UxPJl3bFbTMw+Dfs37XaIkCwTZfLh4g==
dependencies:
boolbase "^1.0.0"
css-select "^5.1.0"
css-what "^6.1.0"
domelementtype "^2.3.0"
domhandler "^5.0.3"
domutils "^3.0.1"

cheerio@^1.0.0-rc.12:
version "1.0.0-rc.12"
resolved "https://registry.yarnpkg.com/cheerio/-/cheerio-1.0.0-rc.12.tgz#788bf7466506b1c6bf5fae51d24a2c4d62e47683"
integrity sha512-VqR8m68vM46BNnuZ5NtnGBKIE/DfN0cRIzg9n40EIq9NOv90ayxLBXA8fXC5gquFRGJSTRqBq25Jt2ECLR431Q==
dependencies:
cheerio-select "^2.1.0"
dom-serializer "^2.0.0"
domhandler "^5.0.3"
domutils "^3.0.1"
htmlparser2 "^8.0.1"
parse5 "^7.0.0"
parse5-htmlparser2-tree-adapter "^7.0.0"

chokidar@^3.5.1, chokidar@^3.5.3:
version "3.5.3"
resolved "https://registry.yarnpkg.com/chokidar/-/chokidar-3.5.3.tgz#1cf37c8707b932bd1af1ae22c0432e2acd1903bd"
Expand Down Expand Up @@ -1925,7 +2008,7 @@ enhanced-resolve@^5.14.1:
graceful-fs "^4.2.4"
tapable "^2.2.0"

entities@^4.2.0:
entities@^4.2.0, entities@^4.4.0:
version "4.5.0"
resolved "https://registry.yarnpkg.com/entities/-/entities-4.5.0.tgz#5d268ea5e7113ec74c4d033b79ea5a35a488fb48"
integrity sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==
Expand Down Expand Up @@ -2186,7 +2269,7 @@ get-stream@^8.0.1:
resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-8.0.1.tgz#def9dfd71742cd7754a7761ed43749a27d02eca2"
integrity sha512-VaUJspBffn/LMCJVoMvSAdmscJyS1auj5Zulnn5UoYcY531UWmdwhRWkcGKnGU93m5HSXP9LP2usOryrBtQowA==

giget@^1.1.2:
giget@^1.1.2, giget@^1.1.3:
version "1.1.3"
resolved "https://registry.yarnpkg.com/giget/-/giget-1.1.3.tgz#574ed901031eafa732347a7990d84bfa6484c51a"
integrity sha512-zHuCeqtfgqgDwvXlR84UNgnJDuUHQcNI5OqWqFxxuk2BshuKbYhJWdxBsEo4PvKqoGh23lUAIvBNpChMLv7/9Q==
Expand Down Expand Up @@ -2326,6 +2409,16 @@ html-tags@^3.3.1:
resolved "https://registry.yarnpkg.com/html-tags/-/html-tags-3.3.1.tgz#a04026a18c882e4bba8a01a3d39cfe465d40b5ce"
integrity sha512-ztqyC3kLto0e9WbNp0aeP+M3kTt+nbaIveGmUxAtZa+8iFgKLUOD4YKM5j+f3QD89bra7UeumolZHKuOXnTmeQ==

htmlparser2@^8.0.1:
version "8.0.2"
resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-8.0.2.tgz#f002151705b383e62433b5cf466f5b716edaec21"
integrity sha512-GYdjWKDkbRLkZ5geuHs5NY1puJ+PXwP7+fHPRz06Eirsb9ugf6d8kkXav6ADhcODhFFPMIXyxkxSuMf3D6NCFA==
dependencies:
domelementtype "^2.3.0"
domhandler "^5.0.3"
domutils "^3.0.1"
entities "^4.4.0"

http-errors@2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-2.0.0.tgz#b7774a1486ef73cf7667ac9ae0858c012c57b9d3"
Expand Down Expand Up @@ -3020,13 +3113,14 @@ nuxt-csurf@^1.3.1:
defu "^6.1.1"
uncsrf "^1.1.1"

