RollupError: "removeResponseHeader" is not exported by "virtual:#imports"

Baroshem / nuxt-security

🛡 Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware

https://nuxt-security.vercel.app/

MIT License

810 stars 56 forks source link

RollupError: "removeResponseHeader" is not exported by "virtual:#imports" #363

Closed rizqirizqi closed 7 months ago

rizqirizqi commented 8 months ago

Version

nuxt-security: v1.0.1 nuxt: v3.6.5

Reproduction Link

Cannot reproduce on fresh install

Steps to reproduce

Install nuxt-security on existing nuxt v3.6.5 app (with some other dependencies installed)
Run pnpm dev
This error shows up

What is Expected?

Working smoothly

What is actually happening?

Error RollupError: "removeResponseHeader" is not exported by "virtual:#imports", imported by "node_modules/.pnpm/nuxt-security@1.0.1/node_modules/nuxt-security/dist/runtime/nitro/plugins/01-hidePoweredBy.mjs".

rizqirizqi commented 8 months ago

I guess this happened because nuxt-security is trying to import the removeResponseHeader function from h3 via #imports, which probably needs to be included in nuxt auto-imports first using addImportsSources https://nuxt.com/docs/api/kit/autoimports#addimportssources.

rizqirizqi commented 8 months ago

Okay, so, after looking at h3 changelog, I realized that removeResponseHeader is just added in h3 v1.8.0:

https://github.com/unjs/h3/blob/e38d4446354aba7e28d0971737f31787f25c4cad/CHANGELOG.md?plain=1#L346

Which probably h3 ^v1.8.0 should be the peer dependency of nuxt-security.

rizqirizqi commented 8 months ago

For those looking for a quick fix, before the peer dependency is added. You can add resolution for h3 to your package.json:

"resolutions": {
  "h3": "1.10.1"
},

vejja commented 8 months ago

Okay, so, after looking at h3 changelog, I realized that removeResponseHeader is just added in h3 v1.8.0:

https://github.com/unjs/h3/blob/e38d4446354aba7e28d0971737f31787f25c4cad/CHANGELOG.md?plain=1#L346

Which probably h3 ^v1.8.0 should be the peer dependency of nuxt-security.

Weird because our package.json requires nuxt@^3.8.0 which itself requires h3@^1.9.0 Our yarn.lock pins h3 to 1.9.0, not sure why you had an incorrect version ?

rizqirizqi commented 8 months ago

Hmm, probably because I'm still using nuxt@3.6.5 and the h3@1.7.x is still required by my other deps.

Here's the current state after adding h3 resolution:

Screenshot from 2024-02-01 10-47-34

Baroshem commented 8 months ago

Hey,

Thanks for reporting this issue. However reading through the comments, I think it is not an issue from NuxtSecurity as pointed out by @vejja as we have the h3 pinned to the version of Nuxt used which is 3.8.X

If you dobt mind, I will close the ticket as not planned 🙂

rizqirizqi commented 7 months ago

Yeah, you can close the ticket.