nuxt-security icon indicating copy to clipboard operation
nuxt-security copied to clipboard
verified publisher icon Baroshem

Chore/2.0.0

Open Baroshem opened this issue 1 year ago • 2 comments

Types of changes

  • [ ] Bug fix (a non-breaking change which fixes an issue)
  • [ ] New feature (a non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to change)

https://github.com/Baroshem/nuxt-security/pull/475 https://github.com/Baroshem/nuxt-security/pull/488 https://github.com/Baroshem/nuxt-security/pull/485 https://github.com/Baroshem/nuxt-security/pull/497 https://github.com/Baroshem/nuxt-security/discussions/496 #494 https://github.com/Baroshem/nuxt-security/issues/501

Description

Checklist:

  • [ ] My change requires a change to the documentation.
  • [ ] I have updated the documentation accordingly.
  • [ ] I have added tests to cover my changes (if not applicable, please state why)

Baroshem avatar Jul 16 '24 06:07 Baroshem

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
nuxt-security ✅ Ready (Inspect) Visit Preview 💬 Add feedback Sep 19, 2024 11:01am

vercel[bot] avatar Jul 16 '24 06:07 vercel[bot]

@vejja if you agree, I would love to merge this PR and release a brand new 2.0.0 version :)

Baroshem avatar Jul 29 '24 09:07 Baroshem

Hey @Shana-AE could you work on the improvements suggested by @vejja ? :)

Baroshem avatar Aug 09 '24 08:08 Baroshem

@baroshem just a general comment here on providing a regex serializer/deserializer The official Nuxt docs say that we should not do this: Screenshot 2024-08-09 at 12 22 21

On balance though, the CORS handler is a native h3 feature, which is supposed to allow Regexes. I am a bit puzzled at whether regexes are allowed/not allowed in nuxt.config.ts.

vejja avatar Aug 09 '24 10:08 vejja

Hmm, at this point maybe it would be safer to revert this change and plan it for 2.1.0? What would be your recommendation Sebastien? :)

Baroshem avatar Aug 09 '24 11:08 Baroshem

Hmm, at this point maybe it would be safer to revert this change and plan it for 2.1.0? What would be your recommendation Sebastien? :)

Yes, agree with this Jakub. We would have more time to check with @danielroe on why regexes are not allowed in nuxt.config.ts but allowed in h3 - how they recommend we deal with this

vejja avatar Aug 09 '24 11:08 vejja

@Baroshem just a general comment here on providing a regex serializer/deserializer The official Nuxt docs say that we should not do this: Screenshot 2024-08-09 at 12 22 21

On balance though, the CORS handler is a native h3 feature, which is supposed to allow Regexes. I am a bit puzzled at whether regexes are allowed/not allowed in nuxt.config.ts.

Thanks for pointing out the documentary :) I just found that regexp didn't work, and after debugging, I found regexp was serialized to {}. and this is because that runtimeConfig was merged with env and serialized with JSON.stringify() before it was passed to h3. as I mentioned in #497. I only got the runtimeConfig came from nitropack and got the value from process.env.RUNTIME_CONFIG. I'm just a new user of nuxt, so I didn't know more things about the detail that Why runtimeConfig was serialized and deserialized I know the problem, and I know the superficial reason, but don't know about the deeper reason, so I just made "it works" through make Regexp can be serialized and restored, though ugly. I think maybe we should use other things than runtimeConfig to store the config ? or if there is a best practice to make regexp serializable?

Shana-AE avatar Aug 09 '24 13:08 Shana-AE

Hey @Shana-AE could you work on the improvements suggested by @vejja ? :)

About the test and document, I want to know if there's a better solution to solve this problem. #497 it maybe or should be replaced with a better solution And I want to know if there is a guide about writing test or coverage report?

Shana-AE avatar Aug 09 '24 14:08 Shana-AE

@Baroshem just a general comment here on providing a regex serializer/deserializer The official Nuxt docs say that we should not do this: Screenshot 2024-08-09 at 12 22 21 On balance though, the CORS handler is a native h3 feature, which is supposed to allow Regexes. I am a bit puzzled at whether regexes are allowed/not allowed in nuxt.config.ts.

Thanks for pointing out the documentary :) I just found that regexp didn't work, and after debugging, I found regexp was serialized to {}. and this is because that runtimeConfig was merged with env and serialized with JSON.stringify() before it was passed to h3. as I mentioned in #497. I only got the runtimeConfig came from nitropack and got the value from process.env.RUNTIME_CONFIG. I'm just a new user of nuxt, so I didn't know more things about the detail that Why runtimeConfig was serialized and deserialized I know the problem, and I know the superficial reason, but don't know about the deeper reason, so I just made "it works" through make Regexp can be serialized and restored, though ugly. I think maybe we should use other things than runtimeConfig to store the config ? or if there is a best practice to make regexp serializable?

Understood @Shana-AE, thanks for the explanation I don’t know the exact answer, but we will find out

vejja avatar Aug 09 '24 14:08 vejja

Here is my attempt on fixing the RegExp issue: https://github.com/Baroshem/nuxt-security/pull/509 Would love to hear your feedback. I noticed that we do not have any CORS test fixture yet. Would be great to add some tests in the future.

UPDATE: I also added a new test fixture for CORS with my PR.

P4sca1 avatar Aug 09 '24 15:08 P4sca1