nuxt.config.ts

 1// Nuxt 3 config with CSP applied via routeRules headers.
 2// Representative of the "append-string" shape: CSP is a literal value string.
 3export default defineNuxtConfig({
 4  compatibilityDate: '2025-01-01',
 5  devtools: { enabled: true },
 6  routeRules: {
 7    '/**': {
 8      headers: {
 9        'Content-Security-Policy':
10          "default-src 'self'; " +
11          "script-src 'self' 'unsafe-inline' 'unsafe-eval'; " +
12          "style-src 'self' 'unsafe-inline'; " +
13          "img-src 'self' data: blob:; " +
14          "connect-src 'self'; " +
15          "frame-ancestors 'self';",
16        'X-Frame-Options': 'SAMEORIGIN',
17      },
18    },
19  },
20});