最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客

nuxt.js - Some CSP Problems with nuxt-security - Stack Overflow

programmeradmin6浏览0评论

there are 2 problems with my code below. No matter what I did, I couldn't solve the problem.

Problem 1 -) When the user refreshes the page, it always redirects to the home page.

Problem 2 -) The css does not come correctly on the pages where I pull dynamic data. I added 2 images as an example. When I refresh the page the css becomes even more corrupted.

Thanks for your help.

security: {
  hidePoweredBy: true,
  corsHandler: {
    origin: "www.abc",
    methods: ["GET", "POST", "DELETE"],
    credentials: false,
  },
  headers: {
    strictTransportSecurity: {
      maxAge: 15552000,
      includeSubdomains: true,
    },
    xFrameOptions: "DENY",
    crossOriginEmbedderPolicy: "unsafe-none",
    crossOriginOpenerPolicy: "same-origin",
    crossOriginResourcePolicy: "same-origin",
    xXSSProtection: "1; mod=block",
    xPermittedCrossDomainPolicies: "none",
    contentSecurityPolicy: {
      'base-uri': ["'none'"],
      'font-src': ["'self'", "https:", "data:"],
      'form-action': ["'self'"],
      'img-src': [
        "'self'",
        ";,
        ";,
        ";,
        ";,
        "data:",
      ],
      'frame-ancestors': ["'none'"],
      'frame-src': ["'self'", "/", "/"],
      'manifest-src': ["'self'"],
      'media-src': ["'self'"],
      'object-src': ["'none'"],
      'worker-src': ["'self'"],
      'script-src-attr': ["'none'"],
      'script-src': [
        "'self'",
        "https:",
        "'unsafe-inline'",
        "'nonce-{{nonce}}'",
      ],
      'style-src': ["'self'", "'unsafe-inline'"],
      "upgrade-insecure-requests": true,
    },
    originAgentCluster: "?1",
    xContentTypeOptions: "nosniff",
    referrerPolicy: "strict-origin-when-cross-origin",
    xDownloadOptions: "noopen",
    xDNSPrefetchControl: "off",
  },
  allowedMethodsRestricter: {
    methods: ["GET", "POST", "DELETE"],
  },
  xssValidator: {
    methods: ["GET", "POST", "DELETE"],
    css: true,
    escapeHtml: true,
  },
  requestSizeLimiter: {
    maxRequestSizeInBytes: 2000000,
    maxUploadFileRequestInBytes: 8000000,
  },
  rateLimiter: {
    tokensPerInterval: 100,
    interval: 900000,
    headers: false,
  },
  sri: true,
  nonce: true,
  ssg: {
    meta: true,
    hashScripts: true,
    hashStyles: false,
    exportToPresets: true,
  },
}
发布评论

评论列表(0)

  1. 暂无评论