Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chore/2.0.0 #492

Merged
merged 33 commits into from
Sep 19, 2024
Merged

Chore/2.0.0 #492

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
ff0ecfe
feat(csp): support style nonce in development
dargmuesli Jun 12, 2024
fad91ee
Update from useScript to Nuxt Scripts
vejja Jul 1, 2024
338be11
feat-#487: local dev with nuxt devtools
Baroshem Jul 2, 2024
b7701f1
Merge pull request #475 from dargmuesli/feat/csp/vite
Baroshem Jul 16, 2024
88dbb4c
Merge pull request #488 from Baroshem/feat/#487
Baroshem Jul 16, 2024
2d0ae0a
Merge pull request #485 from Baroshem/vejja-patch-3
Baroshem Jul 16, 2024
4528880
fix: ensure RegExp[] origin can be passed to appSecurityOptions
Shana-AE Jul 22, 2024
765d7e1
Merge pull request #498 from Shana-AE/fix/regexp-corsHanlder.origin
Baroshem Jul 26, 2024
23af05a
test: use nullish coalescing operator
P4sca1 Jul 31, 2024
eb097d0
test: add test cases for server-only components
P4sca1 Jul 31, 2024
c38a710
fix: log warning when removing static nonce from CSP header
P4sca1 Jul 31, 2024
2b0cf0f
fix: skip nonce generation and csp header update for NuxtIsland requests
P4sca1 Jul 31, 2024
a2425ce
docs: update information about Nuxt Image
P4sca1 Jul 31, 2024
0e3ab07
chore: fix typo
P4sca1 Jul 31, 2024
7811a00
Merge pull request #503 from P4sca1/docs/image-faq
Baroshem Aug 1, 2024
b0b4a08
merge changes from #500 into #502
vejja Aug 2, 2024
57ff90b
Replace isIslandRequest util with check if nonce already exist
P4sca1 Aug 3, 2024
1a5ada9
fix: use console warn instead of useLogger
P4sca1 Aug 3, 2024
e6df1ac
Merge pull request #502 from P4sca1/main
Baroshem Aug 6, 2024
4993963
feat: bump unplugin-remove to fix sitemaps
Baroshem Aug 8, 2024
b133ed6
Revert "fix: ensure RegExp[] origin can be passed to appSecurityOptions"
Baroshem Aug 9, 2024
6d16201
fix: limit cors options to serializable types, support RegExp
P4sca1 Aug 9, 2024
2763f72
Add test cases for CORS
P4sca1 Aug 9, 2024
be68db2
Add regexp example to docs and warn about escaping dots
P4sca1 Aug 9, 2024
1f70e88
Pass origin * as is
P4sca1 Aug 9, 2024
2151b7d
Fix linting issues
P4sca1 Aug 9, 2024
6a04128
origin matching should be case insensitive
P4sca1 Aug 9, 2024
f613df5
fix: update to latest @nuxt/module-builder
ThibaultVlacich Sep 9, 2024
a359071
Merge pull request #516 from ThibaultVlacich/update-module-builder
Baroshem Sep 9, 2024
3a5e3bf
fix: augment @nuxt/schema rather than nuxt/schema
ThibaultVlacich Sep 12, 2024
0c48ec5
Merge pull request #520 from ThibaultVlacich/fix/augment-@nuxt/schema
Baroshem Sep 19, 2024
85e5c91
Merge pull request #509 from P4sca1/fix/regexp-origin
Baroshem Sep 19, 2024
4c577d1
chore: bump to 2.0.0
Baroshem Sep 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
origin matching should be case insensitive 
Signed-off-by: Pascal Sthamer <[email protected]>
  • Loading branch information
@P4sca1
P4sca1 committed Aug 9, 2024
commit 6a041285cb688064725f3f7f5ea51cce71a1f5b1
2 changes: 1 addition & 1 deletion src/runtime/server/middleware/corsHandler.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ export default defineEventHandler((event) => {
}

if (origin && origin !== '*' && corsHandler.useRegExp) {
origin = origin.map((o) => new RegExp(o))
origin = origin.map((o) => new RegExp(o, 'i'))
}

handleCors(event, {
Expand Down
5 changes: 5 additions & 0 deletions test/cors.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,11 @@ describe('[nuxt-security] CORS', async () => {
expect(res.headers.get('Access-Control-Allow-Origin')).toBeNull()
})

it('should match origins with regular expressions in a case-insensitive way', async () => {
const res = await fetch('/regexp-single', { headers: { origin: 'https://A.EXAMPLE.COM' } })
expect(res.headers.get('Access-Control-Allow-Origin')).toBe('https://A.EXAMPLE.COM')
})

it('should support multiple regular expressions', async () => {
let res = await fetch('/regexp-multi', { headers: { origin: 'https://a.example.com' } })
expect(res.headers.get('Access-Control-Allow-Origin')).toBe('https://a.example.com')
Expand Down
Loading