diff --git a/src/module.ts b/src/module.ts index ff38524d..edc7fc51 100644 --- a/src/module.ts +++ b/src/module.ts @@ -312,6 +312,8 @@ function registerSecurityNitroPlugins(nuxt: Nuxt, securityOptions: ModuleOptions ) // Register nitro plugin to enable CSP Headers presets for SSG + // TEMPORARILY DISABLED AS NUXT 3.9.3 PREVENTS IMPORTING @NUXT/KIT IN NITRO PLUGINS + /* config.plugins.push( normalize( fileURLToPath( @@ -319,6 +321,7 @@ function registerSecurityNitroPlugins(nuxt: Nuxt, securityOptions: ModuleOptions ) ) ) + */ // Nitro plugin to enable CSP Nonce for SSR config.plugins.push( diff --git a/test/perRoute.test.ts b/test/perRoute.test.ts index b6526286..a2cd6cae 100644 --- a/test/perRoute.test.ts +++ b/test/perRoute.test.ts @@ -832,10 +832,13 @@ describe('[nuxt-security] Per-route Configuration', async () => { it('does not inject CSP hashes on a deeply-disabled route', async () => { const res = await fetch('/csp-hash/deep/disabled') + // DISABLING THIS PART OF THE TEST AFTER PATCH #348 THAT REMOVES CSP SSG PRESETS + /* const cspHeaderValue = res.headers.get('content-security-policy') expect(cspHeaderValue).toBeDefined() const headerHashes = cspHeaderValue!.match(/'sha256-(.*?)'/) expect(headerHashes).toBeNull() + */ const text = await res.text() const head = text.match(/(.*?)<\/head>/s)?.[1] @@ -849,10 +852,13 @@ describe('[nuxt-security] Per-route Configuration', async () => { it('injects CSP hashes on a deeply-enabled route', async () => { const res = await fetch('/csp-hash/deep/enabled') + // DISABLING THIS PART OF THE TEST AFTER PATCH #348 THAT REMOVES CSP SSG PRESETS + /* const cspHeaderValue = res.headers.get('content-security-policy') expect(cspHeaderValue).toBeDefined() const headerHashes = cspHeaderValue!.match(/'sha256-(.*?)'/) expect(headerHashes).toHaveLength(2) + */ const text = await res.text() const head = text.match(/(.*?)<\/head>/s)?.[1]