You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The main HTML document (headers correctly excluded)
Any static file (like .js or .css) where you'll see empty headers being applied
Note: The issue is only visible in production build (preview mode), not in development mode.
Description
When security headers are explicitly set to false in the configuration, they are still being included in the response headers but with empty values. This issue specifically affects headers that are processed by appliesToAllResources function and occurs:
For static files (not the main document/HTML file)
Only for the following headers (as defined in appliesToAllResources):
referrerPolicy
strictTransportSecurity
xContentTypeOptions
xDownloadOptions
xFrameOptions
xPermittedCrossDomainPolicies
xXSSProtection
Additional context
Logs
The text was updated successfully, but these errors were encountered:
Environment
Nuxt Security Version
2.1.5
Default setup used?
No, the bug happens only when I set custom values for the security option
Security options
Reproduction
Online reproduction: https://stackblitz.com/edit/nuxt-starter-khtpn4ga
To reproduce the issue:
yarn build
yarn preview
The main HTML document (headers correctly excluded)
Any static file (like .js or .css) where you'll see empty headers being applied
Note: The issue is only visible in production build (preview mode), not in development mode.
Description
When security headers are explicitly set to false in the configuration, they are still being included in the response headers but with empty values. This issue specifically affects headers that are processed by appliesToAllResources function and occurs:
Additional context
Logs
The text was updated successfully, but these errors were encountered: