chore: removed security on server

Author: onmax

README.md

@@ -703,30 +703,6 @@ ls -la .output/public/_nuxt/
 - **Rate limiting** - Handled by deployment platforms
 - **Input validation** - Use Valibot schemas for runtime validation
 
-### Content Security Policy (CSP)
-
-The project uses [`nuxt-security`](https://nuxt-security.vercel.app/) for OWASP-compliant security headers and Content Security Policy protection:
-
-- **CSP Configuration** - Defined in `nuxt.config.ts` security section
-- **Prismic Integration** - Allows Prismic CMS domains and inline scripts
-- **Analytics Support** - Permits Google Analytics and Matomo tracking
-- **Data URLs** - Enables inline SVG images (`data:` protocol)
-- **WebSocket Connections** - Configured for real-time blockchain data
-
-**Key CSP Directives:**
-
-```json
-{
-  "contentSecurityPolicy": {
-    "img-src": ["'self'", "data:", "https://nimiq.prismic.io", "..."],
-    "script-src": ["'self'", "https://stats.nimiq-network.com", "..."],
-    "connect-src": ["'self'", "wss://nimiq-website.je-cf9.workers.dev", "..."]
-  }
-}
-```
-
-See the [Nuxt Security Module](https://nuxt-security.vercel.app/) for more details.
-
 ### Content Security
 
 - **Draft content** - Only visible in local/internal-static-drafts environments

app/app.vue

@@ -6,7 +6,7 @@ const showConsentBanner = environment.isProduction || enableDevAnalytics
 <template>
   <div>
     <NuxtPage />
-    <ConsentBanner v-if="showConsentBanner" />
+    <ConsentBanner v-if="true || showConsentBanner" />
   </div>
 </template>
 

app/components/ConsentBanner.vue

@@ -1,11 +1,14 @@
 <script setup lang="ts">
 const CONSENT_VERSION = '1.0'
 const { consent, acceptConsent, rejectConsent } = useMatomo()
-const open = computed(() => !consent.value || consent.value.version !== CONSENT_VERSION)
+const open = computed(() => {
+  const version = consent.value?.version
+  return !version || version !== CONSENT_VERSION
+})
 </script>
 
 <template>
-  <AlertDialogRoot v-model:open="open">
+  <AlertDialogRoot :open="open" :modal="false">
     <AlertDialogPortal>
       <AlertDialogContent
         outline="~ 1.5 neutral/10"
@@ -15,7 +18,7 @@ const open = computed(() => !consent.value || consent.value.version !== CONSENT_
         0 -8px 12px 0 color-mix(in srgb, var(--colors-neutral-DEFAULT) 4%, transparent),
         0 8px 12px 0 color-mix(in srgb, var(--colors-neutral-DEFAULT) 4%, transparent);"
       >
-        <AlertDialogTitle text="f-xl neutral-900" font-semibold leading-tight my-0>
+        <AlertDialogTitle text="f-xl neutral-900" font-semibold leading-tight my-0 ml-0>
           Cookie Consent
         </AlertDialogTitle>
 

app/error.vue

@@ -74,6 +74,8 @@ useSeoMeta({
 const stack = props.error.stack
 // eslint-disable-next-line vue/no-mutating-props
 delete props.error.stack
+
+console.error(props.error)
 </script>
 
 <template>

nuxt.config.ts

@@ -26,13 +26,13 @@ export default defineNuxtConfig({
     '@nuxt/scripts',
     'reka-ui/nuxt',
     '@nuxtjs/prismic',
-    !environment.useNuxtHub && '@nuxtjs/seo', // Skip SEO for NuxtHub builds
     '@nuxtjs/device',
     '@nuxt/fonts',
     '@pinia/colada-nuxt',
     !environment.useNuxtHub && 'nuxt-module-feed', // Skip feed for NuxtHub builds
+    !environment.useNuxtHub && 'nuxt-og-image', // Enable og-image only when not on NuxtHub
+    '@nuxtjs/seo',
     'nuxt-safe-runtime-config',
-    'nuxt-security',
     'motion-v/nuxt',
     './modules/prerender-routes',
     environment.useNuxtHub && '@nuxthub/core',
@@ -53,81 +53,6 @@ export default defineNuxtConfig({
     },
   },
 
