Skip to content

Commit

Permalink
fix(docs): broken links
Browse files Browse the repository at this point in the history
  • Loading branch information
aryan02420 committed Nov 29, 2024
1 parent 9d37604 commit 151bede
Show file tree
Hide file tree
Showing 7 changed files with 21 additions and 21 deletions.
2 changes: 1 addition & 1 deletion docs/content/1.getting-started/1.installation.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,4 +22,4 @@ security: {
}
```

You can find more about configuring `nuxt-security` [here](/documentation/getting-started/configuration).
You can find more about configuring `nuxt-security` [here](/getting-started/configuration).
2 changes: 1 addition & 1 deletion docs/content/1.getting-started/2.configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ security: {
```

::callout{icon="i-heroicons-exclamation-triangle" color="amber"}
To modify these default settings and further increase the security of your application, read about our `strict` mode and our user-friendly approach on how to [Improve Security](/documentation/advanced/improve-security)
To modify these default settings and further increase the security of your application, read about our `strict` mode and our user-friendly approach on how to [Improve Security](/advanced/improve-security)
::

## Overriding a layer's configuration
Expand Down
4 changes: 2 additions & 2 deletions docs/content/1.getting-started/3.usage.md
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ Nuxt-Security applies your rules in the following prority order:
1. Default rules

Nuxt-Security default values.
See [here](/documentation/getting-started/configuration#default)
See [here](/getting-started/configuration#default)


2. Inline module options
Expand Down Expand Up @@ -293,7 +293,7 @@ In the example above,
- All existing security options for `/some/route` will be maintained, and only the `script-src` CSP directive will be modified.
- The existing content of the `script-src` directive will be erased and replaced by your values

Read more about [`defuReplaceArray`](/documentation/advanced/auto-imports/#defuReplaceArray)
Read more about [`defuReplaceArray`](/advanced/auto-imports/#defuReplaceArray)

::callout{icon="i-heroicons-light-bulb"}
`defuReplaceArray` is auto-imported by Nuxt Security. You can use this utility anywhere in your /server folder.
Expand Down
6 changes: 3 additions & 3 deletions docs/content/2.headers/1.csp.md
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ type CSPSandboxValue =

Nuxt Security helps you increase the security of your site by enabling **Strict CSP** support for both SSR and SSG applications.

For further reading about Strict CSP and how to handle specific cases, please consult our [Adanced Section about Strict CSP](/documentation/advanced/strict-csp)
For further reading about Strict CSP and how to handle specific cases, please consult our [Adanced Section about Strict CSP](/advanced/strict-csp)

- For SSR applications, Nuxt Security implements strict CSP via nonces. A one-time cryptographically-generated random nonce is generated at runtime by the server for each request of a page.
- For SSG applications, Nuxt Security implements strict CSP via hashes. At static build-time, Nuxt Security computes the SHA hashes of the elements that are allowed to execute on your site.
Expand Down Expand Up @@ -287,7 +287,7 @@ Our default recommendation is to avoid setting the `ssg: hashStyles` option to `
<br>
⚠ This is because Nuxt's mechanism for Client-Side hydration of styles could be blocked by CSP in that case.
<br>
For further discussion and alternatives, please refer to our [Advanced Section on CSP](/documentation/advanced/strict-csp).
For further discussion and alternatives, please refer to our [Advanced Section on CSP](/advanced/strict-csp).
::

::callout{icon="i-heroicons-light-bulb"}
Expand Down Expand Up @@ -356,7 +356,7 @@ You can include any external script (Google Analytics, Stripe, Cloudflare Turnst
::callout{icon="i-heroicons-light-bulb"}
You will need to have default values for the `'strict-dynamic'`, `nonce` and `ssg` options.
<br>
If you change these default values, please refer to our [Advanced Section on CSP](/documentation/advanced/strict-csp) for alternatives.
If you change these default values, please refer to our [Advanced Section on CSP](/advanced/strict-csp) for alternatives.
::

