Vue.js / Nuxt.js

Nuxt Security

XSS protection, CSRF tokens, Content Security Policy, rate limiting, input sanitization, security headers

20 면접 질문·
Senior
1

What is the Nuxt Security module?

답변

Nuxt Security is an official module that automatically configures a Nuxt 3 application to follow OWASP security patterns using HTTP Headers and Middlewares. It includes features like CSP (Content Security Policy), rate limiting, XSS validation, CSRF protection and security headers configuration. The module applies secure defaults while allowing granular per-route customization via routeRules.

2

What is the default CSP directive for script-src in Nuxt Security?

답변

The default script-src directive uses 'self' (same-origin scripts), https: (HTTPS scripts), 'unsafe-inline' (inline scripts), 'strict-dynamic' (dynamic script authorization), and 'nonce-{{nonce}}' (nonce for inline scripts in SSR). This combination balances security and compatibility, though 'strict-dynamic' is recommended for strict security in production.

3

What is a nonce in the context of Content Security Policy?

답변

A nonce (number used once) is a unique random token generated server-side for each request and included in both the CSP header and inline script tags. It allows only inline scripts that have this specific nonce, blocking XSS-injected scripts that wouldn't have the correct nonce. In Nuxt Security, nonce is enabled by default in SSR with security.nonce: true and the placeholder 'nonce-{{nonce}}' in script-src.

4

Which HTTP header protects against clickjacking attacks?

5

What is the difference between SSR and SSG for Content Security Policy in Nuxt Security?

+17 면접 질문

기타 Vue.js / Nuxt.js 면접 주제

JavaScript Fundamentals

Junior
20개 질문

Modern JavaScript (ES6+)

Junior
20개 질문

Vue Basics

Junior
22개 질문

Vue Components

Junior
20개 질문

Vue Router

Junior
18개 질문

Pinia State Management

Junior
20개 질문

Vuex (Legacy)

Mid-Level
15개 질문

Composition API

Mid-Level
24개 질문

Vue Reactivity

Mid-Level
20개 질문

Nuxt Fundamentals

Mid-Level
22개 질문

Nuxt Data Fetching

Mid-Level
20개 질문

Nuxt SSR & SSG

Mid-Level
22개 질문

Nuxt Server Routes

Mid-Level
20개 질문

Nuxt Modules

Mid-Level
18개 질문

Vue Composables

Mid-Level
20개 질문

Vue Forms & Validation

Mid-Level
20개 질문

Nuxt State Management

Mid-Level
18개 질문

Vue Testing

Mid-Level
20개 질문

Nuxt Deployment & CI/CD

Mid-Level
22개 질문

Vue Performance

Senior
22개 질문

Vue Advanced Patterns

Senior
24개 질문

TypeScript with Vue

Senior
22개 질문

Nuxt Authentication

Senior
20개 질문

SEO with Nuxt

Senior
20개 질문

Nuxt Internationalization

Senior
18개 질문

Vue Architecture

Senior
22개 질문

Vue Ecosystem

Senior
18개 질문

Migration Vue 2→3 & Nuxt 2→3

Senior
22개 질문

다음 면접을 위해 Vue.js / Nuxt.js을 마스터하세요

모든 질문, flashcards, 기술 테스트, 코드 리뷰 연습, 면접 시뮬레이터에 접근하세요.

무료로 시작하기