cc0cb01d28
This commit implements several security enhancements based on the findings of a new security audit report, which has also been added to the documentation. - **Security Headers:** Adds a strict Content-Security-Policy (CSP) and other security headers (X-Content-Type-Options, Referrer-Policy) via Nuxt route rules. - **Production Hardening:** Disables Nuxt DevTools in production environments to reduce the attack surface. - **Mixed Content:** All image assets are now loaded over HTTPS to resolve mixed content issues. - **Tabnabbing:** Secures `window.open` calls by adding `noopener,noreferrer`. - **Configuration:** Updates `.gitignore` to ignore all `.env.*` files. - **Docs:** Adds the full security audit report for reference. - **Build:** Corrects a case-sensitive import path to ensure cross-platform build compatibility.
22 lines
572 B
TypeScript
22 lines
572 B
TypeScript
import { createSharedComposable } from "@vueuse/core";
|
|
|
|
const _useWhatsAppMsgSender = () => {
|
|
const config = useRuntimeConfig();
|
|
const phone = config.public.whatsappNumber;
|
|
|
|
// --- WhatsApp 自动消息逻辑 ---
|
|
const sendMessage = (message: string) => {
|
|
const text = encodeURIComponent(message);
|
|
const url = `https://api.whatsapp.com/send?phone=${phone}&text=${text}`;
|
|
window.open(url, "_blank", "noopener,noreferrer");
|
|
};
|
|
|
|
return {
|
|
sendMessage,
|
|
};
|
|
};
|
|
|
|
export const useWhatsAppMsgSender = createSharedComposable(
|
|
_useWhatsAppMsgSender
|
|
);
|