search

nuxt-modules / security

🛡 Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware
https://nuxt-security.vercel.app/
MIT License
830 stars 60 forks source link

useCsrfFetch is not working after running "npm run build" in production #583

Open raliclo opened 18 hours ago

raliclo commented 18 hours ago

Environment

Nuxt project info:                                                                                       
------------------------------
- Operating System: Windows_NT
- Node Version:     v23.0.0
- Nuxt Version:     3.14.1592
- CLI Version:      3.16.0
- Nitro Version:    2.10.4
- Package Manager:  npm@10.9.0
- Builder:          -
- User Config:      default
- Runtime Modules:  nuxt-security@2.1.5, @primevue/nuxt-module@4.2.4, @pinia/nuxt@0.8.0
- Build Modules:    -
------------------------------

Nuxt Security Version

v2.1.5

Default setup used?

Yes, the bug happens even if the security option is not customized

Security options

security: {
    csrf: true,
    headers: {
      xXSSProtection: '0'
    },
    rateLimiter: {
      tokensPerInterval: 5,
      interval: 30000,
      headers: true
    },
  },

Reproduction

Github: https://github.com/raliclo/Nuxt_Security_PrimeVue_Pinia

Bug page http://localhost:3000/about

Description

Bug page http://localhost:3000/about

-What happens ? When I use "npm run dev" to view the bug page, the {{time}} called by nuxt server api is successfuly rendered. But if I use "npm run build" and run production version. The api call was not called. It seems to be "useCsrfFetch" not calling the nuxt server api in the production page.

-What is expected to happen ? useCsrfFetch is working and the about page call the nuxt server api.

Additional context

No response

Logs

Baroshem commented 11 hours ago

@Morgbn

Would you be able to help here? :)