- Since Nuxt 3.11, the easiest and universal way to include external scripts is via `useScript`
Expand Down
2 changes: 1 addition & 1 deletion docs/content/4.utils/3.subresource-integrity.md
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ SRI is supported by all modern browsers: [caniuse](https://caniuse.com/subresour

**2. SRI is a critical component of Content Security Policy (CSP) in SSG mode.**

For more information on the relationship between Subresource Integrity and a Strict CSP, please read our [Advanced Section on Integrity Hashes for CSP](/documentation/advanced/strict-csp/#ssg-mode)
For more information on the relationship between Subresource Integrity and a Strict CSP, please read our [Advanced Section on Integrity Hashes for CSP](/advanced/strict-csp/#ssg-mode)

If you use CSP on a statically-generated application, you will need to enable SRI by setting `sri: true`.

Expand Down
6 changes: 3 additions & 3 deletions docs/content/5.advanced/3.strict-csp.md
Original file line number Diff line number Diff line change
Expand Up @@ -684,7 +684,7 @@ Nuxt Security allows you to generate your own headers rules with the `nuxt-secur
If you do not deploy with a Nitro preset, or if you have specific requirements that are not met by the `ssg: exportToPresets` default, you can use this hook to generate your headers configuration file yourself.
See our documentation on the [prerenderedPages hook](/documentation/advanced/hooks/#prerendered-headers-hook)
See our documentation on the [prerenderedPages hook](/advanced/hooks/#prerendered-headers-hook)
::callout{icon="i-heroicons-light-bulb"}
This will allow you to deliver CSP via HTTP headers, in addition to the standard `<meta http-equiv>` approach.
Expand Down Expand Up @@ -717,7 +717,7 @@ These considerations are equally true for SSR (where the server needs to be hit
::callout{icon="i-heroicons-exclamation-triangle" color="amber"}
If you implement per-route CSP, you will need to enforce an external reload upon navigation for the new CSP to enter into action.
<br>
Please see our FAQ section on [Updating Headers on a specific route](/documentation/advanced/faq/#updating-headers-on-a-specific-route)
Please see our FAQ section on [Updating Headers on a specific route](/advanced/faq/#updating-headers-on-a-specific-route)
::
::callout{icon="i-heroicons-light-bulb"}
Expand All @@ -731,4 +731,4 @@ In order to obtain a Strict CSP on Nuxt apps, we need to use `strict-dynamic`. T
On the other hand, it obliges application developers to adopt a standardized mindset when thinking about CSP. Less configuration options means less potential loopholes that malicious actors can seek to exploit.
With this in mind, we recommend that you implement your Strict CSP policy by starting from our [default configuration values](/documentation/getting-started/configuration#default), and modifying only the required values.
With this in mind, we recommend that you implement your Strict CSP policy by starting from our [default configuration values](/getting-started/configuration#default), and modifying only the required values.
20 changes: 10 additions & 10 deletions docs/content/5.advanced/7.improve-security.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,23 +39,23 @@ The most common issues usually fall into one these categories:

In most cases, this is because you have included an external script in an 'unconventional' way, which is unrecognized by the Content Security Policy settings for the `script-src` directive.

Our recommendation is to always include external scripts via `useScript` and we provide a detailed section on [Including External Scripts](/documentation/headers/csp#including-external-scripts).
Our recommendation is to always include external scripts via `useScript` and we provide a detailed section on [Including External Scripts](/headers/csp#including-external-scripts).

This scenario can also happen if your hosting provider messes with your code. See below.

**2. An image or video is blocked**

By default, Nuxt Security requires you to whitelist your external media sources. For security reasons, the Content Security Policy settings of the `img-src` directive only allows you to include self-hosted files.

If you need to include external media from third-party sites, please refer to our documentation on [Whitelisting External Resources](/documentation/advanced/faq#allowing-images-and-scripts-from-external-domains).
If you need to include external media from third-party sites, please refer to our documentation on [Whitelisting External Resources](/advanced/faq#allowing-images-and-scripts-from-external-domains).

