Merge pull request #226 from dargmuesli/layer-overrides

docs(configuration): add layer overriding instructions

Author: Baroshem

docs/content/1.documentation/1.getting-started/2.configuration.md

@@ -113,3 +113,38 @@ security: {
 ```
 
 To read more about every security middleware, go to that middleware page in `security` section.
+
+## Overriding a layer's configuration
+
+If you extend a [Nuxt Layer](https://nuxt.com/docs/getting-started/layers) which adds `nuxt-security`, you can override that layer's `nuxt-security` configuration or parts of it by defining a module in your project's `nuxt.config.ts`. Here is an example that illustrates how to remove the `'none'` value set by default for `object-src`:
+
+
+```ts
+export default defineNuxtConfig(
+  {
+    extends: 'some-layer-adding-nuxt-security',
+    modules: [
+      (_options, nuxt) => {
+        const nuxtConfigSecurity = nuxt.options.security
+        if (
+          typeof nuxtConfigSecurity.headers !== 'boolean' &&
+          nuxtConfigSecurity.headers.contentSecurityPolicy &&
+          typeof nuxtConfigSecurity.headers.contentSecurityPolicy !==
+            'boolean' &&
+          typeof nuxtConfigSecurity.headers.contentSecurityPolicy !==
+            'string' &&
+          nuxtConfigSecurity.headers.contentSecurityPolicy['object-src']
+        ) {
+          nuxtConfigSecurity.headers.contentSecurityPolicy['object-src'] =
+            nuxtConfigSecurity.headers.contentSecurityPolicy[
+              'object-src'
+            ].filter((x) => x !== "'none'")
+        }
+        console.log(nuxt.options.security)
+      },
+    ],
+  }
+)
+```
+
+Of course it's possible to define the module shown above using a file in the `modules` directory as well.