-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NuxtLink Support with custom route rules #527
Comments
Hi @markus-gx I was going to give you the all-frustrating "it's not a bug, it's a feature" but I do have to say it's an issue. The issue that you are facing is that when you navigate on the client-side, your application is not hitting the server again. Everything happens in the browser, so the headers are not refreshed. We have an extensive write-up about this issue in our docs here: https://nuxt-security.vercel.app/documentation/advanced/strict-csp#per-route-csp We discussed internally whether we would drop the |
Thanks for the answer! Totally understand that - hiding is always great :P |
I would be up for hiding it as well but not removing it as someone might need it. Thanks for the answer and comments! :) |
Would you be interested in contributing this documentation change? We can provide all help needed :) |
Sure count me in ;) |
Version
Steps to Reproduce:
<nuxt-link>
to navigate internally to the page where custom route rules were set.<nuxt-link>
, observe that the custom security headers are no longer applied.Expected Behavior:
Custom route rules should persist and be applied correctly, even when navigating internally via
<nuxt-link>
. The custom headers (e.g., for PayPal on the checkout route) should still be present, ensuring consistent security behavior.Actual Behavior:
The custom route-specific security headers are not applied when navigating internally using
<nuxt-link>
. Instead, the default globalnuxt-security
settings are applied, overwriting/not applying the expected custom route headers.Additional Information:
<nuxt-link>
. When directly accessing the route (e.g., via a page reload), the custom headers are correctly applied.The text was updated successfully, but these errors were encountered: