nuxt-security
OWASP Top 10 module that adds a few security improvements in form of a customizable server middlewares to your Nuxt application. All middlewares can be modified or disabled if needed. They can also be configured to work only on certain routes. By default all middlewares are configured to work globally.
Features
- Nuxt 3 ready
- Same Security headers set as by popular Express.js middleware helmet
- Hidden 'X-Powered-By' header
- Request Size Limiter
- Rate Limiter
- XSS Validator for both GET and POST requests
- CORS Handler similar to popular Express.js middleware
- Allowed HTTP Methods Restricter
- Basic Auth support
- TypeScript support
📖 Read the documentation
Preview
Setup
yarn add nuxt-security
npm i nuxt-security
Usage
The only thing you need to do to use the module in the default configuration is to register the module in the modules
array in nuxt.config.ts
:
{
modules: [
"nuxt-security",
],
security: {}
}
The module will configure for you several response headers with the values recommended by Helmet as well as custom middlewares for rate and request limiting, xss validation, and CORS handling. More to come soon!
If you wish to modify them you can do so from the configuration:
{
modules: [
"nuxt-security",
],
security: {
requestSizeLimiter: {
value: {
maxRequestSizeInBytes: 3000000,
maxUploadFileRequestInBytes: 9000000,
},
route: '/upload-file'
}
}
}
For all available configuration options check out the docs
Development
- Run
npm run dev:prepare
to generate type stubs. - Use
npm run dev
to start playground in development mode.
License
MIT License