Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@nlo/nuxt-common-base-application
Advanced tools
This base nuxt application contains shared setup for creating and maintaining NLO lottery website applications in Nuxt.
This should only be included directly by lottery websites, so we can update @nlo/nuxt-common independently of this package.
To include this nuxt layer into your own application, add it to the layers array in nuxt.config.ts, like so:
export default defineNuxtConfig({
extends: ['@nlo/nuxt-common-base-application'],
});
npm run lint
to run prettier and typescript checksnpm run test
to run unit testsnpm run dev
to run the nuxt applicationNUXT_REDIS_OPTIONS_BASE
The prefix of the key of the cache entriesNUXT_REDIS_OPTIONS_URL
The url to the redis instanceNUXT_REDIS_OPTIONS_TTL
The time to live of the cache entriesNUXT_ENABLE_REDIS_CACHE
Boolean indicating if redis should be enabled for page cachingNUXT_LRU_OPTIONS_MAX
Maximum number of LRU cache entriesNUXT_ENABLE_LRU_CACHE
Boolean indicating if LRU cache should be enabled for page cachingFor applying the best practices around security headers, we use https://nuxt-security.vercel.app. Using a library forces us to work in a security-by-default way of working. Information about required security headers can be found here: https://loterij.atlassian.net/wiki/spaces/NLDT/pages/3571253310/Required+http+headers+security
These security headers are applied by default, but need to be adjusted per vertical. Primarily specifying which resource-type is allowed from what domain is required.
Example configuration to allow every type of resource from the Portal domain:
nuxt.config.ts
security: {
headers: {
contentSecurityPolicy: {
'default-src': ['https://www.nederlandseloterij.nl'],
},
},
},
If you want to allow all resources from all domains, use the following example:
nuxt.config.ts
security: {
headers: {
contentSecurityPolicy: {
'default-src': ['*'],
},
},
},
Note that these configurations are built-time only.
If you want to have run-time configuration (such as limit which domains are allowed), use the NUXT_SECURITY_HEADERS_CONTENT_SECURITY_POLICY_DEFAULT_SRC
environment variable with the specified format:
[\"https://my-allowed-website.nl\",\"\'unsafe-inline\'\",\"\'unsafe-eval\'\",\"wss:\"]
This format is basically a string-array in escaped json format. but the single-quotes around unsafe-inline and unsafe-eval are required.
Note: For now we haven't added per-resource exclusion from nuxt-common since that would introduce a lot of configuration in every website.
For more details, see the website of the library.
FAQs
Nuxt3 layer for creating NLO Lottery websites
We found that @nlo/nuxt-common-base-application demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.