cc0cb01d28
This commit implements several security enhancements based on the findings of a new security audit report, which has also been added to the documentation. - **Security Headers:** Adds a strict Content-Security-Policy (CSP) and other security headers (X-Content-Type-Options, Referrer-Policy) via Nuxt route rules. - **Production Hardening:** Disables Nuxt DevTools in production environments to reduce the attack surface. - **Mixed Content:** All image assets are now loaded over HTTPS to resolve mixed content issues. - **Tabnabbing:** Secures `window.open` calls by adding `noopener,noreferrer`. - **Configuration:** Updates `.gitignore` to ignore all `.env.*` files. - **Docs:** Adds the full security audit report for reference. - **Build:** Corrects a case-sensitive import path to ensure cross-platform build compatibility.
26 lines
212 B
Plaintext
26 lines
212 B
Plaintext
# Nuxt dev/build outputs
|
|
.output
|
|
.data
|
|
.nuxt
|
|
.nitro
|
|
.cache
|
|
dist
|
|
|
|
# Node dependencies
|
|
node_modules
|
|
|
|
# Logs
|
|
logs
|
|
*.log
|
|
|
|
# Misc
|
|
.DS_Store
|
|
.fleet
|
|
.idea
|
|
|
|
# Local env files
|
|
.env
|
|
.env.*
|
|
!.env.example
|
|
|
|
repomix-output.xml |