From 0bbb8c0cad99916f983c019e4c07ebb1b0a37817 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Raffray?= <sraffray@yahoo.fr>
Date: Wed, 17 Jan 2024 16:06:52 +0100
Subject: [PATCH 1/2] Disable 05-cspSsgPresets Fixes #348

---
 src/module.ts | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/module.ts b/src/module.ts
index ff38524d..edc7fc51 100644
--- a/src/module.ts
+++ b/src/module.ts
@@ -312,6 +312,8 @@ function registerSecurityNitroPlugins(nuxt: Nuxt, securityOptions: ModuleOptions
     )
 
     // Register nitro plugin to enable CSP Headers presets for SSG
+    // TEMPORARILY DISABLED AS NUXT 3.9.3 PREVENTS IMPORTING @NUXT/KIT IN NITRO PLUGINS
+    /*
     config.plugins.push(
       normalize(
         fileURLToPath(
@@ -319,6 +321,7 @@ function registerSecurityNitroPlugins(nuxt: Nuxt, securityOptions: ModuleOptions
         )
       )
     )
+    */
 
     // Nitro plugin to enable CSP Nonce for SSR
     config.plugins.push(

From 0c6944449b7f6ec9cec76ae34fb654735e6765ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Raffray?= <sraffray@yahoo.fr>
Date: Wed, 17 Jan 2024 16:30:54 +0100
Subject: [PATCH 2/2] adapt tests

---
 test/perRoute.test.ts | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/test/perRoute.test.ts b/test/perRoute.test.ts
index b6526286..a2cd6cae 100644
--- a/test/perRoute.test.ts
+++ b/test/perRoute.test.ts
@@ -832,10 +832,13 @@ describe('[nuxt-security] Per-route Configuration', async () => {
 
   it('does not inject CSP hashes on a deeply-disabled route', async () => {
     const res = await fetch('/csp-hash/deep/disabled')
+    // DISABLING THIS PART OF THE TEST AFTER PATCH #348 THAT REMOVES CSP SSG PRESETS
+    /*
     const cspHeaderValue = res.headers.get('content-security-policy')
     expect(cspHeaderValue).toBeDefined()
     const headerHashes = cspHeaderValue!.match(/'sha256-(.*?)'/)
     expect(headerHashes).toBeNull()
+    */
 
     const text = await res.text()
     const head = text.match(/<head>(.*?)<\/head>/s)?.[1]
@@ -849,10 +852,13 @@ describe('[nuxt-security] Per-route Configuration', async () => {
 
   it('injects CSP hashes on a deeply-enabled route', async () => {
     const res = await fetch('/csp-hash/deep/enabled')
+    // DISABLING THIS PART OF THE TEST AFTER PATCH #348 THAT REMOVES CSP SSG PRESETS
+    /*
     const cspHeaderValue = res.headers.get('content-security-policy')
     expect(cspHeaderValue).toBeDefined()
     const headerHashes = cspHeaderValue!.match(/'sha256-(.*?)'/)
     expect(headerHashes).toHaveLength(2)
+    */
 
     const text = await res.text()
     const head = text.match(/<head>(.*?)<\/head>/s)?.[1]