add nuxt-security and config

nuxt.config.ts

@@ -133,12 +133,29 @@ export default defineNuxtConfig({
     'nuxt3-leaflet',
     '@nuxtjs/google-fonts',
     '@nuxtjs/sitemap',
+    'nuxt-security',
   ],
   router: {
     options: {
       scrollBehaviorType: 'smooth',
     },
   },
+  security: {
+    sri: true,
+    headers: {
+      strictTransportSecurity: {
+        maxAge: 31536000,
+        includeSubdomains: true,
+        preload: true,
+      },
+      xContentTypeOptions: 'nosniff',
+      xFrameOptions: 'SAMEORIGIN',
+      xXSSProtection: '1; mode=block',
+      hidePoweredBy: true,
+      crossOriginEmbedderPolicy:
+        process.env.NODE_ENV === 'development' ? 'unsafe-none' : 'require-corp',
+    },
+  },
   webfontloader: {
     google: {
       families: ['Barlow:300,400,500,700&display=swap'],

package.json

@@ -47,6 +47,7 @@
     "libphonenumber-js": "^1.10.55",
     "nuxt": "^3.11.2",
     "nuxt-lodash": "^2.5.3",
+    "nuxt-security": "^2.0.0-beta.5",
     "nuxt3-leaflet": "^1.0.12",
     "ofetch": "^1.3.3",
     "pinia": "^2.1.7",

yarn.lock

@@ -96,7 +96,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@babel/core@npm:^7.24.5":
+"@babel/core@npm:^7.24.4, @babel/core@npm:^7.24.5":
   version: 7.24.6
   resolution: "@babel/core@npm:7.24.6"
   dependencies:
@@ -1837,7 +1837,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@nuxt/kit@npm:3.11.2, @nuxt/kit@npm:^3.10.3, @nuxt/kit@npm:^3.11.1, @nuxt/kit@npm:^3.11.2, @nuxt/kit@npm:^3.5.0, @nuxt/kit@npm:^3.5.2, @nuxt/kit@npm:^3.7.3, @nuxt/kit@npm:^3.8.0":
+"@nuxt/kit@npm:3.11.2, @nuxt/kit@npm:^3.10.2, @nuxt/kit@npm:^3.10.3, @nuxt/kit@npm:^3.11.1, @nuxt/kit@npm:^3.11.2, @nuxt/kit@npm:^3.5.0, @nuxt/kit@npm:^3.5.2, @nuxt/kit@npm:^3.7.3, @nuxt/kit@npm:^3.8.0":
   version: 3.11.2
   resolution: "@nuxt/kit@npm:3.11.2"
   dependencies:
@@ -4528,6 +4528,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"basic-auth@npm:^2.0.1":
+  version: 2.0.1
+  resolution: "basic-auth@npm:2.0.1"
+  dependencies:
+    safe-buffer: "npm:5.1.2"
+  checksum: 10c0/05f56db3a0fc31c89c86b605231e32ee143fb6ae38dc60616bc0970ae6a0f034172def99e69d3aed0e2c9e7cac84e2d63bc51a0b5ff6ab5fc8808cc8b29923c1
+  languageName: node
+  linkType: hard
+
 "binary-extensions@npm:^2.0.0":
   version: 2.3.0
   resolution: "binary-extensions@npm:2.3.0"
@@ -4792,6 +4801,35 @@ __metadata:
   languageName: node
   linkType: hard
 
