Closed dogharrycatpotter closed 2 months ago
@vejja
Could you take a look at it? I think we missed something in the latest release.
@dogharrycatpotter could you please remain at 1.2.X until the end of the week? I am currently off and wont be able to release a patch version but when I will be back, this is my top priority.
I'm in a similar situation and would like to provide information.
Nuxt started returning a 500 error, and at the same time the CSP nonce was not being expanded correctly. The error output from Nuxt is below, and this has started occurring since 1.3.0. After reverting to 1.2.1, the problem no longer occurred.
2024-04-04T04:02:15.798650645Z [nuxt] [request error] [unhandled] [500] The "list" argument must be an instance of SharedArrayBuffer, ArrayBuffer or ArrayBufferView.
2024-04-04T04:02:15.798705846Z at TextDecoder.decode (node:internal/encoding:449:16)
2024-04-04T04:02:15.798712046Z at ./server/chunks/runtime.mjs:5802:67
2024-04-04T04:02:15.798715846Z at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
2024-04-04T04:02:15.798720346Z at async ./server/chunks/routes/renderer.mjs:292:3
2024-04-04T04:02:15.798723846Z at async Object.handler (./server/chunks/routes/renderer.mjs:29:22)
2024-04-04T04:02:15.798727546Z at async Object.handler (./server/chunks/runtime.mjs:3064:19)
2024-04-04T04:02:15.798731146Z at async Server.toNodeHandle (./server/chunks/runtime.mjs:3330:7)
I checked the location where the error occurred and found that it occurred in the code below that was corrected in #396. https://github.com/Baroshem/nuxt-security/blob/d0a3c3fd252f0c27b7010a03d78349be8d8261a4/src/runtime/nitro/plugins/03-subresourceIntegrity.ts#L25-L26
Fixing now, will patch
@fujita-h this seems to be a different issue Can you let me know which version of Nuxt you are using
npm ls nuxt
or yarn list nuxt
Thanks@vejja got it. The environment that occurred is little complex, so I will open a new issue when I can reproduce it.
Hi @fujita-h I'm able to reproduce, with Nuxt 3.11.1 on my end Taking care of it
Released patch 1.3.1 with a fix for that from @vejja.
Please check if it works now :)
Version
nuxt-security: 1.3.0 nuxt: 3.11.1
Reproduction Link
n/a
Steps to reproduce
n/a
What is Expected?
The nuxt.config.ts file definition is below, and "nonce-${nonce}" is correctly set in the response.
What is actually happening?
The following error has occurred.
This is probably caused by the lack of "getResponseHeaders" in the first line of src/runtime/nitro/plugins/99-cspSsrNonce.ts: import { defineNitroPlugin, getRouteRules, setResponseHeader } from '#imports'