Baroshem
Nonce value showing as undefined in prod after version 2.3.0
Environment
- Operating System: Darwin
- Node Version: v22.20.0
- Nuxt Version: 4.1.2
- CLI Version: 3.28.0
- Nitro Version: 2.12.6
- Package Manager: [email protected]
- Builder: -
- User Config: compatibilityDate, devtools, nitro, modules, piniaPluginPersistedstate, runtimeConfig, css, typescript, security
- Runtime Modules: @nuxtjs/[email protected], @nuxt/[email protected], @nuxt/test-utils/[email protected], @vee-validate/[email protected], @pinia/[email protected], pinia-plugin-persistedstate/[email protected], [email protected]
- Build Modules: -
Nuxt Security Version
v2.3.0
Default setup used?
Yes, the bug happens even if the security option is not customized
Security options
security: {
headers: {
contentSecurityPolicy: {
'img-src': ["'self'", 'data:'],
'script-src': [
"'self'",
"'unsafe-inline'",
"'strict-dynamic'",
"'nonce-{{nonce}}'"
],
'style-src': ["'self'", "'unsafe-inline'"],
'font-src': ["'self'", 'data:'],
'frame-src': ["'self'"],
'worker-src': ["'self'", 'blob:'],
'upgrade-insecure-requests': process.env.NODE_ENV === 'development' ? false : true
},
crossOriginEmbedderPolicy: false,
crossOriginOpenerPolicy: false,
crossOriginResourcePolicy: false,
},
removeLoggers: process.env.NODE_ENV === 'test' ? false : true
}
Reproduction
"nuxt-security": "2.3.0",
Description
After upgrading to version 2.3.0, app no longer creates nonce values in production.
Locally app creates nonce values and everything works as expected, but when deploying the app as a Azure Static Web App the nonces are all undefined.
This works perfectly well with version 2.2.0, only after upgrading to 2.3.0 did this issue start happening
Hey,
thanks for the issue.
@vejja do you have an idea what could be the issue?
From what I see, the biggest change between 2.2.0 and 2.3.0 is the bump to Node 20 as the default and drop of crypto package.
Has anybody else also encountered this issue in version 2.3.0 or later?
