Security middleware does not work on prod but does work on dev
Hey!
I just implemented the security module from Nuxt3 (https://nuxt-security.vercel.app/?utm_source=nuxt.com&utm_medium=aside-module&utm_campaign=nuxt.com). However, I encountered an issue where some features don't seem to work in my production (Netlify) environment. I tested it in my development environment, and there, it works fine. Not sure if it has something to do with ssr or Netlify.
I am facing the following issues (config in a seperate comment):
- In CORS, the access-control-allow-origin header includes my same-origin but also adds a * wildcard. My Nuxt configuration is provided in a separate comment below.
- For XSS protection, it should be enabled by default in Nuxt3. On my development environment, it correctly throws an error when I add
I just implemented the security module from Nuxt3 (https://nuxt-security.vercel.app/?utm_source=nuxt.com&utm_medium=aside-module&utm_campaign=nuxt.com). However, I encountered an issue where some features don't seem to work in my production (Netlify) environment. I tested it in my development environment, and there, it works fine. Not sure if it has something to do with ssr or Netlify.
I am facing the following issues (config in a seperate comment):
- In CORS, the access-control-allow-origin header includes my same-origin but also adds a * wildcard. My Nuxt configuration is provided in a separate comment below.
- For XSS protection, it should be enabled by default in Nuxt3. On my development environment, it correctly throws an error when I add
?test=<script>alert(1)</script>, but this does not happen in my production environment.
Nuxt Security
Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware.
