N
Nuxt2mo ago
user

Nuxt3 including local i18n file paths in window.NUXT in production builds.

This leaks the OS user name and file structure on the system of the site developer who built the project. How to remove these paths from there? Config looks like
locales: [
{ code: 'xx', name: 'XX', language: 'xx-XX', file: 'xx.json' },
{ code: 'en', name: 'English', language: 'en-US', file: 'en.json' },
],
locales: [
{ code: 'xx', name: 'XX', language: 'xx-XX', file: 'xx.json' },
{ code: 'en', name: 'English', language: 'en-US', file: 'en.json' },
],
Builded site index.html includes at bottom window.NUXT with
[{code:"xx",name:"XX",language:"xx-XX",files:["/Users/{USERNAME}/Work/Projects/MyNuxtWebSite/src/locales/xx.json"]},{code:"en",name:"English",language:"en-US",files:["/Users/{USERNAME}/Work/Projects/MyNuxtWebSite/src/locales/en.json"]}]
[{code:"xx",name:"XX",language:"xx-XX",files:["/Users/{USERNAME}/Work/Projects/MyNuxtWebSite/src/locales/xx.json"]},{code:"en",name:"English",language:"en-US",files:["/Users/{USERNAME}/Work/Projects/MyNuxtWebSite/src/locales/en.json"]}]
3 Replies
kapa.ai
kapa.ai2mo ago
Hi @user. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- This is an important security concern you've raised regarding Nuxt 3 and i18n. Let me address this based on the available information. In Nuxt 4, which is the upcoming version, there's a change that might solve this issue. According to the Nuxt 4 Upgrade Guide (https://nuxt.com/docs/getting-started/upgrade#what-changed-9), the global window.__NUXT__ object is being removed after the app finishes hydration. This change could potentially address the security concern you've mentioned. However, for Nuxt 3, I don't have specific information about removing these paths from the window.__NUXT__ object. This seems to be an unintended exposure of sensitive information. As a workaround, you might consider: 1. Using relative paths for your locale files instead of absolute paths. 2. Implementing a build step that strips out these full paths before deployment. It's important to note that this issue should be reported to the Nuxt and nuxt-i18n maintainers if it hasn't been already. They might be able to provide a more definitive solution or patch for this security concern. If you need a more immediate solution, you might want to explore using a custom build process or a post-build script to remove or obfuscate these paths from the generated files. I apologize that I don't have a direct solution for Nuxt 3, but I hope this information helps point you in the right direction. If you need more specific guidance, it might be worth opening an issue on the Nuxt GitHub repository to get input from the maintainers. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------
kapa.ai
kapa.ai2mo ago
<@1304859584661553225> Kapa.ai is still learning and improving, please let me know how I did by reacting below.
user
userOP2mo ago
@Bobbie
Want results from more Discord servers?
Add your server