Merge pull request #179 from Baroshem/fix/csp-ssg

fix: csp ssg

Author: Baroshem

src/module.ts

@@ -180,8 +180,8 @@ const setSecurityResponseHeaders = (nuxt: Nuxt, headers: SecurityHeaders) => {
 
 const setSecurityRouteRules = (nuxt: Nuxt, securityOptions: ModuleOptions) => {
   const nitroRouteRules = nuxt.options.nitro.routeRules;
-  delete (securityOptions as any).headers;
-  for (const middleware in securityOptions) {
+  const { headers, ...rest } = securityOptions
+  for (const middleware in rest) {
     if (securityOptions[middleware as keyof typeof securityOptions]) {
       const middlewareConfig = securityOptions[
         middleware as keyof typeof securityOptions
@@ -237,13 +237,15 @@ const registerSecurityNitroPlugins = (
     }
 
     // Nitro plugin to enable nonce for CSP
-    config.plugins.push(
-      normalize(
-        fileURLToPath(
-          new URL("./runtime/nitro/plugins/cspNonce", import.meta.url)
+    if (nuxt.options.security.nonce) {
+      config.plugins.push(
+        normalize(
+          fileURLToPath(
+            new URL("./runtime/nitro/plugins/cspNonce", import.meta.url)
+          )
         )
-      )
-    );
+      );
+    }
 
     // Register nitro plugin to enable CSP for SSG
     if (

src/runtime/nitro/plugins/cspSsg.ts

@@ -42,7 +42,7 @@ export default <NitroAppPlugin> function (nitro) {
     }
 
     const securityHeaders = moduleOptions.headers as SecurityHeaders
-    const contentSecurityPolicies: ContentSecurityPolicyValue = (securityHeaders.contentSecurityPolicy as MiddlewareConfiguration<ContentSecurityPolicyValue>).value
+    const contentSecurityPolicies: ContentSecurityPolicyValue = (securityHeaders.contentSecurityPolicy as MiddlewareConfiguration<ContentSecurityPolicyValue>).value || securityHeaders.contentSecurityPolicy
 
     html.head.push(generateCspMetaTag(contentSecurityPolicies, scriptHashes))
   })