diff --git a/.stackblitz/package.json b/.stackblitz/package.json index 17ca2303..d4dc82b5 100644 --- a/.stackblitz/package.json +++ b/.stackblitz/package.json @@ -11,6 +11,6 @@ "nuxt": "3.9.3" }, "dependencies": { - "nuxt-security": "^1.4.0" + "nuxt-security": "^1.4.2" } } diff --git a/.stackblitz/yarn.lock b/.stackblitz/yarn.lock index 04b8b2d6..8c7b2704 100644 --- a/.stackblitz/yarn.lock +++ b/.stackblitz/yarn.lock @@ -4296,10 +4296,10 @@ nuxt-csurf@^1.5.1: defu "^6.1.4" uncsrf "^1.1.1" -nuxt-security@^1.4.0: - version "1.4.0" - resolved "https://registry.yarnpkg.com/nuxt-security/-/nuxt-security-1.4.0.tgz#c7ec8dfd586bbf327e297601bf5b012b1752c823" - integrity sha512-oBpA7bNWt+U1oafWospfGV5htzkpUcyP4RStR3LoEnP7bJSyAnXac9sjeBe+kVF4K9aWBnDuoH1bya96UMQq0Q== +nuxt-security@^1.4.2: + version "1.4.2" + resolved "https://registry.yarnpkg.com/nuxt-security/-/nuxt-security-1.4.2.tgz#8ebff7b36c42373192322f6c115e80195c8daa26" + integrity sha512-0rxruaiKcSXqZS9bEQuXTzUMfw3Jd73Kx+AtqT9mwsstTihPZjdaQ/125KLrnBKrH9gGSPXiCNo09TgBvgf5DQ== dependencies: "@nuxt/kit" "^3.11.2" basic-auth "^2.0.1" diff --git a/package.json b/package.json index 82f46c0d..b42c7d72 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "nuxt-security", - "version": "1.4.0", + "version": "1.4.2", "license": "MIT", "type": "module", "homepage": "https://nuxt-security.vercel.app", diff --git a/src/runtime/nitro/plugins/00-routeRules.ts b/src/runtime/nitro/plugins/00-routeRules.ts index fe372a80..25f595ba 100644 --- a/src/runtime/nitro/plugins/00-routeRules.ts +++ b/src/runtime/nitro/plugins/00-routeRules.ts @@ -1,6 +1,6 @@ import { defineNitroPlugin, useRuntimeConfig } from "#imports" import { NuxtSecurityRouteRules } from "../../../types" -import { defuReplaceArray } from "../../../utils" +import { defuReplaceArray } from "../utils" import { OptionKey, SecurityHeaders } from "../../../types/headers" import { getKeyFromName, headerObjectFromString } from "../../utils/headers" @@ -26,7 +26,7 @@ export default defineNitroPlugin((nitroApp) => { securityOptions, securityRouteRules['/**'] ) - + // Then insert route specific security headers for (const route in runtimeConfig.nitro.routeRules) { const rule = runtimeConfig.nitro.routeRules[route] @@ -61,7 +61,7 @@ export default defineNitroPlugin((nitroApp) => { }) /** - * Convert standard headers string format to security headers object format, returning undefined if no valid security header is found + * Convert standard headers string format to security headers object format, returning undefined if no valid security header is found */ function standardToSecurity(standardHeaders?: Record) { if (!standardHeaders) { @@ -78,7 +78,7 @@ function standardToSecurity(standardHeaders?: Record) { const objectValue: any = headerObjectFromString(optionKey, headerValue) standardHeadersAsObject[optionKey] = objectValue } else { - // Here we ensure backwards compatibility + // Here we ensure backwards compatibility // Because in the pre-rc1 syntax, standard headers could also be supplied in object format standardHeadersAsObject[optionKey] = headerValue //standardHeaders[headerName] = headerStringFromObject(optionKey, headerValue) @@ -94,7 +94,7 @@ function standardToSecurity(standardHeaders?: Record) { } /** - * + * * Ensure backwards compatibility with pre-rc1 syntax, returning undefined if no securityHeaders is passed */ function backwardsCompatibleSecurity(securityHeaders?: SecurityHeaders | false) { diff --git a/src/runtime/nitro/utils/index.ts b/src/runtime/nitro/utils/index.ts index dd0c3a1c..f87b3303 100644 --- a/src/runtime/nitro/utils/index.ts +++ b/src/runtime/nitro/utils/index.ts @@ -2,7 +2,7 @@ import type { NuxtSecurityRouteRules } from "../../../types" import { createRouter, toRouteMatcher } from "radix3" import type { H3Event } from "h3" -import { defuReplaceArray } from "../../../../src/utils" +import { createDefu } from 'defu' export function resolveSecurityRules(event: H3Event) { const routeRules = event.context.security?.routeRules @@ -19,4 +19,11 @@ export function resolveSecurityRoute(event: H3Event) { const router = createRouter<{ name: string }>({ routes: routeNames}) const match = router.lookup(event.path.split('?')[0]) return match?.name -} \ No newline at end of file +} + +export const defuReplaceArray = createDefu((obj, key, value) => { + if (Array.isArray(obj[key]) || Array.isArray(value)) { + obj[key] = value + return true + } +})