-  security: {
-    hidePoweredBy: true,
-    headers: {
-      xFrameOptions: 'SAMEORIGIN',
-      contentSecurityPolicy: {
-        'script-src': environment.environment.isLocal
-          ? [
-              '\'self\'',
-              '\'unsafe-inline\'',
-              '\'unsafe-eval\'',
-              'https://static.cdn.prismic.io',
-              'https://nimiq.prismic.io',
-              'https://www.googletagmanager.com',
-              'https://www.google-analytics.com',
-              'https://stats.nimiq-network.com',
-            ]
-          : [
-              '\'strict-dynamic\'',
-              '\'nonce-{{nonce}}\'',
-              '\'unsafe-inline\'',
-              'https://static.cdn.prismic.io',
-            ],
-        'script-src-attr': environment.environment.isLocal
-          ? ['\'unsafe-inline\'']
-          : ['\'none\''],
-        'style-src': [
-          '\'self\'',
-          'https:',
-          '\'unsafe-inline\'',
-        ],
-        'base-uri': ['\'none\''],
-        'font-src': [
-          '\'self\'',
-          'https:',
-          'data:',
-        ],
-        'object-src': ['\'none\''],
-        'frame-src': ['\'self\'', 'https://nimiq.prismic.io', 'https://map.nimiq.com'],
-        'connect-src': [
-          '\'self\'',
-          'wss://nimiq-website.je-cf9.workers.dev',
-          'https://nimiq-website.je-cf9.workers.dev',
-          'https://www.google-analytics.com',
-          'https://analytics.google.com',
-          'https://stats.g.doubleclick.net',
-          'https://stats.nimiq-network.com',
-          'https://mycbdmurjytbdahjljoh.supabase.co',
-          'https://nimiq.prismic.io',
-          'https://dev.validators-api-mainnet.pages.dev',
-          'https://validators-api-mainnet.nuxt.dev',
-          'https://nimiq.cdn.prismic.io',
-        ],
-        'upgrade-insecure-requests': true,
-        'img-src': [
-          '\'self\'',
-          'data:',
-          'https://nimiq.prismic.io',
-          'https://static.cdn.prismic.io',
-          'https://images.prismic.io',
-          'https://nimiq.cdn.prismic.io',
-          'https://www.google-analytics.com',
-          'https://www.googletagmanager.com',
-          'https://*.google.com',
-          'https://*.google.co.th',
-          'https://*.google.co.uk',
-          'https://*.google.de',
-          'https://*.google.fr',
-        ],
-      },
-      crossOriginOpenerPolicy: false,
-      crossOriginEmbedderPolicy: false,
-      xXSSProtection: '1; mode=block',
-    },
-  },
-
   devtools: { enabled: true },
 
   components: [
@@ -382,14 +307,15 @@ export default defineNuxtConfig({
   },
 
   // Disable og-image generation on NuxtHub (Cloudflare) due to @resvg/resvg-js native bindings incompatibility
-  ogImage: environment.useNuxtHub
-    ? undefined
-    : {
-        fonts: ['Mulish:400', 'Mulish:700'],
-      },
+  // Moved into conditional spread below to appease TS/ESLint config typing
 
   // Feed configuration - skip for NuxtHub builds
   ...(!environment.useNuxtHub && {
+    // eslint-disable-next-line ts/ban-ts-comment
+    // @ts-ignore Provided by nuxt-og-image module
+    ogImage: {
+      fonts: ['Mulish:400', 'Mulish:700'],
+    },
     feed: {
       sources: [
         { path: '/feed.xml', type: 'rss2', cacheTime: 0 },

package.json

@@ -25,19 +25,18 @@
   "dependencies": {
     "@nimiq/core": "catalog:nimiq",
     "@nimiq/utils": "catalog:nimiq",
-    "@nuxt/scripts": "catalog:",
-    "@nuxtjs/seo": "catalog:",
+    "@nuxt/scripts": "catalog:nuxt",
+    "@nuxtjs/seo": "catalog:nuxt",
     "@pinia/colada": "catalog:frontend",
     "@pinia/colada-nuxt": "catalog:frontend",
     "@pinia/colada-plugin-delay": "catalog:frontend",
     "@unovis/ts": "catalog:frontend",
     "@unovis/vue": "catalog:frontend",
     "@vueuse/router": "catalog:frontend",
     "medium-zoom": "catalog:frontend",
-    "motion-v": "catalog:",
+    "motion-v": "catalog:frontend",
     "nimiq-rpc-client-ts": "catalog:nimiq",
     "nuxt": "catalog:nuxt",
-    "nuxt-security": "catalog:",
     "reka-ui": "catalog:frontend",
     "valibot": "catalog:server",
     "vaul-vue": "catalog:frontend",
@@ -62,7 +61,7 @@
     "@types/node": "catalog:types",
     "@unocss/eslint-plugin": "catalog:lint",
     "@unocss/nuxt": "catalog:unocss",
-    "@unocss/preset-wind4": "catalog:",
+    "@unocss/preset-wind4": "catalog:unocss",
     "@unocss/reset": "catalog:unocss",
     "@vueuse/core": "catalog:frontend",
     "@vueuse/nuxt": "catalog:frontend",
@@ -75,7 +74,7 @@
     "nimiq-icons": "catalog:unocss",
     "nuxt": "catalog:nuxt",
     "nuxt-module-feed": "catalog:nuxt",
-    "nuxt-safe-runtime-config": "catalog:",
+    "nuxt-safe-runtime-config": "catalog:nuxt",
     "pinia": "catalog:frontend",
     "sharp": "catalog:server",
     "simple-git-hooks": "catalog:lint",