From 2128967215ca798c5042b11de90e062412b62832 Mon Sep 17 00:00:00 2001
From: Baroshem <jakub.andrzejewski.dev@gmail.com>
Date: Fri, 26 Apr 2024 10:01:25 +0200
Subject: [PATCH] fix: 1.4.2 import defuReplaceArray

---
 .stackblitz/package.json                   |  2 +-
 .stackblitz/yarn.lock                      |  8 ++++----
 package.json                               |  2 +-
 src/runtime/nitro/plugins/00-routeRules.ts | 10 +++++-----
 src/runtime/nitro/utils/index.ts           | 11 +++++++++--
 5 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/.stackblitz/package.json b/.stackblitz/package.json
index 17ca2303..d4dc82b5 100644
--- a/.stackblitz/package.json
+++ b/.stackblitz/package.json
@@ -11,6 +11,6 @@
     "nuxt": "3.9.3"
   },
   "dependencies": {
-    "nuxt-security": "^1.4.0"
+    "nuxt-security": "^1.4.2"
   }
 }
diff --git a/.stackblitz/yarn.lock b/.stackblitz/yarn.lock
index 04b8b2d6..8c7b2704 100644
--- a/.stackblitz/yarn.lock
+++ b/.stackblitz/yarn.lock
@@ -4296,10 +4296,10 @@ nuxt-csurf@^1.5.1:
     defu "^6.1.4"
     uncsrf "^1.1.1"
 
-nuxt-security@^1.4.0:
-  version "1.4.0"
-  resolved "https://registry.yarnpkg.com/nuxt-security/-/nuxt-security-1.4.0.tgz#c7ec8dfd586bbf327e297601bf5b012b1752c823"
-  integrity sha512-oBpA7bNWt+U1oafWospfGV5htzkpUcyP4RStR3LoEnP7bJSyAnXac9sjeBe+kVF4K9aWBnDuoH1bya96UMQq0Q==
+nuxt-security@^1.4.2:
+  version "1.4.2"
+  resolved "https://registry.yarnpkg.com/nuxt-security/-/nuxt-security-1.4.2.tgz#8ebff7b36c42373192322f6c115e80195c8daa26"
+  integrity sha512-0rxruaiKcSXqZS9bEQuXTzUMfw3Jd73Kx+AtqT9mwsstTihPZjdaQ/125KLrnBKrH9gGSPXiCNo09TgBvgf5DQ==
   dependencies:
     "@nuxt/kit" "^3.11.2"
     basic-auth "^2.0.1"
diff --git a/package.json b/package.json
index 82f46c0d..b42c7d72 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "nuxt-security",
-  "version": "1.4.0",
+  "version": "1.4.2",
   "license": "MIT",
   "type": "module",
   "homepage": "https://nuxt-security.vercel.app",
diff --git a/src/runtime/nitro/plugins/00-routeRules.ts b/src/runtime/nitro/plugins/00-routeRules.ts
index fe372a80..25f595ba 100644
--- a/src/runtime/nitro/plugins/00-routeRules.ts
+++ b/src/runtime/nitro/plugins/00-routeRules.ts
@@ -1,6 +1,6 @@
 import { defineNitroPlugin, useRuntimeConfig } from "#imports"
 import { NuxtSecurityRouteRules } from "../../../types"
-import { defuReplaceArray } from "../../../utils"
+import { defuReplaceArray } from "../utils"
 import { OptionKey, SecurityHeaders } from "../../../types/headers"
 import { getKeyFromName, headerObjectFromString } from "../../utils/headers"
 
@@ -26,7 +26,7 @@ export default defineNitroPlugin((nitroApp) => {
     securityOptions,
     securityRouteRules['/**']
   )
-  
+
   // Then insert route specific security headers
   for (const route in runtimeConfig.nitro.routeRules) {
     const rule = runtimeConfig.nitro.routeRules[route]
@@ -61,7 +61,7 @@ export default defineNitroPlugin((nitroApp) => {
 })
 
 /**
- * Convert standard headers string format to security headers object format, returning undefined if no valid security header is found 
+ * Convert standard headers string format to security headers object format, returning undefined if no valid security header is found
  */
 function standardToSecurity(standardHeaders?: Record<string, any>) {
   if (!standardHeaders) {
@@ -78,7 +78,7 @@ function standardToSecurity(standardHeaders?: Record<string, any>) {
         const objectValue: any = headerObjectFromString(optionKey, headerValue)
         standardHeadersAsObject[optionKey] = objectValue
       } else {
-        // Here we ensure backwards compatibility 
+        // Here we ensure backwards compatibility
         // Because in the pre-rc1 syntax, standard headers could also be supplied in object format
         standardHeadersAsObject[optionKey] = headerValue
         //standardHeaders[headerName] = headerStringFromObject(optionKey, headerValue)
@@ -94,7 +94,7 @@ function standardToSecurity(standardHeaders?: Record<string, any>) {
 }
 
 /**
- * 
+ *
  * Ensure backwards compatibility with pre-rc1 syntax, returning undefined if no securityHeaders is passed
  */
 function backwardsCompatibleSecurity(securityHeaders?: SecurityHeaders | false) {
diff --git a/src/runtime/nitro/utils/index.ts b/src/runtime/nitro/utils/index.ts
index dd0c3a1c..f87b3303 100644
--- a/src/runtime/nitro/utils/index.ts
+++ b/src/runtime/nitro/utils/index.ts
@@ -2,7 +2,7 @@
 import type { NuxtSecurityRouteRules } from "../../../types"
 import { createRouter, toRouteMatcher } from "radix3"
 import type { H3Event } from "h3"
-import { defuReplaceArray } from "../../../../src/utils"
+import { createDefu } from 'defu'
 
 export function resolveSecurityRules(event: H3Event) {
   const routeRules = event.context.security?.routeRules
@@ -19,4 +19,11 @@ export function resolveSecurityRoute(event: H3Event) {
   const router = createRouter<{ name: string }>({ routes: routeNames})
   const match = router.lookup(event.path.split('?')[0])
   return match?.name
-}
\ No newline at end of file
+}
+
+export const defuReplaceArray = createDefu((obj, key, value) => {
+  if (Array.isArray(obj[key]) || Array.isArray(value)) {
+    obj[key] = value
+    return true
+  }
+})