Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BREAKING CHANGE SUGGESTION: remove nonce property #1654

Open
GalacticHypernova opened this issue Dec 29, 2024 · 0 comments
Open

BREAKING CHANGE SUGGESTION: remove nonce property #1654

GalacticHypernova opened this issue Dec 29, 2024 · 0 comments

Comments

@GalacticHypernova
Copy link

GalacticHypernova commented Dec 29, 2024
edited
Loading

The Nonce feature in Nuxt Image can bring many security concerns.
The biggest ones of them all are:

  1. User provided nonce may not be cryptographically secure (partially or fully)
  2. user provided nonce may not be standard-compliant (not generated with an appropriate algorithm)
  3. User provided nonce may not be unique (user might reuse the nonce throughout multiple images)

It might be a better idea to leave the security of images for Nuxt Security to handle, as it takes care of all these concerns.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GalacticHypernova