nuxt-security@^1.0.0-rc.2:
version "1.0.0-rc.2"
resolved "https://registry.yarnpkg.com/nuxt-security/-/nuxt-security-1.0.0-rc.2.tgz#66d07d851730f1da3a136355256a01f8169f563f"
integrity sha512-gLAz85Auebne+cCm3bmGpqE/NpGkG889iVndJWlelnYQcW4dFXZAbCMVH0jznQJKF4qdvEUPkgp4pWSVc2TQyA==
nuxt-security@^1.0.0-rc.3:
version "1.0.0-rc.3"
resolved "https://registry.yarnpkg.com/nuxt-security/-/nuxt-security-1.0.0-rc.3.tgz#7af5229e608acf67e1793963bd9164e43727e452"
integrity sha512-3up3u5H7GY3PE+s7B4+Kkj44r3WoOAKbPhpu7wRZn0oRN/bRmhcsK0QAzKGhxOpB3dgR9Zb5XtwKa2uzhLLp5Q==
dependencies:
"@nuxt/kit" "^3.7.3"
"@nuxt/kit" "^3.8.0"
basic-auth "^2.0.1"
cheerio "^1.0.0-rc.12"
defu "^6.1.1"
nuxt-csurf "^1.3.1"
pathe "^1.0.0"
Expand Down Expand Up @@ -3193,6 +3287,21 @@ parse-url@^8.1.0:
dependencies:
parse-path "^7.0.0"

parse5-htmlparser2-tree-adapter@^7.0.0:
version "7.0.0"
resolved "https://registry.yarnpkg.com/parse5-htmlparser2-tree-adapter/-/parse5-htmlparser2-tree-adapter-7.0.0.tgz#23c2cc233bcf09bb7beba8b8a69d46b08c62c2f1"
integrity sha512-B77tOZrqqfUfnVcOrUvfdLbz4pu4RopLD/4vmu3HUPswwTA8OH0EMW9BlWR2B0RCoiZRAHEUu7IxeP1Pd1UU+g==
dependencies:
domhandler "^5.0.2"
parse5 "^7.0.0"

parse5@^7.0.0:
version "7.1.2"
resolved "https://registry.yarnpkg.com/parse5/-/parse5-7.1.2.tgz#0736bebbfd77793823240a23b7fc5e010b7f8e32"
integrity sha512-Czj1WaSVpaoj0wbhMzLmWD69anp2WH7FXMB9n1Sy8/ZFF9jolSQVMu1Ij5WIyGmcBmhk7EOndpO4mIpihVqAXw==
dependencies:
entities "^4.4.0"

parseurl@~1.3.3:
version "1.3.3"
resolved "https://registry.yarnpkg.com/parseurl/-/parseurl-1.3.3.tgz#9da19e7bee8d12dff0513ed5b76957793bc2e8d4"
Expand Down Expand Up @@ -4017,7 +4126,7 @@ type-fest@^3.8.0:
resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-3.13.1.tgz#bb744c1f0678bea7543a2d1ec24e83e68e8c8706"
integrity sha512-tLq3bSNx+xSpwvAJnzrK0Ep5CLNWjvFTOp71URMaAEWBfRb9nnJiBoUe0tF8bI4ZFO3omgBR6NvnbzVUT3Ly4g==

ufo@^1.1.2, ufo@^1.2.0, ufo@^1.3.0:
ufo@^1.1.2, ufo@^1.2.0, ufo@^1.3.0, ufo@^1.3.1:
version "1.3.1"
resolved "https://registry.yarnpkg.com/ufo/-/ufo-1.3.1.tgz#e085842f4627c41d4c1b60ebea1f75cdab4ce86b"
integrity sha512-uY/99gMLIOlJPwATcMVYfqDSxUR9//AUcgZMzwfSTJPDKzA1S8mX4VLqa+fiAtveraQUBCz4FFcwVZBGbwBXIw==
Expand Down Expand Up @@ -4080,7 +4189,7 @@ unhead@1.7.4:
"@unhead/shared" "1.7.4"
hookable "^5.5.3"

