nuxt-modules · Baroshem · Nov 15, 2023 · Oct 31, 2023 · Nov 4, 2023 · Nov 6, 2023
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -7,6 +7,7 @@ on:
       - '**-rc.**'
       - 'renovate/**'
   pull_request:
+  workflow_dispatch:
 
 jobs:
   ci:

diff --git a/.stackblitz/package.json b/.stackblitz/package.json
@@ -11,6 +11,6 @@
     "nuxt": "3.7.3"
   },
   "dependencies": {
-    "nuxt-security": "^1.0.0-rc.3"
+    "nuxt-security": "^1.0.0-rc.4"
   }
 }
diff --git a/.stackblitz/yarn.lock b/.stackblitz/yarn.lock
@@ -3113,10 +3113,10 @@ nuxt-csurf@^1.3.1:
     defu "^6.1.1"
     uncsrf "^1.1.1"
 
-nuxt-security@^1.0.0-rc.3:
-  version "1.0.0-rc.3"
-  resolved "https://registry.yarnpkg.com/nuxt-security/-/nuxt-security-1.0.0-rc.3.tgz#7af5229e608acf67e1793963bd9164e43727e452"
-  integrity sha512-3up3u5H7GY3PE+s7B4+Kkj44r3WoOAKbPhpu7wRZn0oRN/bRmhcsK0QAzKGhxOpB3dgR9Zb5XtwKa2uzhLLp5Q==
+nuxt-security@^1.0.0-rc.4:
+  version "1.0.0-rc.4"
+  resolved "https://registry.yarnpkg.com/nuxt-security/-/nuxt-security-1.0.0-rc.4.tgz#b3e2ba1a6d3d54d239e2bc8091c6ebd3bcbfc8c6"
+  integrity sha512-xYj0+kXpgePq59UPTZ73eGN74LT2ByFMbobV5eZkePVLWwa8MNl1j0XhM2IjdBhowFnCMasApU2P/dnP27J96g==
   dependencies:
     "@nuxt/kit" "^3.8.0"
     basic-auth "^2.0.1"

diff --git a/docs/content/1.documentation/1.getting-started/2.configuration.md b/docs/content/1.documentation/1.getting-started/2.configuration.md
@@ -27,6 +27,7 @@ interface ModuleOptions {
   nonce: boolean;
   removeLoggers?: RemoveOptions | false;
   ssg?: Ssg;
+  sri: boolean;
 }
 ```
 
@@ -43,14 +44,15 @@ security: {
     crossOriginOpenerPolicy: 'same-origin',
     crossOriginEmbedderPolicy: 'require-corp',
     contentSecurityPolicy: {
-      'base-uri': ["'self'"],
+      'base-uri': ["'none'"],
       'font-src': ["'self'", 'https:', 'data:'],
       'form-action': ["'self'"],
       'frame-ancestors': ["'self'"],
       'img-src': ["'self'", 'data:'],
       'object-src': ["'none'"],
       'script-src-attr': ["'none'"],
       'style-src': ["'self'", 'https:', "'unsafe-inline'"],
+      'script-src': ["'self'", 'https:', "'unsafe-inline'", "'strict-dynamic'", "'nonce-{{nonce}}'"],
       'upgrade-insecure-requests': true
     },
     originAgentCluster: '?1',
@@ -106,16 +108,18 @@ security: {
   basicAuth: false,
   enabled: true,
   csrf: false,
-  nonce: false,
+  nonce: true,
   removeLoggers: {
     external: [],
     consoleType: ['log', 'debug'],
     include: [/\.[jt]sx?$/, /\.vue\??/],
     exclude: [/node_modules/, /\.git/]
   },
   ssg: {
-    hashScripts: true
-  }
+    hashScripts: true,
+    hashStyles: false
+  },
+  sri: true
 }
 ```