torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: update security headers and improve content security policy; enhance hero image component and loading states in public news
All checks were successful
Code Analysis and Production Deploy / analyze (push) Successful in 7m31s
Details
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Details
Code Analysis and Production Deploy / deploy-test (push) Successful in 2m1s
Details

Browse Source
This commit is contained in:
Torsten Schulz (local)
2026-05-31 14:19:15 +02:00
parent 6983186caf
commit bf1caefde4
9 changed files with 99 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
server/middleware/security-headers.js
View File

@@ -38,9 +38,8 @@ export default defineEventHandler((event) => {
"base-uri 'self'",
"object-src 'none'",
`frame-ancestors ${allowedFrameAncestors}`,
// Nuxt lädt Fonts ggf. von Google (siehe nuxt.config.js)
"font-src 'self' https://fonts.gstatic.com data:",
"style-src 'self' 'unsafe-inline' https://fonts.googleapis.com",
"font-src 'self' data:",
"style-src 'self' 'unsafe-inline'",
// Script: Nuxt kann in Dev eval nutzen; diese CSP ist primär für Produktion gedacht.
"script-src 'self'",
"img-src 'self' data: blob:",