Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chore/1.0.0 rc.3 #262

Merged
merged 49 commits into from
Nov 1, 2023
Merged

Chore/1.0.0 rc.3 #262

merged 49 commits into from
Nov 1, 2023

Conversation

Baroshem
Copy link
Collaborator

@Baroshem Baroshem commented Oct 25, 2023
edited
Loading

  1. [Feat] Add credentialless value to Cross-Origin-Embedder-Policy header @espensgr
  2. [Fix] Nonce value is injected in all pre-rendered pages if the nonce option is set to true @vejja
  3. [Feat] Export configuration type @Tristan971
  4. [Docs] Clarify rateLimiter interval property by @dargmuesli
  5. [Feat/Breaking] Improve CSP Compliance @vejja
  6. [Refactor] Improve TS config @vejja
  7. [Feat] ensure csp plugins are added last @vejja
  8. [Feat] Extend CSP support of SSG mode @vejja
  9. [Fix] Basic Auth Configuration for Multiple Paths @rathahin
  10. [Feat] use cheerio HTML parser for CSP @vejja

vejja and others added 19 commits October 17, 2023 15:34
@vejja
add test evidencing nonce issue in SSG
9500006
@vejja
fix: apply new test to SSG pre-rendered page in fixture
0fe16bb
@vejja
fix nonce issue
20b0966 
- in SSG mode, modify the 99-cspNonce nitro plugin
- in SSR mode, modify the headers for prerendered routes
@vejja
remove temporary code
f5dce18 
- revert playground config setup to basis
- remove uneccessary tryUseNuxt import in 99-cspNonce
@vejja
feat: upgrade nuxt Typescript config
ca3169a
@vejja
remove unecessary workarounds
2df5a5f 
Now that the TS config is compliant, we can
- remove @ts-ignore overrides
- import from "#imports" instead of importing from dependencies
@vejja
use autoImports in playground and fixtures
a19b3f3
@vejja
use defineNitroPlugin helper in nitro plugins
5e714a7 
- no need to import NitroAppPlugin from 'nitropack'
- rename 'nitro' variable to 'nitroApp' for clarity
@vejja
provide typing on runtimeConfig
adf39e9
@vejja
fix type for unsupportedPolicies in cspSsg
50c8ffe
@vejja
improve rateLimiter storage mounting
e751f52
@vejja
Revert "improve rateLimiter storage mounting"
5bf020c 
This reverts commit e751f52.
@vejja
Merge branch 'main' into fix/typescript-config
883de56
@vejja
eslint update
96d831a 
- conform eslint to standard recommendation
- fix "template root requires one element" in secret.vue
- also conforms 'npm run dev' script setup
@vejja
improve CSP compliance
b08c198 
- disallow setting nonces on the server via cookie
- disallow setting nonces other than through crypto secure method
- suppress 'check' mode
- do not send nonce via cookie to the frontend
@vejja
RFC-compliant crypto
ee366c7 
- W3C mandates at least 128 bits of entropy
- randomUUID only had 122
@espensgr
Update 3.crossOriginEmbedderPolicy.md
6d70fcb 
Added credentialless as per the Cross-Origin-Embedder-Policy documentation, and you can use it as it solved my usecase.
@espensgr
Update headers.ts
2ad809a 
'credentialless' in CrossOriginEmbedderPolycyValue
@Baroshem
Merge pull request #261 from espensgr/patch-1
909221b 
Update 3.crossOriginEmbedderPolicy.md
@vercel
Copy link

vercel bot commented Oct 25, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
nuxt-security ✅ Ready (Inspect) Visit Preview 💬 Add feedback Nov 1, 2023 5:58pm

@Baroshem Baroshem added this to the 1.0.0-rc.3 milestone Oct 25, 2023
@Baroshem Baroshem linked an issue Oct 27, 2023 that may be closed by this pull request
Clarify interval #270
Closed
vejja and others added 6 commits October 28, 2023 10:07
@vejja
Merge branch 'chore/1.0.0-rc.3' into fix/typescript-config
0fa8ace
@vejja
fix vercel build step
3e596bc 
- add .nuxtrc autoImport directive in docs/
- enables building outside of root directory
Remove pnpm-lock.yaml
20d6c4c
@vejja
modify execution order of nitro plugins
9d26803 
- put our security plugins last
- allows to insert nonces after all external scripts have been inserted
@vejja
also reorders plugins in SSG mode
076f819
@Baroshem
Merge pull request #248 from vejja/fix/typescript-config
a667406 
Fix/typescript-config
@Baroshem
Merge pull request #275 from vejja/html-parser
04e0c45 
feat(csp): use cheerio parser
@Baroshem Baroshem merged commit 7ef4988 into main Nov 1, 2023
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Clarify interval
4 participants
@Baroshem @vejja @espensgr @Tristan971