Vue.js / Nuxt.js

Nuxt Security

XSS protection, CSRF tokens, Content Security Policy, rate limiting, input sanitization, security headers

20 interview questions·
Senior
1

What is the Nuxt Security module?

Answer

Nuxt Security is an official module that automatically configures a Nuxt 3 application to follow OWASP security patterns using HTTP Headers and Middlewares. It includes features like CSP (Content Security Policy), rate limiting, XSS validation, CSRF protection and security headers configuration. The module applies secure defaults while allowing granular per-route customization via routeRules.

2

What is the default CSP directive for script-src in Nuxt Security?

Answer

The default script-src directive uses 'self' (same-origin scripts), https: (HTTPS scripts), 'unsafe-inline' (inline scripts), 'strict-dynamic' (dynamic script authorization), and 'nonce-{{nonce}}' (nonce for inline scripts in SSR). This combination balances security and compatibility, though 'strict-dynamic' is recommended for strict security in production.

3

What is a nonce in the context of Content Security Policy?

Answer

A nonce (number used once) is a unique random token generated server-side for each request and included in both the CSP header and inline script tags. It allows only inline scripts that have this specific nonce, blocking XSS-injected scripts that wouldn't have the correct nonce. In Nuxt Security, nonce is enabled by default in SSR with security.nonce: true and the placeholder 'nonce-{{nonce}}' in script-src.

4

Which HTTP header protects against clickjacking attacks?

5

What is the difference between SSR and SSG for Content Security Policy in Nuxt Security?

+17 interview questions

Other Vue.js / Nuxt.js interview topics

JavaScript Fundamentals

Junior
20 questions

Modern JavaScript (ES6+)

Junior
20 questions

Vue Basics

Junior
22 questions

Vue Components

Junior
20 questions

Vue Router

Junior
18 questions

Pinia State Management

Junior
20 questions

Vuex (Legacy)

Mid-Level
15 questions

Composition API

Mid-Level
24 questions

Vue Reactivity

Mid-Level
20 questions

Nuxt Fundamentals

Mid-Level
22 questions

Nuxt Data Fetching

Mid-Level
20 questions

Nuxt SSR & SSG

Mid-Level
22 questions

Nuxt Server Routes

Mid-Level
20 questions

Nuxt Modules

Mid-Level
18 questions

Vue Composables

Mid-Level
20 questions

Vue Forms & Validation

Mid-Level
20 questions

Nuxt State Management

Mid-Level
18 questions

Vue Testing

Mid-Level
20 questions

Nuxt Deployment & CI/CD

Mid-Level
22 questions

Vue Performance

Senior
22 questions

Vue Advanced Patterns

Senior
24 questions

TypeScript with Vue

Senior
22 questions

Nuxt Authentication

Senior
20 questions

SEO with Nuxt

Senior
20 questions

Nuxt Internationalization

Senior
18 questions

Vue Architecture

Senior
22 questions

Vue Ecosystem

Senior
18 questions

Migration Vue 2→3 & Nuxt 2→3

Senior
22 questions

Master Vue.js / Nuxt.js for your next interview

Access all questions, flashcards, technical tests, code review exercises and interview simulators.

Start for free