Merge branch 'chore/1.0.0-rc.1' of github.com:Baroshem/nuxt-security …

…into chore/1.0.0-rc.1
Baroshem · Oct 6, 2023 · 4942b07 · 4942b07
2 parents 819fedc + 6a7ff5b
commit 4942b07
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 4 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -3,10 +3,10 @@ name: ci
 on:
   push:
     branches:
-      - main
+      - 'main'
+      - '**-rc.**'
+      - 'renovate/**'
   pull_request:
-    branches:
-      - main
 
 jobs:
   ci:

diff --git a/docs/content/1.documentation/1.getting-started/2.configuration.md b/docs/content/1.documentation/1.getting-started/2.configuration.md
@@ -113,3 +113,38 @@ security: {
 ```
 
 To read more about every security middleware, go to that middleware page in `security` section.
+
+## Overriding a layer's configuration
+
+If you extend a [Nuxt Layer](https://nuxt.com/docs/getting-started/layers) which adds `nuxt-security`, you can override that layer's `nuxt-security` configuration or parts of it by defining a module in your project's `nuxt.config.ts`. Here is an example that illustrates how to remove the `'none'` value set by default for `object-src`:
+
+
+```ts
+export default defineNuxtConfig(
+  {
+    extends: 'some-layer-adding-nuxt-security',
+    modules: [
+      (_options, nuxt) => {
+        const nuxtConfigSecurity = nuxt.options.security
+        if (
+          typeof nuxtConfigSecurity.headers !== 'boolean' &&
+          nuxtConfigSecurity.headers.contentSecurityPolicy &&
+          typeof nuxtConfigSecurity.headers.contentSecurityPolicy !==
+            'boolean' &&
+          typeof nuxtConfigSecurity.headers.contentSecurityPolicy !==
+            'string' &&
+          nuxtConfigSecurity.headers.contentSecurityPolicy['object-src']
+        ) {
+          nuxtConfigSecurity.headers.contentSecurityPolicy['object-src'] =
+            nuxtConfigSecurity.headers.contentSecurityPolicy[
+              'object-src'
+            ].filter((x) => x !== "'none'")
+        }
+        console.log(nuxt.options.security)
+      },
+    ],
+  }
+)
+```
+
+Of course it's possible to define the module shown above using a file in the `modules` directory as well.
diff --git a/package.json b/package.json
@@ -48,6 +48,7 @@
     "test:watch": "vitest watch",
     "stackblitz": "cd .stackblitz && yarn && yarn dev"
   },
+  "packageManager": "[email protected]",
   "dependencies": {
     "@nuxt/kit": "^3.7.3",
     "basic-auth": "^2.0.1",

diff --git a/src/module.ts b/src/module.ts
@@ -1,7 +1,7 @@
 import { fileURLToPath } from 'node:url'
 import { resolve, normalize } from 'pathe'
 import { defineNuxtModule, addServerHandler, installModule, addVitePlugin } from '@nuxt/kit'
-import defu from 'defu'
+import { defu } from 'defu'
 import { Nuxt, RuntimeConfig } from '@nuxt/schema'
 import { builtinDrivers } from 'unstorage'
 import { defuReplaceArray } from './utils'