Baroshem
Not working on DEV on network devices
Hi,
Thanks for this great library. I have come across an issue where when I add --host to give dev server network address - the website displays without any styling on all devices connected to network address.
What is the best way to solve this just for dev.
Thanks
Hi @moshetanzer
This could be related to the default security setup for ‘upgrade-insecure-requests’ when serving with —host without a secure SSL connection
Can you try our recommended setup for —host at https://nuxt-security.vercel.app/documentation/advanced/faq#running-app-with-host-flag And let us know if this works for you ?
Hi, Yes thanks this worked better than just using the --https flag.
Thank you.
Shouldnt cors handler * be set only for dev to all?
Also when using strictTransportSecurity true - nuxt.config.ts type is wrong since it expects false https://github.com/Baroshem/nuxt-security/blob/8305b48079dc7c0ef83a16d3f6de24dfc41e563b/src/types/headers.ts#L237C1-L238C1
Shouldnt cors handler * be set only for dev to all?
With all the settings we usually prefer to have it the same for all environments to avoid situations where something will pass on dev environment and will fail on prod environment. This is shipped by us as a good practise but you can always customize it to work only on certain environment the way you want :)
Also, thanks for the kind words! We are happy that you like the module :)
Also when using strictTransportSecurity true - nuxt.config.ts type is wrong since it expects false https://github.com/Baroshem/nuxt-security/blob/8305b48079dc7c0ef83a16d3f6de24dfc41e563b/src/types/headers.ts#L237C1-L238C1
I think you are correct. Could you please create a new issue with it? I think it is related to the documentation only as we changed it some time ago from accepting boolean values to only accept Object / false.
And if you would be interested in contributing, we would be very happy to help you with your first PR :)