fix(security): apply security hardening recommendations from audit
This commit implements several security enhancements based on the findings of a new security audit report, which has also been added to the documentation. - **Security Headers:** Adds a strict Content-Security-Policy (CSP) and other security headers (X-Content-Type-Options, Referrer-Policy) via Nuxt route rules. - **Production Hardening:** Disables Nuxt DevTools in production environments to reduce the attack surface. - **Mixed Content:** All image assets are now loaded over HTTPS to resolve mixed content issues. - **Tabnabbing:** Secures `window.open` calls by adding `noopener,noreferrer`. - **Configuration:** Updates `.gitignore` to ignore all `.env.*` files. - **Docs:** Adds the full security audit report for reference. - **Build:** Corrects a case-sensitive import path to ensure cross-platform build compatibility.
This commit is contained in:
xiaomai
2
.gitignore
vendored
2
.gitignore
vendored
@@ -20,7 +20,7 @@ logs
|
||||
|
||||
# Local env files
|
||||
.env
|
||||
# .env.*
|
||||
.env.*
|
||||
!.env.example
|
||||
|
||||
repomix-output.xml
|
||||
Reference in New Issue
Block a user