Closed MarijnFK closed 2 months ago
You're right and I think the conclusion is that we do not support SWR.
I struggle to see how SWR is compatible with nonce
. Nonce is supposed to be generated just once and be unguessable. If we re-use nonces, this breaks the RFC. So we have 2 solutions:
hash
mode, as if the page was pre-rendered with SSG. Seems better probably @Baroshem what's your opinion on this ?
Thanks for the investigation @vejja
I would probably go for the second option but maybe @danielroe would have a better idea? :)
Let me investigate better because I actually think we can support natively without moving to hash mode
Update: I think the new feat/unified-router-context branch will support SWR natively, will confirm later
@MarijnFK would you be able to share a minimal Stackblitz repro of a basic use case ? I'd like to check that we can indeed support SWR on a relevant setup
@vejja I've made a very simple stackblitz, it's not really a use-case but it shows the problem. stackblitz
The top date shows the ssr-date. It should update every 10 seconds. The bottom date should be hydrated, but doesn't because the script is blocked from executing
@vejja have you maybe checked if this new solution of yours works with the stackblitz repro providede by @MarijnFK ?
@vejja have you maybe checked if this new solution of yours works with the stackblitz repro providede by @MarijnFK ?
Yes, I included an equivalent example in the playground under the /swr
page there, it is testable with yarn dev
and then going to localhost:3000/swr
@vejja Good to hear, looking forward to the update! Thanks for the (quick!) responses
When using a SWR option in routeRUles, the nonce-header does not match the one served from the server:
Version
nuxt-security: 1.3.2 nuxt: 3.11.x
Steps to reproduce
enable swr on all routes:
What is Expected?
The header should use the generated nonce value
![image](https://github.com/Baroshem/nuxt-security/assets/47977238/6224d610-bd2d-4376-b83d-d23ea37ebdd5)
What is actually happening?
The header uses the new nonce, but the html served is using the nonce that was used when generating the page