victor-perez / nuxt-helmet Goto Github PK
View Code? Open in Web Editor NEW:construction_worker: Helmet for Nuxt
License: MIT License
:construction_worker: Helmet for Nuxt
License: MIT License
I believe this package works locally, but the headers are lost after running nuxt build.
This may be related to the helmet package v4 upgrade?
On npm the 2.x version is marked as latest
instead of version 3.x (see https://www.npmjs.com/package/nuxt-helmet?activeTab=versions).
That's unusual because then npm won't "see" the 3.x version and people won't install it.
It's probably because 2.x was released after 3.x, to fix the issue with accidental helmet 5.x upgrade.
That said, I wanted to address the nuxt/nuxt#24343 issue in relation to this module also but not sure whether you are fine with making that fix against version 2.x. I don't use 3.x and don't want for now spend time on upgrading.
Hi Victor
Thank you for great package.
I have added your package to a nuxt project, and on local all seems to work correctly and all security headers are set. However when I deployed project to vercel none of the headers are set.
Do you know what could be the issue here, or what I'm doing wrong
Hi @victor-perez,
I have a problem understanding where in my nuxt config the following configuration go:
helmet: {
dnsPrefetchControl: true,
expectCt: true,
featurePolicy: true,
frameguard: true,
hidePoweredBy: true,
hsts: true,
ieNoOpen: true,
noCache: true,
noSniff: true,
permittedCrossDomainPolicies: true,
referrerPolicy: true,
xssFilter: true,
}
Because if I put it after my modules my nuxt app will not compile anymore here is what I was trying to do:
modules: [
'nuxt-helmet',
'@nuxtjs/pwa',
// Doc: https://github.com/nuxt-community/dotenv-module
'@nuxtjs/dotenv'
],
helmet: {
dnsPrefetchControl: true,
expectCt: true,
featurePolicy: true,
frameguard: true,
hidePoweredBy: true,
hsts: true,
ieNoOpen: true,
noCache: true,
noSniff: true,
permittedCrossDomainPolicies: true,
referrerPolicy: true,
xssFilter: true,
}
Can you please tell me what I am doing wrong?
On the backend I am using something else other than javascript or node server derivates, that is why I am asking how to configure your module to work with Nuxt with a setup like:
Thanks
I'm sure this is a silly question but can this be used with static site generation?
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Powered-By: Express
X-XSS-Protection: 0
Hi
I'm looking for a way to put a script
tag in my component. ( Not in head BUT somewhere inside HTML codes). The script tag is like: <script src="http://example.com/page/"></script>
.
Actually it tries to inject an HTML button to the page and it works fine with a simple HTML page.
But in Nuxt app It shows up for a second and disappears.
The console is logging the following warning regarding this issue:
The script from “http://example.com/page/” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.[Learn More]
I couldn't fix it using this library and the problem still exist.
Any help?
master
branch failed. 🚨I recommend you give this issue a high priority, so other packages depending on you could benefit from your bug fixes and new features.
You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can resolve this 💪.
Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.
Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master
branch. You can also manually restart the failed CI job that runs semantic-release.
If you are not sure how to resolve this, here is some links that can help you:
If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.
The npm token configured in the NPM_TOKEN
environment variable must be a valid token allowing to publish to the registry https://registry.npmjs.org/
.
If you are using Two-Factor Authentication, make configure the auth-only
level is supported. semantic-release cannot publish with the default auth-and-writes
level.
Please make sure to set the NPM_TOKEN
environment variable in your CI with the exact value of the npm token.
Good luck with your project ✨
Your semantic-release bot 📦🚀
Hi Victor,
Thanks for making this.
Can you explain or point me to some documentation that explains why helmet needs to be implemented as a nuxt module instead of being required as express middleware. As in why doesn't placing it in index.js work?
Please let me know thanks.
I've been using v2.0.1 which has used Helmet 4. Now that I've upgraded to v2.1.0 things broke because it's using Helmet 5 and there are breaking changes in Helmet 5.
Why was minor version of the module released with a breaking Helmet upgrade?
Please support new helmet release: https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.