Update 1.setup.md - Githubissues

Baroshem / nuxt-security

🛡 Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware

https://nuxt-security.vercel.app/

MIT License

737 stars 56 forks source link

Update 1.setup.md #473

Open hermes85pl opened 3 weeks ago

hermes85pl commented 3 weeks ago

Provide alternative setting for development in a cleaner way.

Types of changes

[ ] Bug fix (a non-breaking change which fixes an issue)
[ ] New feature (a non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to change)

Description

Checklist:

[ ] My change requires a change to the documentation.
[ ] I have updated the documentation accordingly.
[ ] I have added tests to cover my changes (if not applicable, please state why)

vercel[bot] commented 3 weeks ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
nuxt-security	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 4, 2024 5:15pm

hermes85pl commented 3 weeks ago

I think that it would be better to find a solution to make DevTools work out of the box, without any additional configuration, as they are becoming omnipresent. In my opinion requiring everyone to do the same change in their configuration should be avoided and the module should resort to providing reasonable defaults instead. Still, until such a decision is made, I think that the change that I proposed enables the module's users to make a cleaner change in their configuration in order for DevTools to work.

Baroshem commented 2 weeks ago

Hey @hermes85pl

I do agree with your idea. @vejja do you think we should ship such if statement as a part of the default config?

detect what is the environment and if it is dev then set a different value of the header automaically to avoid conflict with the dev tools? We could keep the devtools section with an info that in the default config it is supported but if you change it you can solve the issue like following.

WDYT?

hermes85pl commented 2 weeks ago

So there would be some information that the default config for the development environment is slightly different (with the explanation what exactly and why so), and additionally how to achieve the same (using the above method) to achieve the same in case you provided your own config and the DevTools stopped working for you? Did I get it right?

Baroshem commented 2 weeks ago

Yes, thats the idea so that majority of the users wouldnt have to set the same config in dev environment as majority of the users already use dev tools (we are anning to have some devtools integration as well once I find a time to implement it 😃)

Baroshem commented 2 days ago

@vejja what are your thoughts? :)

vejja commented 2 days ago

I think it's a good idea !

Baroshem commented 2 days ago

@hermes85pl would you be interested in creating a PR with this change where the setup of this specific header wouldnt be neede at all in dev environment?

We can provide all help needed :)

hermes85pl commented 1 hour ago

It doesn't fit in my agenda, and this is why I created this PR instead and only suggested a better idea for the final solution.

How do you feel about merging this PR to change the docs like this until there is a better solution?