1.0.0-rc.3
Pre-release
Pre-release
1.0.0-rc.3 is the next release candidate
๐๏ธ Next steps
We are planning to release one or two more release candidate versions with bugfixes before a stable 1.0.0 version will be released.
โ Migration Guide
This version includes
In the previous version, nonce
could be either an object with a type NonceOptions
or false
.
export type NonceOptions = {
enabled: boolean;
mode?: 'renew' | 'check';
value?: (() => string);
}
Now it is only a boolean value:
export default defineNuxtConfig({
security: {
nonce: true | false
}
}
This change was necessary to resolve security vulnerability for nonce reported by vejja #257. Read more about the new usage of nonce in this module https://nuxt-security.vercel.app/documentation/headers/csp#nonce
๐ Changelog
compare changes
๐ Enhancements
- Add
credentialless
value toCross-Origin-Embedder-Policy
header - Export configuration type
- Improve CSP Compliance
- ensure csp plugins are added last
- Extend CSP support of SSG mode
- use cheerio HTML parser for CSP
๐ฉน Fixes
- Basic Auth Configuration for Multiple Paths
- Nonce value is injected in all pre-rendered pages if the
nonce
option is set totrue
๐ Documentation
- Clarify rateLimiter
interval
property
๐ก Chore
- Improve TS config
โ ๏ธ Breaking Changes
- CSP Compliance
โค๏ธ Contributors
- Espen Solli Grande (@espensgr)
- vejja (@vejja)
- Tristan (@Tristan971)
- Jonas Thelemann (@dargmuesli)
- nsratha (@rathahin)