unimport@^3.3.0:
unimport@^3.3.0, unimport@^3.4.0:
version "3.4.0"
resolved "https://registry.yarnpkg.com/unimport/-/unimport-3.4.0.tgz#e8302c2eabdfc6e23b65e02c3dfe592e427e8340"
integrity sha512-M/lfFEgufIT156QAr/jWHLUn55kEmxBBiQsMxvRSIbquwmeJEyQYgshHDEvQDWlSJrVOOTAgnJ3FvlsrpGkanA==
Expand Down
1 change: 1 addition & 0 deletions docs/.nuxtrc
View file
@@ -0,0 +1 @@
imports.autoImport=true
2 changes: 1 addition & 1 deletion docs/content/1.documentation/1.getting-started/2.configuration.md
View file
Expand Up @@ -24,7 +24,7 @@ interface ModuleOptions {
basicAuth: BasicAuth | false;
enabled: boolean;
csrf: CsrfOptions | false;
nonce: NonceOptions | false;
nonce: boolean;
removeLoggers?: RemoveOptions | false;
ssg?: Ssg;
}
Expand Down
9 changes: 4 additions & 5 deletions docs/content/1.documentation/2.headers/1.csp.md
View file
Expand Up @@ -165,7 +165,6 @@ export default defineNuxtConfig({
? [
"'self'", // backwards compatibility for older browsers that don't support strict-dynamic
"'nonce-{{nonce}}'",
"'strict-dynamic'",
]
: // In dev mode, we allow unsafe-inline so that hot reloading keeps working
["'self'", "'unsafe-inline'"],
Expand Down Expand Up @@ -193,11 +192,11 @@ The `nonce` value is generated per request and is added to the CSP header. This
```ts
export default defineNuxtConfig({
routeRules: {
'/api/custom-route': {
nonce: false // do not check nonce for this route (1)
'/custom-route': {
nonce: false // do not generate nonce for this route (1)
},
'/api/other-route': {
nonce: { mode: 'check' } // do not generate a new nonce for this route, but check it against the existing one (2)
'/other-route': {
nonce: true // generate a new nonce for this route (2)
}
}
})
Expand Down
6 changes: 5 additions & 1 deletion docs/content/1.documentation/2.headers/3.crossOriginEmbedderPolicy.md
View file
Expand Up @@ -53,7 +53,7 @@ Cross-Origin-Embedder-Policy: require-corp
The `crossOriginEmbedderPolicy` header can be configured with following values.

