Necrotizing Pineapple Music

    @dansmaculotte/nuxt-security

    0.0.5 • Public • Published

    @dansmaculotte/nuxt-security

    npm version npm downloads License

    Module for Nuxt.js to configure security headers and more

    Features

    This module allows you to configure various security headers such as CSP, HSTS or even generate security.txt file. Here is a list of availables features :

    • Strict-Transport-Security header
    • Content-Security-Policy header
    • X-Frame-Options header
    • X-Xss-Protection
    • X-Content-Type-Options header
    • Referrer-Policy header
    • Permissions-Policy header (previously Feature-Policy)
    • security.txt file generation

    ToDo

    • [ ] Sign security.txt with OpenPGP
    • [ ] Headers as meta tags for SPA
    • [ ] Public-Key-Pins

    📖 Release Notes

    Setup

    1. Add @dansmaculotte/nuxt-security dependency to your project
    yarn add @dansmaculotte/nuxt-security # or npm install @dansmaculotte/nuxt-security
    1. Add @dansmaculotte/nuxt-security to the modules section of nuxt.config.js
    {
      modules: [
        // Simple usage
        '@dansmaculotte/nuxt-security',
    
        // With options
        [
          '@dansmaculotte/nuxt-security',
          {
            /* module options */
          }
        ]
      ],
    
      // Top level options
      security: {}
    }

    Options

    dev

    • Default: process.env.SECURITY_DEV || false

    Enable module in development mode

    hsts

    • Default: null

    This option rely on helmet hsts package.

    Example:

    hsts: {
      maxAge: 15552000,
      includeSubDomains: true,
      preload: true
    },

    csp

    • Default: null

    This option rely on helmet csp package.

    Example:

    csp: {
      directives: {
        defaultSrc: ["'self'"],
        scriptSrc: ["'self'"],
        objectSrc: ["'self'"],
      },
      reportOnly: false,
    },

    referrer

    • Default: null

    This option rely on helmet referrer policy package.

    Example:

    referrer: 'same-origin',

    permissions

    • Default: null

    This option rely on permissions policy package.

    Example:

    permissions: {
      notifications: ['none']
    },

    Note: this come in replacement for feature option as Feature-Policy header is deprecated. Previous features option is still supported for now but displays a warning and use Permissions-Policy header instead.

    securityFile

    • Default: null

    This option allows you to generate a security.txt described by securitytxt.org.

    When generating for SPA applications, the file will appear in the dist/.well-known folder.

    For universal applications, the file is accessible at this path: /.well-known/security.txt.

    Example:

    securityFile: {
      contacts: [
        'mailto:security@example.com',
        'https://example.com/security'
      ],
      // or contacts: 'mailto:security@example.com'
      canonical: 'https://example.com/.well-know/security.txt',
      preferredLanguages: ['fr', 'en'],
      // or preferredLanguages: 'fr',
      encryptions: ['https://example.com/pgp-key.txt'],
      // or encryptions: 'https://example.com/pgp-key.txt',
      acknowledgments: ['https://example.com/hall-of-fame.html'],
      // or acknowledgments: 'https://example.com/hall-of-fame.html',
      policies: ['https://example.com/policy.html'],
      // or policies: 'https://example.com/policy.html',
      hirings: ['https://example.com/jobs.html']
      // or hirings: 'https://example.com/jobs.html'
    },

    additionalHeaders

    • Default: false

    If true it adds additional headers :

    Development

    1. Clone this repository
    2. Install dependencies using yarn install or npm install
    3. Start development server using npm run dev

    License

    MIT License

    Copyright (c) Dans Ma Culotte tech@dansmaculotte.fr

    Install

    npm i @dansmaculotte/nuxt-security

    DownloadsWeekly Downloads

    807

    Version

    0.0.5

    License

    MIT

    Unpacked Size

    13.4 kB

    Total Files

    8

    Last publish

    Collaborators

    • zevran
    • pab50
    • romaintouze-dmc