nico
nico
Explore posts from servers
NNuxtCDCloudflare Developers
PostsComments
CDCloudflare Developers
Created by nico on 2/9/2025 in #pages-help
Missing Content-Security-Policy & Permissions-Policy Headers on Cloudflare Pages Deployment
Hi everyone, I'm experiencing an issue where my Content-Security-Policy (CSP) and Permissions-Policy headers are not being applied correctly when deploying my site on Cloudflare Pages. (https://securityheaders.com/?q=dashio.net&followRedirects=on) Context: My project is built using Nuxt with the nuxt-security module. I was not able to use Nuxt Security itself to define my headers because I walked into issues with the following logs: 
14:17:25.561    :sparkles: Compiled Worker successfully
14:17:26.817    Found _routes.json in output directory. Uploading.
14:17:26.829    Validating asset output directory
14:17:30.138    Deploying your site to Cloudflare's global network...
14:17:32.510    Parsed 23 valid header rules.
14:17:32.511    Found invalid header lines:
14:17:32.511        Ignoring line 18 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 39 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 60 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 81 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 102 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 123 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 144 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 165 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 187 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 204 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 225 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 246 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 267 as it exceeds the maximum allowed length of 2000.
14:17:32.512        Ignoring line 289 as it exceeds the maximum allowed length of 2000.
14:17:32.512        Ignoring line 349 as it exceeds the maximum allowed length of 2000.
14:17:32.512        Ignoring line 366 as it exceeds the maximum allowed length of 2000.
14:17:32.512        Ignoring line 392 as it exceeds the maximum allowed length of 2000.
14:17:34.044    Uploading... (99/295)
14:17:34.763    Uploading... (164/295)
14:17:34.766    Uploading... (230/295)
14:17:34.897    Uploading... (295/295)
14:17:34.898    :sparkles: Success! Uploaded 196 files (99 already uploaded) (1.24 sec)
14:17:34.898    
14:17:35.475    :sparkles: Upload complete!
14:17:38.869    Success: Assets published!
14:17:41.389    Success: Your site was deployed!
14:17:25.561    :sparkles: Compiled Worker successfully
14:17:26.817    Found _routes.json in output directory. Uploading.
14:17:26.829    Validating asset output directory
14:17:30.138    Deploying your site to Cloudflare's global network...
14:17:32.510    Parsed 23 valid header rules.
14:17:32.511    Found invalid header lines:
14:17:32.511        Ignoring line 18 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 39 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 60 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 81 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 102 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 123 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 144 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 165 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 187 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 204 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 225 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 246 as it exceeds the maximum allowed length of 2000.
14:17:32.511        Ignoring line 267 as it exceeds the maximum allowed length of 2000.
14:17:32.512        Ignoring line 289 as it exceeds the maximum allowed length of 2000.
14:17:32.512        Ignoring line 349 as it exceeds the maximum allowed length of 2000.
14:17:32.512        Ignoring line 366 as it exceeds the maximum allowed length of 2000.
14:17:32.512        Ignoring line 392 as it exceeds the maximum allowed length of 2000.
14:17:34.044    Uploading... (99/295)
14:17:34.763    Uploading... (164/295)
14:17:34.766    Uploading... (230/295)
14:17:34.897    Uploading... (295/295)
14:17:34.898    :sparkles: Success! Uploaded 196 files (99 already uploaded) (1.24 sec)
14:17:34.898    
14:17:35.475    :sparkles: Upload complete!
14:17:38.869    Success: Assets published!
14:17:41.389    Success: Your site was deployed!
So the exceeding characters were the reason why I just switched to a manually created _headers file instead of letting the Security module create them for me. I'm using a _headers file inside the public/ directory to define security headers. The _headers file is structured like this: 
/_scripts/*
  cache-control: public, max-age=31536000, immutable

/_nuxt/*
  cache-control: public, max-age=31536000, immutable

/*
  Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-{{nonce}}' https://static.cloudflareinsights.com https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com; img-src 'self' data: https://*.dashio.net; connect-src 'self' https://*.cloudflare.com https://cloudflareinsights.com https://*.dashio.net https://*.supabase.co; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'none'; script-src-attr 'none'; base-uri 'none'; form-action 'self'; upgrade-insecure-requests

  Permissions-Policy: geolocation=(), microphone=(), camera=()
  Referrer-Policy: no-referrer
  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;
  X-Content-Type-Options: nosniff
  X-Download-Options: noopen
  X-Frame-Options: DENY
  X-Permitted-Cross-Domain-Policies: none
  X-XSS-Protection: 0
/_scripts/*
  cache-control: public, max-age=31536000, immutable

/_nuxt/*
  cache-control: public, max-age=31536000, immutable

/*
  Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-{{nonce}}' https://static.cloudflareinsights.com https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com; img-src 'self' data: https://*.dashio.net; connect-src 'self' https://*.cloudflare.com https://cloudflareinsights.com https://*.dashio.net https://*.supabase.co; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'none'; script-src-attr 'none'; base-uri 'none'; form-action 'self'; upgrade-insecure-requests

  Permissions-Policy: geolocation=(), microphone=(), camera=()
  Referrer-Policy: no-referrer
  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;
  X-Content-Type-Options: nosniff
  X-Download-Options: noopen
  X-Frame-Options: DENY
  X-Permitted-Cross-Domain-Policies: none
  X-XSS-Protection: 0
2 replies
NNuxt
Created by nico on 3/29/2024 in #❓・help
Resolving TS2307 Error for Dynamic Component Imports in Nuxt 3
No description
14 replies
CDCloudflare Developers
Created by nico on 2/9/2024 in #pages-help
Is there any edge sub-dependency problem work-around?
I have been using Cloudflare Pages for my deployments, sometimes Vercel depending on the project, but I haven't self-hosted anything for a while now. For my current Nuxt project, I rely on MongoDB as a database, but MongoDB doesn't seem to be Edge-compatible due to some dependencies. Deployments are therefore not running on Edge, but I would hate to develop the project without Cloudflare Pages. Apart from small projects like https://github.com/drivly/mongo-fetch, are there any other workarounds to deal with such problems? At MongoDB I have already tipped in Edge support as a feature request, but so far this has met with little interest. I'm not really familiar with all this Edge stuff, occasionally Node.js features caused problems, but that works quite well now and these stress-free deployments with previews directly from GitHub were an absolute luxury compared to my AWS EC2 instances before... Maybe there is some kind of solution and I just don't know it, at least I hope so 😅
3 replies
CDCloudflare Developers
Created by nico on 10/7/2023 in #general-help
Organization Options in Cloudflare Images: Folders or Alternative Structuring?
Hello everyone, I have recently started using Cloudflare Images and find the limit of 100,000 images for €5 per month very appealing. However, I've noticed that there currently isn't a way to organize images into folders or similar structures. This is proving to be a challenge as I'm losing track after uploading just the first batch of images. I've searched the Cloudflare Community Forum and official documentation for solutions, but it appears there's no native support for folders or similar organizational structures at the moment. Some users have suggested workarounds with custom paths, but it's not the same as having a dedicated folder structure. Before looking into alternative platforms, I wanted to ask here in the forum if anyone has had similar experiences or if there are already plans to integrate this feature into Cloudflare Images? Or are there perhaps other methods or best practices you could recommend for achieving better structuring and organization of images? I would appreciate any insights or suggestions. Thank you in advance! Best regards, Nico
1 replies
CDCloudflare Developers
Created by nico on 9/4/2023 in #pages-help
HTTP Error 500 on Nuxt 3 Site Deployed via Cloudflare Pages: Suspected Environment Variable Issues
No description
2 replies