Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Support SWR #428

Closed
MarijnFK opened this issue Apr 19, 2024 · 8 comments · Fixed by #429
Closed

Support SWR #428

MarijnFK opened this issue Apr 19, 2024 · 8 comments · Fixed by #429
Assignees
@vejja
Labels
bug Something isn't working enhancement New feature or request

Comments

@MarijnFK
Copy link

When using a SWR option in routeRUles, the nonce-header does not match the one served from the server:

Version

nuxt-security: 1.3.2
nuxt: 3.11.x

Steps to reproduce

enable swr on all routes:

routeRules: {
    "*": {
      swr: process.env.NODE_ENV === "development" ? false : parseInt(process.env.SWR_TTL ? process.env.SWR_TTL.toString() : "60"),
    },
  },

What is Expected?

The header should use the generated nonce value
image
image

What is actually happening?

The header uses the new nonce, but the html served is using the nonce that was used when generating the page
@MarijnFK MarijnFK added the bug Something isn't working label Apr 19, 2024
@vejja
Copy link
Collaborator

vejja commented Apr 19, 2024

You're right and I think the conclusion is that we do not support SWR.

I struggle to see how SWR is compatible with nonce. Nonce is supposed to be generated just once and be unguessable. If we re-use nonces, this breaks the RFC. So we have 2 solutions:

  • Either we regenerate the nonce and re-inject the new nonce in the HTML. Which means that we effectively break SWR.
  • Or we fallback to hash mode, as if the page was pre-rendered with SSG. Seems better probably

@Baroshem what's your opinion on this ?

@vejja vejja added the enhancement New feature or request label Apr 19, 2024
@Baroshem
Copy link
Owner

Thanks for the investigation @vejja

I would probably go for the second option but maybe @danielroe would have a better idea? :)

@vejja vejja changed the title Nonce header uses wrong value when using SWR Support SWR Apr 19, 2024
@vejja
Copy link
Collaborator

vejja commented Apr 19, 2024
edited
Loading

Let me investigate better because I actually think we can support natively without moving to hash mode

Update: I think the new feat/unified-router-context branch will support SWR natively, will confirm later

@vejja
Copy link
Collaborator

vejja commented Apr 19, 2024

@MarijnFK would you be able to share a minimal Stackblitz repro of a basic use case ?
I'd like to check that we can indeed support SWR on a relevant setup

@MarijnFK
Copy link
Author

@vejja I've made a very simple stackblitz, it's not really a use-case but it shows the problem.
stackblitz

The top date shows the ssr-date. It should update every 10 seconds.
The bottom date should be hydrated, but doesn't because the script is blocked from executing

@vejja vejja mentioned this issue Apr 20, 2024
Merged
6 tasks
@Baroshem
Copy link
Owner

@vejja have you maybe checked if this new solution of yours works with the stackblitz repro providede by @MarijnFK ?

@vejja
Copy link
Collaborator

vejja commented Apr 22, 2024

@vejja have you maybe checked if this new solution of yours works with the stackblitz repro providede by @MarijnFK ?

Yes, I included an equivalent example in the playground under the /swr page there, it is testable with yarn dev and then going to localhost:3000/swr

@vejja vejja self-assigned this Apr 23, 2024
@MarijnFK
Copy link
Author

@vejja Good to hear, looking forward to the update! Thanks for the (quick!) responses

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@vejja vejja

Labels
bug Something isn't working enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(core): unified router context Baroshem/security
3 participants
@vejja @Baroshem @MarijnFK