```ts
crossOriginEmbedderPolicy: 'unsafe-none' | 'require-corp' | false;
crossOriginEmbedderPolicy: 'unsafe-none' | 'require-corp' | 'credentialless' | false;
```

### `unsafe-none`
Expand All @@ -64,6 +64,10 @@ This is the default value. Allows the document to fetch cross-origin resources w

A document can only load resources from the same origin, or resources explicitly marked as loadable from another origin. If a cross origin resource supports CORS, the crossorigin attribute or the Cross-Origin-Resource-Policy header must be used to load it without being blocked by COEP.

### `credentialless`

no-cors cross-origin requests are sent without credentials. In particular, it means Cookies are omitted from the request, and ignored from the response. The responses are allowed **without** an explicit permission via the Cross-Origin-Resource-Policy header. Navigate responses behave similarly as the require-corp mode: They require Cross-Origin-Resource-Policy response header.

::alert{type="warning"}
⚠️ Read more about `Avoiding blockage with CORS` [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy#avoiding_coep_blockage_with_cors).
::
2 changes: 1 addition & 1 deletion docs/content/1.documentation/3.middleware/1.rate-limiter.md
View file
Expand Up @@ -72,7 +72,7 @@ The amount of requests that reach the application before rate limiting will bloc

- Default: `300000`

The time after which the rate limiting will be reset.
The time value in miliseconds after which the rate limiting will be reset. For example, if you set it to `10000` and `tokensPerInterval: 3` it will allow three requests from one IP address in 10 seconds and the next one in this interval will be banned. After 10 seconds however, user will be able to send requests again.

### `headers`

Expand Down
31 changes: 16 additions & 15 deletions package.json
View file
@@ -1,6 +1,6 @@
{
"name": "nuxt-security",
"version": "1.0.0-rc.2",
"version": "1.0.0-rc.3",
"license": "MIT",
"type": "module",
"homepage": "https://nuxt-security.vercel.app",
Expand Down Expand Up @@ -35,39 +35,40 @@
"dist"
],
"scripts": {
"prepack": "nuxt-module-build",
"dev": "nuxt-module-build --stub && nuxi prepare playground && nuxi dev playground",
"prepack": "nuxt-module-build build",
"dev": "nuxt-module-build build --stub && nuxt-module-build prepare && nuxi prepare playground && nuxi dev playground",
"dev:build": "nuxi build playground",
"dev:start": "nuxi start playground",
"dev:generate": "nuxi generate playground",
"dev:prepare": "nuxt-module-build --stub && nuxi prepare playground",
"dev:prepare": "nuxt-module-build build --stub && nuxt-module-build prepare && nuxi prepare playground",
"dev:preview": "nuxi preview playground",
"dev:docs": "cd docs && yarn dev",
"lint": "eslint --ext .js,.ts,.vue",
"lint": "eslint .",
"test": "vitest run --silent",
"test:watch": "vitest watch",
"stackblitz": "cd .stackblitz && yarn && yarn dev"
},
"packageManager": "yarn@1.22.19",
"dependencies": {
"@nuxt/kit": "^3.7.3",
"@nuxt/kit": "^3.8.0",
"basic-auth": "^2.0.1",
"cheerio": "^1.0.0-rc.12",
"defu": "^6.1.1",
"nuxt-csurf": "^1.3.1",
"pathe": "^1.0.0",
"unplugin-remove": "^0.1.3",
"xss": "^1.0.14"
},
"devDependencies": {
"@nuxt/module-builder": "latest",
"@nuxt/schema": "^3.7.3",
"@nuxt/test-utils": "^3.7.3",
"@nuxtjs/eslint-config-typescript": "latest",
"@types/node": "^18.14.4",
"eslint": "latest",
"nuxt": "^3.7.3",
"typescript": "5.2.2",
"vitest": "^0.28.5"
"@nuxt/eslint-config": "^0.2.0",
"@nuxt/module-builder": "^0.5.2",
"@nuxt/schema": "^3.8.0",
"@nuxt/test-utils": "^3.8.0",
"@types/node": "^18.18.1",
"eslint": "^8.50.0",
"nuxt": "^3.8.0",
"typescript": "^5.2.2",
"vitest": "^0.33.0"
},
"stackblitz": {
"installDependencies": false,
Expand Down
1 change: 1 addition & 0 deletions playground/.nuxtrc
View file
@@ -0,0 +1 @@
imports.autoImport=true
4 changes: 3 additions & 1 deletion playground/pages/secret.vue
View file
@@ -1,3 +1,5 @@
<template>
Secret Route
<div>
Secret Route
</div>
</template>
3 changes: 0 additions & 3 deletions playground/server/api/test.post.ts
View file
@@ -1,6 +1,3 @@
import { defineEventHandler } from 'h3'


export default defineEventHandler((event) => {
console.log('test')
})

1 comment on commit 7ef4988

@vercel
Copy link

@vercel vercel bot commented on 7ef4988 Nov 1, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Successfully deployed to the following URLs:

nuxt-security – ./

nuxt-security-git-main-baroshem.vercel.app
nuxt-security.vercel.app
nuxt-security-baroshem.vercel.app

Please sign in to comment.