Impliment security headers

StrangeRanger · Aug 19, 2024 · e1f16ee · e1f16ee
1 parent 823dd47
commit e1f16ee
Show file tree

Hide file tree

Showing 3 changed files with 197 additions and 253 deletions.
diff --git a/nuxt.config.ts b/nuxt.config.ts
@@ -7,13 +7,49 @@ export default defineNuxtConfig({
     transpile: ["vuetify"],
   },
   modules: [
+    "@nuxt/eslint",
+    "nuxt-security",
     (_options, nuxt) => {
       nuxt.hooks.hook("vite:extendConfig", (config) => {
         config.plugins.push(vuetify({ autoImport: true }));
       });
     },
-    "@nuxt/eslint",
   ],
+  security: {
+    headers: {
+      contentSecurityPolicy: {
+        "default-src": ["'self'", "https://analytics.hthompson.dev"],
+        "script-src": [
+          "'self'",
+          "https://analytics.hthompson.dev",
+          "https://files.hthompson.dev/scripts/tracking.js",
+          "https://static.cloudflareinsights.com",
+        ],
+        "style-src": ["'self'", "'unsafe-inline'"],
+        "img-src": ["'self'", "blob:"],
+        "base-uri": ["'none'"],
+        "object-src": ["'none'"],
+        "upgrade-insecure-requests": true
+      },
+      permissionsPolicy: {
+        "camera": [],
+        "display-capture": [],
+        "fullscreen": [],
+        "geolocation": [],
+        "microphone": [],
+        "web-share": [],
+      },
+      referrerPolicy: "strict-origin",
+      strictTransportSecurity: {
+        maxAge: 31536000,
+        includeSubdomains: true,
+        preload: true,
+      },
+      xContentTypeOptions: "nosniff",
+      xFrameOptions: "SAMEORIGIN",
+      xXSSProtection: "1; mode=block",
+    },
+  },
   vite: {
     vue: {
       template: {