useCsrfFetch is not working after running "npm run build" in production

[raliclo]

Environment

Nuxt project info:                                                                                       
------------------------------
- Operating System: Windows_NT
- Node Version:     v23.0.0
- Nuxt Version:     3.14.1592
- CLI Version:      3.16.0
- Nitro Version:    2.10.4
- Package Manager:  [email protected]
- Builder:          -
- User Config:      default
- Runtime Modules:  [email protected], @primevue/[email protected], @pinia/[email protected]
- Build Modules:    -
------------------------------

Nuxt Security Version

v2.1.5

Default setup used?

Yes, the bug happens even if the security option is not customized

Security options

security: {
    csrf: true,
    headers: {
      xXSSProtection: '0'
    },
    rateLimiter: {
      tokensPerInterval: 5,
      interval: 30000,
      headers: true
    },
  },

Reproduction

Github: https://github.com/raliclo/Nuxt_Security_PrimeVue_Pinia

Bug page http://localhost:3000/about

Description

Bug page http://localhost:3000/about

-What happens ? When I use "npm run dev" to view the bug page, the {{time}} called by nuxt server api is successfuly rendered. But if I use "npm run build" and run production version. The api call was not called. It seems to be "useCsrfFetch" not calling the nuxt server api in the production page.

-What is expected to happen ? useCsrfFetch is working and the about page call the nuxt server api.

Additional context

No response

Logs

[Baroshem]

@Morgbn

Would you be able to help here? :)

[OTTIN-T]

I have the same problem. I suppose it's linked to this #bug.

[MilesWuCode]

I have the same problem

my project working with nuxt-security 2.1.5 @sidebase/nuxt-auth 0.9.4

but when i update @sidebase/nuxt-auth 0.10.0 npm run dev : working npm run build :

message: "CSRF Cookie not found"
stack:""
statusCode:403
statusMessage:"CSRF Token Mismatch"