+"cheerio-select@npm:^2.1.0":
+  version: 2.1.0
+  resolution: "cheerio-select@npm:2.1.0"
+  dependencies:
+    boolbase: "npm:^1.0.0"
+    css-select: "npm:^5.1.0"
+    css-what: "npm:^6.1.0"
+    domelementtype: "npm:^2.3.0"
+    domhandler: "npm:^5.0.3"
+    domutils: "npm:^3.0.1"
+  checksum: 10c0/2242097e593919dba4aacb97d7b8275def8b9ec70b00aa1f43335456870cfc9e284eae2080bdc832ed232dabb9eefcf56c722d152da4a154813fb8814a55d282
+  languageName: node
+  linkType: hard
+
+"cheerio@npm:^1.0.0-rc.12":
+  version: 1.0.0-rc.12
+  resolution: "cheerio@npm:1.0.0-rc.12"
+  dependencies:
+    cheerio-select: "npm:^2.1.0"
+    dom-serializer: "npm:^2.0.0"
+    domhandler: "npm:^5.0.3"
+    domutils: "npm:^3.0.1"
+    htmlparser2: "npm:^8.0.1"
+    parse5: "npm:^7.0.0"
+    parse5-htmlparser2-tree-adapter: "npm:^7.0.0"
+  checksum: 10c0/c85d2f2461e3f024345b78e0bb16ad8e41492356210470dd1e7d5a91391da9fcf6c0a7cb48a9ba8820330153f0cedb4d0a60c7af15d96ecdb3092299b9d9c0cc
+  languageName: node
+  linkType: hard
+
 "chokidar@npm:>=3.0.0 <4.0.0, chokidar@npm:^3.5.1, chokidar@npm:^3.5.3, chokidar@npm:^3.6.0":
   version: 3.6.0
   resolution: "chokidar@npm:3.6.0"
@@ -4968,7 +5006,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"commander@npm:^2.20.0":
+"commander@npm:^2.20.0, commander@npm:^2.20.3":
   version: 2.20.3
   resolution: "commander@npm:2.20.3"
   checksum: 10c0/74c781a5248c2402a0a3e966a0a2bba3c054aad144f5c023364be83265e796b20565aa9feff624132ff629aa64e16999fa40a743c10c12f7c61e96a794b99288
@@ -5218,6 +5256,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"cssfilter@npm:0.0.10":
+  version: 0.0.10
+  resolution: "cssfilter@npm:0.0.10"
+  checksum: 10c0/478a227a616fb6e9bb338eb95f690df141b86231ec737cbea574484f31a09a51db894b4921afc4987459dae08d584355fd689ff2a7a7c7a74de4bb4c072ce553
+  languageName: node
+  linkType: hard
+
 "cssnano-preset-default@npm:^6.1.2":
   version: 6.1.2
   resolution: "cssnano-preset-default@npm:6.1.2"
@@ -5485,7 +5530,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"defu@npm:^6.0.0, defu@npm:^6.1.2, defu@npm:^6.1.3, defu@npm:^6.1.4":
+"defu@npm:^6.0.0, defu@npm:^6.1.1, defu@npm:^6.1.2, defu@npm:^6.1.3, defu@npm:^6.1.4":
   version: 6.1.4
   resolution: "defu@npm:6.1.4"
   checksum: 10c0/2d6cc366262dc0cb8096e429368e44052fdf43ed48e53ad84cc7c9407f890301aa5fcb80d0995abaaf842b3949f154d060be4160f7a46cb2bc2f7726c81526f5
@@ -7382,6 +7427,18 @@ __metadata:
   languageName: node
   linkType: hard
 
+"htmlparser2@npm:^8.0.1":
+  version: 8.0.2
+  resolution: "htmlparser2@npm:8.0.2"
+  dependencies:
+    domelementtype: "npm:^2.3.0"
+    domhandler: "npm:^5.0.3"
+    domutils: "npm:^3.0.1"
+    entities: "npm:^4.4.0"
+  checksum: 10c0/609cca85886d0bf2c9a5db8c6926a89f3764596877492e2caa7a25a789af4065bc6ee2cdc81807fe6b1d03a87bf8a373b5a754528a4cc05146b713c20575aab4
+  languageName: node
+  linkType: hard
+
 "http-cache-semantics@npm:^4.1.1":
   version: 4.1.1
   resolution: "http-cache-semantics@npm:4.1.1"
@@ -9344,6 +9401,17 @@ __metadata:
   languageName: node
   linkType: hard
 
+"nuxt-csurf@npm:^1.5.1":
+  version: 1.5.2
+  resolution: "nuxt-csurf@npm:1.5.2"
+  dependencies:
+    "@nuxt/kit": "npm:^3.10.2"
+    defu: "npm:^6.1.4"
+    uncsrf: "npm:^1.1.1"
+  checksum: 10c0/919575adf3b23c69c2487f534e2f6545845ab5af219698df0d4a6d5494f209bc79f6c972ce067281990927985f0871f79cbbbbdfc3b850a8de0c7ba42f7f5bc5
+  languageName: node
+  linkType: hard
+
 "nuxt-lodash@npm:^2.5.3":
   version: 2.5.3
   resolution: "nuxt-lodash@npm:2.5.3"
@@ -9355,6 +9423,22 @@ __metadata:
   languageName: node
   linkType: hard
 
+"nuxt-security@npm:^2.0.0-beta.5":
+  version: 2.0.0-beta.5
+  resolution: "nuxt-security@npm:2.0.0-beta.5"
+  dependencies:
+    "@nuxt/kit": "npm:^3.11.2"
+    basic-auth: "npm:^2.0.1"
+    cheerio: "npm:^1.0.0-rc.12"
+    defu: "npm:^6.1.1"
+    nuxt-csurf: "npm:^1.5.1"
+    pathe: "npm:^1.0.0"
+    unplugin-remove: "npm:^1.0.2"
+    xss: "npm:^1.0.14"
+  checksum: 10c0/8a5cad387b41d7d03fde76ab71f5ff3b9e0970502783a80f5d9f0cd4f3e6a6a34834e183fc14eab4a4ac5351a4119739aea4c02d387059f62c964756976f03eb
+  languageName: node
+  linkType: hard
+
 "nuxt-site-config-kit@npm:2.2.12, nuxt-site-config-kit@npm:^2.2.12":
   version: 2.2.12
   resolution: "nuxt-site-config-kit@npm:2.2.12"
@@ -9826,7 +9910,17 @@ __metadata:
   languageName: node
   linkType: hard
 