This scenario can also happen if your hosting provider messes with your code. See below.

**3. A frame is blocked**

In the vast majority of cases, this is due to Cross Origin Isolation restrictions on third-party frames. For maximum compatibility, Nuxt Security applies the `credentialless` policy to the COEP header. However, some third-party resources are incompatible with COEP/COOP requirements, which is beyond your control.

In that case, please follow our instructions on [Cross-Origin Isolation Issues](/documentation/headers/crossoriginembedderpolicy#cross-origin-isolation-issues).
In that case, please follow our instructions on [Cross-Origin Isolation Issues](/headers/crossoriginembedderpolicy#cross-origin-isolation-issues).

This scenario can also happen if your hosting provider messes with your code. See below.

Expand All @@ -64,23 +64,23 @@ The most common issues usually fall into one these categories:
Some hosting providers will modify your code upon deployment. Usually this is intended to minify your files, or to inject trackers that provide additional services. By default, Nuxt Security will detect that your code has been modified and our Content Security Policy will block the application from running.

Please make sure that you disable all Post-Build Modification services that may be applied by your hosting platform. You can refer to our resources here:
- [Disabling Post-Build Processing](/documentation/utils/subresource-integrity#cdn-post-build-processing)
- [An example for Cloudflare](/documentation/advanced/faq#cloudflare).
- [Disabling Post-Build Processing](/utils/subresource-integrity#cdn-post-build-processing)
- [An example for Cloudflare](/advanced/faq#cloudflare).

**5. Camera, microphone, etc. access is denied**

By default, Nuxt Security sets Permissions Policies that protect your users against unintended image, sound, location or screen captures.

If your application requires using one of these features, please modify your [Permission Policies](/documentation/headers/permissions-policy).
If your application requires using one of these features, please modify your [Permission Policies](/headers/permissions-policy).

**6. SSL, TLS, and other HTTPS denials**

You will face this issue if you are trying to connect to non-HTTPS resources. This happen because Nuxt Security makes sure that only secure, encrypted connections are allowed, via both its `upgrade-insecure-requests` Content Security Policy, and its `strictTransportSecurity` settings.

In general, you should not connect to non-HTTPS resources. If you need to disable SSL upgrading in development mode, we provide instructions on several standard use cases:
- [Running with --host flag](/documentation/advanced/faq#running-app-with-host-flag)
- [Hot Reload during development](/documentation/headers/csp#hot-reload-during-development)
- [Nuxt Devtools](/documentation/getting-started/setup#using-with-nuxt-devtools)
- [Running with --host flag](/advanced/faq#running-app-with-host-flag)
- [Hot Reload during development](/headers/csp#hot-reload-during-development)
- [Nuxt Devtools](/getting-started/setup#using-with-nuxt-devtools)



Expand Down Expand Up @@ -224,7 +224,7 @@ These settings enforce two additional security measures in relation to iframes:
1. You will only be able to embed external frames that are individually whitelisted in the `frame-src` directive
2. Any such frame will be cross-origin isolated, due to the application of the `require-corp` COEP value

Cross-origin isolation requires the embedded frame to be delivered with matching COEP/COOP headers. Your browser's Developer Tools will tell you if it's not the case. Please refer to [Cross-Origin Isolation Issues](/documentation/headers/crossoriginembedderpolicy#cross-origin-isolation-issues) for remediation solutions.
Cross-origin isolation requires the embedded frame to be delivered with matching COEP/COOP headers. Your browser's Developer Tools will tell you if it's not the case. Please refer to [Cross-Origin Isolation Issues](/headers/crossoriginembedderpolicy#cross-origin-isolation-issues) for remediation solutions.

### Enforcing a Stricter HSTS Policy

Expand Down

0 comments on commit 151bede

Please sign in to comment.