Nuxt Security Module for SPA

[ademyalcin27]

I have a quick question regarding the Nuxt Security module. Can we use this module for a Single Page Application (SPA)? If yes, could you please share a small example or provide some guidance on how to implement it?

Thank you in advance for your help!

[Baroshem]

Hey Buddy

By default, Nuxt Security is mainly meant for SSR due to the middleware functions such as rate limiters or CSRF.

However, we have enabled certain part of the functionality to be used in SSG apps (like Content Security Policy via http-equiv).

So to answer your question, you could use this functionality to set meta http equiv but keep in mind that majority of the functionality will not work. Also, with frontend navigation you could get some conflicting values of headers.

So I would not recommend to use this module for SPA. You could use your hosting provider security featues (i.e Cloudflare comes with DDoS support)

[ademyalcin27]

Hi,

Thank you for your detailed answer! It was very helpful. However, we are currently running a Nuxt project in SPA mode within a C# backend, and we are facing an issue with Content Security Policy (CSP). We have to manually generate SHA hashes for inline scripts on the backend, which is quite cumbersome. Additionally, whenever we update the nuxt.config.js file, the inline scripts change, and we need to regenerate the hashes.

Do you have any suggestions on how we could automate this process? We are planning to use the Nuxt Security module in SSG mode in the future, but I would like to better understand what you mean by "majority of the functionality" not working in SPA mode. This might help us determine if we can adapt some of the features to our current setup.

Thank you in advance for your help!