Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@nlo/nuxt-common-base-application

Package Overview
Dependencies
Maintainers
11
Versions
19
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@nlo/nuxt-common-base-application

Nuxt3 layer for creating NLO Lottery websites

  • 1.4.0
  • latest
  • npm
  • Socket score

Version published
Maintainers
11
Created
Source

NLO Nuxt common base application

This base nuxt application contains shared setup for creating and maintaining NLO lottery website applications in Nuxt.

This should only be included directly by lottery websites, so we can update @nlo/nuxt-common independently of this package.

Features:

  • Dictate nuxt version for verticals
  • Add security headers

Include in vertical

To include this nuxt layer into your own application, add it to the layers array in nuxt.config.ts, like so:

export default defineNuxtConfig({
	extends: ['@nlo/nuxt-common-base-application'],
});

Npm commands:

  • npm run lint to run prettier and typescript checks
  • npm run test to run unit tests
  • npm run dev to run the nuxt application

Environment variables

  • NUXT_REDIS_OPTIONS_BASE The prefix of the key of the cache entries
  • NUXT_REDIS_OPTIONS_URL The url to the redis instance
  • NUXT_REDIS_OPTIONS_TTL The time to live of the cache entries
  • NUXT_ENABLE_REDIS_CACHE Boolean indicating if redis should be enabled for page caching
  • NUXT_LRU_OPTIONS_MAX Maximum number of LRU cache entries
  • NUXT_ENABLE_LRU_CACHE Boolean indicating if LRU cache should be enabled for page caching

Security headers

For applying the best practices around security headers, we use https://nuxt-security.vercel.app. Using a library forces us to work in a security-by-default way of working. Information about required security headers can be found here: https://loterij.atlassian.net/wiki/spaces/NLDT/pages/3571253310/Required+http+headers+security

These security headers are applied by default, but need to be adjusted per vertical. Primarily specifying which resource-type is allowed from what domain is required.

Example configuration to allow every type of resource from the Portal domain:

nuxt.config.ts

security: {
	headers: {
		contentSecurityPolicy: {
			'default-src': ['https://www.nederlandseloterij.nl'],
		},
	},
},

If you want to allow all resources from all domains, use the following example:

nuxt.config.ts

security: {
	headers: {
		contentSecurityPolicy: {
			'default-src': ['*'],
		},
	},
},

Note that these configurations are built-time only. If you want to have run-time configuration (such as limit which domains are allowed), use the NUXT_SECURITY_HEADERS_CONTENT_SECURITY_POLICY_DEFAULT_SRC environment variable with the specified format:

[\"https://my-allowed-website.nl\",\"\'unsafe-inline\'\",\"\'unsafe-eval\'\",\"wss:\"]

This format is basically a string-array in escaped json format. but the single-quotes around unsafe-inline and unsafe-eval are required.

Note: For now we haven't added per-resource exclusion from nuxt-common since that would introduce a lot of configuration in every website.

For more details, see the website of the library.

FAQs

Package last updated on 05 Mar 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc