fix(security): apply security hardening recommendations from audit
This commit implements several security enhancements based on the findings of a new security audit report, which has also been added to the documentation. - **Security Headers:** Adds a strict Content-Security-Policy (CSP) and other security headers (X-Content-Type-Options, Referrer-Policy) via Nuxt route rules. - **Production Hardening:** Disables Nuxt DevTools in production environments to reduce the attack surface. - **Mixed Content:** All image assets are now loaded over HTTPS to resolve mixed content issues. - **Tabnabbing:** Secures `window.open` calls by adding `noopener,noreferrer`. - **Configuration:** Updates `.gitignore` to ignore all `.env.*` files. - **Docs:** Adds the full security audit report for reference. - **Build:** Corrects a case-sensitive import path to ensure cross-platform build compatibility.
This commit is contained in:
xiaomai
@@ -80,16 +80,16 @@ useSeoMeta({
|
||||
const colorMode = useColorMode();
|
||||
|
||||
const backgroundImages = [
|
||||
"http://img.tootaio.com/i/2025/11/05/avc5ld.png",
|
||||
"http://img.tootaio.com/i/2025/11/05/avcaff.png",
|
||||
"http://img.tootaio.com/i/2025/11/05/avcjbw.png",
|
||||
"http://img.tootaio.com/i/2025/11/05/avcp16.png",
|
||||
"http://img.tootaio.com/i/2025/11/05/avcv1q.png",
|
||||
"http://img.tootaio.com/i/2025/11/05/avd47a.png",
|
||||
"http://img.tootaio.com/i/2025/11/05/avdx6a.png",
|
||||
"http://img.tootaio.com/i/2025/11/05/avegxy.png",
|
||||
"http://img.tootaio.com/i/2025/11/05/avemgn.png",
|
||||
"http://img.tootaio.com/i/2025/11/05/avf3wl.png",
|
||||
"https://img.tootaio.com/i/2025/11/05/avc5ld.png",
|
||||
"https://img.tootaio.com/i/2025/11/05/avcaff.png",
|
||||
"https://img.tootaio.com/i/2025/11/05/avcjbw.png",
|
||||
"https://img.tootaio.com/i/2025/11/05/avcp16.png",
|
||||
"https://img.tootaio.com/i/2025/11/05/avcv1q.png",
|
||||
"https://img.tootaio.com/i/2025/11/05/avd47a.png",
|
||||
"https://img.tootaio.com/i/2025/11/05/avdx6a.png",
|
||||
"https://img.tootaio.com/i/2025/11/05/avegxy.png",
|
||||
"https://img.tootaio.com/i/2025/11/05/avemgn.png",
|
||||
"https://img.tootaio.com/i/2025/11/05/avf3wl.png",
|
||||
];
|
||||
|
||||
const currentBgImage = ref<string | undefined>("");
|
||||
|
||||
Reference in New Issue
Block a user