-"parse5@npm:^7.1.2":
+"parse5-htmlparser2-tree-adapter@npm:^7.0.0":
+  version: 7.0.0
+  resolution: "parse5-htmlparser2-tree-adapter@npm:7.0.0"
+  dependencies:
+    domhandler: "npm:^5.0.2"
+    parse5: "npm:^7.0.0"
+  checksum: 10c0/e820cacb8486e6f7ede403327d18480df086d70e32ede2f6654d8c3a8b4b8dc4a4d5c21c03c18a92ba2466c513b93ca63be4a138dd73cd0995f384eb3b9edf11
+  languageName: node
+  linkType: hard
+
+"parse5@npm:^7.0.0, parse5@npm:^7.1.2":
   version: 7.1.2
   resolution: "parse5@npm:7.1.2"
   dependencies:
@@ -10920,6 +11014,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"safe-buffer@npm:5.1.2, safe-buffer@npm:~5.1.0, safe-buffer@npm:~5.1.1":
+  version: 5.1.2
+  resolution: "safe-buffer@npm:5.1.2"
+  checksum: 10c0/780ba6b5d99cc9a40f7b951d47152297d0e260f0df01472a1b99d4889679a4b94a13d644f7dbc4f022572f09ae9005fa2fbb93bbbd83643316f365a3e9a45b21
+  languageName: node
+  linkType: hard
+
 "safe-buffer@npm:^5.1.0, safe-buffer@npm:~5.2.0":
   version: 5.2.1
   resolution: "safe-buffer@npm:5.2.1"
@@ -10927,13 +11028,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"safe-buffer@npm:~5.1.0, safe-buffer@npm:~5.1.1":
-  version: 5.1.2
-  resolution: "safe-buffer@npm:5.1.2"
-  checksum: 10c0/780ba6b5d99cc9a40f7b951d47152297d0e260f0df01472a1b99d4889679a4b94a13d644f7dbc4f022572f09ae9005fa2fbb93bbbd83643316f365a3e9a45b21
-  languageName: node
-  linkType: hard
-
 "safe-regex-test@npm:^1.0.3":
   version: 1.0.3
   resolution: "safe-regex-test@npm:1.0.3"
@@ -11317,6 +11411,7 @@ __metadata:
     libphonenumber-js: "npm:^1.10.55"
     nuxt: "npm:^3.11.2"
     nuxt-lodash: "npm:^2.5.3"
+    nuxt-security: "npm:^2.0.0-beta.5"
     nuxt3-leaflet: "npm:^1.0.12"
     ofetch: "npm:^1.3.3"
     pinia: "npm:^2.1.7"
@@ -12178,6 +12273,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"uncsrf@npm:^1.1.1":
+  version: 1.1.1
+  resolution: "uncsrf@npm:1.1.1"
+  checksum: 10c0/714be22ac5fe5255a3c3e1f6c5cb377813f54b9eaa70fb2169a5fc091b73d1dd0c91f14372864a5c4bd386dc8828c84a54575d186d630535c276e66a0fdba612
+  languageName: node
+  linkType: hard
+
 "unctx@npm:^2.3.1":
   version: 2.3.1
   resolution: "unctx@npm:2.3.1"
@@ -12327,6 +12429,20 @@ __metadata:
   languageName: node
   linkType: hard
 
+"unplugin-remove@npm:^1.0.2":
+  version: 1.0.2
+  resolution: "unplugin-remove@npm:1.0.2"
+  dependencies:
+    "@babel/core": "npm:^7.24.4"
+    "@babel/generator": "npm:^7.24.4"
+    "@babel/parser": "npm:^7.24.4"
+    "@babel/traverse": "npm:^7.24.1"
+    "@rollup/pluginutils": "npm:^5.1.0"
+    unplugin: "npm:^1.10.1"
+  checksum: 10c0/f991ac0e9335e5ae85208154fcca25fbb95ae70a1486c9a316569f177be9981a641d1b79e412436a57922225f91d47c572a2325eec501da5a6f6a1e69415eab7
+  languageName: node
+  linkType: hard
+
 "unplugin-vue-router@npm:^0.7.0":
   version: 0.7.0
   resolution: "unplugin-vue-router@npm:0.7.0"
@@ -13196,6 +13312,18 @@ __metadata:
   languageName: node
   linkType: hard
 
+"xss@npm:^1.0.14":
+  version: 1.0.15
+  resolution: "xss@npm:1.0.15"
+  dependencies:
+    commander: "npm:^2.20.3"
+    cssfilter: "npm:0.0.10"
+  bin:
+    xss: bin/xss
+  checksum: 10c0/9b31bee62a208f78e2b7bc8154e3ee87d980f4661dc4ab850ce6f4de7bc50eb152f0bdc13fa759ff8ab6d9bfdf8c0d79cf9f6f86249872b92181912309bccd08
+  languageName: node
+  linkType: hard
+
 "y18n@npm:^5.0.5":
   version: 5.0.8
   resolution: "y18n@npm:5.0.8"