-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error deploying to Cloudflare Workers after upgrade beyond rc.2 #335
Comments
Hey Buddy, Thanks for reporting this issue. Could you share your nuxt.config.ts file? Current issue details does not ring a bell for me :( |
|
Thanks for sharing the nuxt configuration, the file look fine. It does not look to me like there is some kind of issue with NuxtSecurity. Could you try disabling the module or removing it for a test to see if it will still result in a bug after deploying to Cloudflare? |
Deployment to Cloudflare works with nuxt-security disabled. I have this issue on two Nuxt sites deployed to Workers. I just tried updating the other site from rc.2 to 1.0.0 and received the error. |
I see. Thanks for verification. One more question if I may. You have upgraded your app from 1.0.0-rc.2 to 1.0.0 directly or to 1.0.0-rc.3 and received an error? I am trying to figure out if the issue is in certain RC version or somewhere in the commits for 1.0.0 |
I upgraded to rc.3 and rc.4 before upgrading to 1.0.0. and could reproduce the issue using releases after rc.2. (Never tried rc.5) If I can do anything else to help diagnose, happy to help. Thanks. |
Don't have much clue to be honest apart from one trail. I looked at the changes in the rc.3 and the only one that could cause this bug imo is the introduction of cheerio tool. I have located that it is used in three plugin files:
Could you try to set all three of them to false (disable them) from the config globally and deploy the app to Cloudflare with NuxtSecurity 1.0.0 and see if the problem occurs? If that is not the case, maybe there is some issue with Cloudlfare building the project (guessing by these |
I updated my config to the following and tried deploying but still getting the error.
The build pipeline on gitlab has a better error log I think from the newer version of Wrangler.
|
This error certainly gives more info. Giget is an unjs package that I think is used in Nuxt/Nitro. https://github.com/unjs/giget Not sure however, why does it fail your pipeline. Maybe NuxtSecurity has a newer version of Nuxt than your project previously had and this giget was included in there? This is me mainly guessing because I have no real clue what could be an issue. @pi0 do you maybe have some ideas? |
I ran npx nuxi upgrade --force and npx nuxi cleanup and also tried deleting node_modules. Couldn't get it to deploy. Yesterday I messaged a reddit user having the same issue. (https://www.reddit.com/r/Nuxt/comments/18tycmz/cant_deploy_nuxt_390_app_on_vercel_edge/) Removing nuxt-security fixed deployment on Vercel edge for them. "The error logs never suggested anything related to it but as soon as I removed it it deployed successfully to Vercel-edge." |
Could you please let this Reddit User know that there is an issue here that we are trying to figure out how to fix? Maybe he will be able to share some valuable insights into his project that could help us resolve it :) |
Also, could you check what Nuxt/Nigro versions do you have in your yarn lock after installing the Nuxt Security? Maybe adding it bumps the package that then fails? I would love to help but to be honest I have no clues what could be causing these issues. Usually issues are at least in some way related to the module functionalities while this one seems completely random as I am not using giget directly in any way. |
Looks like potentially a version dependency mismatch somewhere ?
|
We are also noticing the same issue when building for CF Pages. |
Hey, could you share what kind of error you get? I am trying to get the most details because I have no idea what can be causing this error. It does not seem to come from the module specifically but rather one of its dependencies. |
We were using GH Actions to run nuxt build, then push up to CF Workers. When we run the build on
This happens both on Nuxt 3.8.2 and 3.9.0 for us. |
@Baroshem Update:
I cannot be 100% sure but it looks like a |
@vejja I tried the same thing with nuxt 3.9.1, gives me the same error, sorry. :( |
I am seeing the exact same issue with nuxt 3.9.1 and nuxt 3.9.1 using cloudflare pages. I also thought it's a dependency mismatch between Edit: I don't think this issue is related to nuxt-security as I don't have this plugin installed. |
@Baroshem The issue we are facing is that we can't properly test this hypothesis before you publish to npm. Not a clean way to work, but couldn't think of a better way to try fixing |
unjs/giget#140 (comment) . renewing lockfile should solve the hoisting issue. But I think something else is wrong. nighter giget or node-fetch-native are supposed to be bundled that lead to the originally reported issue. Is there any runnable Nuxt project to reproduce this issue? I would be happy to investigate if you can provide one 🙏🏼 |
Hey @pi0 I've created a minimal reproduction here. I've setup an empty nuxt 3.9.1 project, add nuxt security and some basic configs. There is a GH Action that runs the build for The build fails on GH Actions. |
@unr that's the exact same build error I got in the cloudflare pages console, although I don't have the |
I wonder what other package causes it for you @1mak On my example project, if I remove nuxt-security it works fine. |
Issue is with nuxt-security module in /src/runtime/nitro/plugins/05-cspSsgPresets.ts#L2 you should never ever import /cc @danielroe it happened again... I will try to check import protection. (~> nuxt/nuxt#25162) |
Thanks to your comment @pi0 I was able to make the right assumptions when looking through my package.json. Looks like the culprit was a plugin to generate sitemaps ( Thanks again everyone for your help on this, even though your work wasn't causing the bug at all. It also made me aware that your package exists. :) |
@Baroshem we can remove 05-cspSsgPresets.ts, it is not a critical component of the module |
|
Hi @pi0 FYI we have
|
Hi @Baroshem |
Awesome @vejja Thanks for looking into it. For now, I was not successful with trying to refactor the cspPresetPlugin to make it work without nuxt kit :( I will try to do some coding today and tomorrow to see if I can make it work |
Hey guys, I have just published a 1.0.1 version where we removed the part of the code that was causing the issues. We will refactor it for the next major version that we want to release next week probably (1.1.0) Sorry it tooked so long but we wanted to refactor the code without disabling functionality but we didnt make it so we will do it in the next release. Could you please verify if the issue is gone? |
@Baroshem Thank you for this, I can confirm my build now works with 1.0.1 |
Thank you @vejja :) |
|
I think it is probably safest that you disable this flag in meantime. CSP should ideally come to the nitro/nuxt core for proper support in all conditions. I also made an upstream idea in nitro unjs/nitro#2119 that it can allow same solution you currently do, little more generic so similar usecases can leverage. Otherwise @danielroe is correct, useNitro is build time and useNitroApp is runtime. |
Thanks @danielroe @pi0 I tried using The plugin (you said flag Pooya) is already disabled in 1.0.1 version to unblock people in this thread but I wanted to publish 1.1.0 next week with a fix for this plugin so that it can appear again. But from what I understand, it is better to remove it and wait for the nitro replacement, am I right? |
Version
Steps to reproduce
Upgrading nuxt-security beyond 1.0.0-rc.2 breaks deployment to Cloudflare Workers using preset cloudflare_module.
ERROR Cannot resolve "node-fetch-native/native/proxy" from "..." and externals are not allowed!
The text was updated successfully, but these errors were encountered: