XSS Validator

This middleware works for both GET, POST methods and will throw an 400 Bad Request error when the either body or query params will contain unsecure code. Based on https://github.com/leizongmin/js-xss

It will help you solve this security problem.

export type XssValidator = {  whiteList: Record<string, any>;  stripIgnoreTag: boolean;  stripIgnoreTagBody: boolean;  css: Record<string, any> | boolean;} | {};

To write a custom logic for this middleware follow this pattern:

nuxt.config.ts

export default defineNuxtConfig({  security: {    xssValidator: {      stripIgnoreTag: true,      throwError: false, // optional    }  }})

Or use routeRules for per route configuration:

nuxt.config.ts

export default defineNuxtConfig({  routeRules: {    '/my-secret-route': {      security: {        xssValidator: {          stripIgnoreTag: true,          throwError: false, // optional        }      }    }  }

Edit this page on GitHub

Security

Rate Limiter

Security

CORS Handler