1.0.0-rc.1
Pre-release
1.0.0-rc.1 is the first release candidate
🗞️ Next steps
We are planning to release one or two more release candidate versions with bugfixes before a stable 1.0.0 version will be released.
✅ Migration Guide
This version includes
Modifed the structure for alllowedMethodsRestricter
In the previous version, alllowedMethodsRestricter was an array of HTTP methods or '*' for all methods.
export default defineNuxtConfig({
security: {
allowedMethodsRestricter: ['GET']
}
}Now it is configured like following:
export default defineNuxtConfig({
security: {
allowedMethodsRestricter: {
methods: ['GET'],
throwError?: true,
}
}
}This change allows to pass a throwError property that can be useful to return an error response rather than throwing a default Nuxt error.
Changed the disabled value for permissionsPolicy
In the previous version, if you wanted to disable certain API like camera you would do something like this:
export default defineNuxtConfig({
security: {
headers: {
permissionsPolicy: {
'camera': [()]
},
},
},
})Now it is configured like following:
export default defineNuxtConfig({
security: {
headers: {
permissionsPolicy: {
'camera': [] // This will block usage of camera by this website
},
},
},
})This change allows to fix an issue of passing several directives mentioned in #194
Changed the type of interval in rateLimiter
In the previous version, if you wanted to set the interval for your rateLimiter you would do something like this:
export default defineNuxtConfig({
security: {
rateLimiter: {
interval: 'hour' | 60000
}
}
})Now it is configured like following:
export default defineNuxtConfig({
security: {
rateLimiter: {
interval: 60000
}
}
})This change was required to migrate to an updated rateLimiter that supports modern examples.
👉 Changelog
compare changes
🚀 Enhancements
- move logic of Static plugins to the top of module.ts to decrease the amount of code for SSG apps
- improve rateLimiter with support for unstorage (#190)
- remove console.logs after build (#128)
- add an include option for basicAuth (#219)
- option to disable hashing for SSG (#215)
- support for CRSF in Serverless Environments
🩹 Fixes
- useCsrf() is undefined (#203)
- CSRF tokens cause breakage on build using serverless environments due to incompatible exports of Node Crypto (#167)
- upgrade-insecure-requests cannot be turned off for static build (#214)
- invalid permission policy parser (#194)
- remove broken test for
nonce(#213)
📖 Documentation
- refactor docs to be easier (#135)
- create faq section in docs from questions in Github issues (#192)
- security composable to use in pages (#217)
- Content-Security-Policy: The page’s settings blocked the loading of a resource at inline (#218)
- custom CSP merger (#198)
- stripe blocked by 'Cross-Origin-Embedder-Policy' (#229)
- update 3.rate-limiter.md fix comma (#204)
- New section for Contributing
- New section for Usage
- Reorganised Navigation
- Added global Search
- New Homepage
- New section for Headers
- New section for utils
- Embedded Playground
- New page for Releases
- Migrated to newest docus
- New Preview Image
🏡 Chore
- remove legacy approach for middlewares in types and module.ts file (#191)
- bump packages to newer versions (#183) -> Nuxt 3.2 -> 3.7
- Reorganized project repository for easier maintenance
- specify package manager (#225)
- do not use default export for defu (#224)
🤖 CI
- improved CI script for automatic unit tests for main, rc, and renovate branches
⚠️ Breaking Changes
- Permissions Policy
- Allowed Methods Restricter
❤️ Contributors
- Nik (@n4an)
- Daniel Roe (@danielroe)
- Thomas Rijpstra (@trijpstra-fourlights)
- Pooya Parsa (@pi0)
- Sébastien Chopin (@atinux)
- Mr. K V (@69u)
- Jonas Thelemann (@dargmuesli)
- Loïs (@Applelo)
- Max Druzhinin (@maxdzin)
- Fabricio Carvalho (@fabricioOak)
- nekotoriy (@nekotoriy)
- vejja (@vejja)
- Insomnius (@insomnius)
- Boring Dragon (@boring-dragon)
🏋️♂️ New Contributors
- @insomnius made their first contribution in #204
- @dargmuesli made their first contribution in #225
- @boring-dragon made their first contribution in #234
- @fabricioOak made their first contribution in #242
