Closed MickL closed 5 months ago
Hi @MickL Route rules are merged additively with array syntax. You can overwrite global settings substitutively with string syntax :
routeRules: {
'/contact': {
security: {
headers: {
contentSecurityPolicy: {
'img-src': 'https://maps.googleapis.com https://maps.gstatic.com'
// For Google Maps
},
},
},
},
}
This is explained in the docs here
FYI we are aware that this is quite complex and not very intuitive. Right now we are constrained by the Nitro router, but we are planning to change this in the future (merging will always be substitutive, which will work as you expect), see PR #429
If it is merged, shouldn’t it work they way I wrote it? Or am I missing something?
Sorry I might have misunderstood What headers do you get ?
Maybe I get it wrong but setting CSP for specific routes doesnt seem to work:
If I set it globally it works:
If I got the docs right and the first example should work I will create a reproduction sandbox.