Skip to content

Nonce value showing as undefined in prod after version 2.3.0 #656

New issue
New issue
Open
Open
Nonce value showing as undefined in prod after version 2.3.0#656
Labels
bugSomething isn't working
@bruno-oliveira-homeqgo

Description

@bruno-oliveira-homeqgo
bruno-oliveira-homeqgo
opened on Oct 7, 2025

Environment

- Operating System: Darwin
- Node Version:     v22.20.0
- Nuxt Version:     4.1.2
- CLI Version:      3.28.0
- Nitro Version:    2.12.6
- Package Manager:  [email protected]
- Builder:          -
- User Config:      compatibilityDate, devtools, nitro, modules, piniaPluginPersistedstate, runtimeConfig, css, typescript, security
- Runtime Modules:  @nuxtjs/[email protected], @nuxt/[email protected], @nuxt/test-utils/[email protected], @vee-validate/[email protected], @pinia/[email protected], pinia-plugin-persistedstate/[email protected], [email protected]
- Build Modules:    -

Nuxt Security Version

v2.3.0

Default setup used?

Yes, the bug happens even if the security option is not customized

Security options

security: {
        headers: {
            contentSecurityPolicy: {
                'img-src': ["'self'", 'data:'],
                'script-src': [
                    "'self'",
                    "'unsafe-inline'",
                    "'strict-dynamic'",
                    "'nonce-{{nonce}}'"
                ],
                'style-src': ["'self'", "'unsafe-inline'"],
                'font-src': ["'self'", 'data:'],
                'frame-src': ["'self'"],
                'worker-src': ["'self'", 'blob:'],
                'upgrade-insecure-requests': process.env.NODE_ENV === 'development' ? false : true
            },
            crossOriginEmbedderPolicy: false,
            crossOriginOpenerPolicy: false,
            crossOriginResourcePolicy: false,
        },
        removeLoggers: process.env.NODE_ENV === 'test' ? false : true
    }

Reproduction

"nuxt-security": "2.3.0",

Description

After upgrading to version 2.3.0, app no longer creates nonce values in production.

Locally app creates nonce values and everything works as expected, but when deploying the app as a Azure Static Web App the nonces are all undefined.
This works perfectly well with version 2.2.0, only after upgrading to 2.3.0 did this issue start happening

Image

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions