Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

cross-request state pollution

See original GitHub issue

Environment

Operating System: Windows_NT
Node Version: v14.19.1
Nuxt Version: 2.16.0-27616340.013f051b
Package Manager: yarn@1.22.18
Builder: webpack
User Config: srcDir, alias, server, bridge, head, serverMiddleware, css, styleResources, plugins, buildModules, gtm, modules, postcss, tailwindcss, typescript, sentry, buefy, image, axios, proxy, render, i18n, router, build, serverHandlers, devServerHandlers
Runtime Modules: @nuxt/image@0.6.2, @nuxtjs/sentry@5.1.7, nuxt-buefy@0.3.31, @nuxtjs/axios@5.13.6, @nuxtjs/proxy@2.1.0, cookie-universal-nuxt@2.2.1, @nuxtjs/i18n@7.2.2, nuxt-sweetalert2@1.0.0
Build Modules: (), @pinia/nuxt@0.3.0, @nuxtjs/eslint-module@3.1.0, @nuxtjs/style-resources@1.2.1, @nuxtjs/gtm@2.4.0, @nuxtjs/tailwindcss@4.2.1, @nuxtjs/dotenv@1.4.1, @nuxt/bridge@3.0.0-27639120.e7a7f9b

Reproduction

I cannot reproduce because this situation happens very comlex code base.

Describe the bug

Although cache-control: max-age=0, private is set in Response Header, nuxt caches this request and this response is returned to other users. Because of this, I am experiencing an info leak.

This only happening on ssr.

Additional context

Our project running in docker and AWS.

Logs

No response

Issue Analytics

State:
Created a year ago
Comments:12 (6 by maintainers)

Top GitHub Comments

2reactions

danielroecommented, Sep 8, 2022

The issue is that you are defining your state outside of the factory function:

const InitialAuthState: AuthState = {
  token: '',
};

export const useAuthStore = defineStore('auth', {
  state: (): AuthState => InitialAuthState,
})

That is why it is shared.

Although the factory function is called fresh each time, it returns the same object. The point of a factory function is to return a different object each time it’s called.

1reaction

danielroecommented, Sep 8, 2022

It shouldn’t be something you need to do. Both Nuxt + pinia should ensure this. Would you create a minimal reproduction so I can look into it further? 🙏

Top Results From Across the Web

Cross-request state pollution ? · Issue #146 - GitHub

I run into the classic cross-request state pollution scenario that is most often encountered when not using the stateFactory option.

Server-Side Rendering (SSR) - Vue.js

We call this cross-request state pollution. We can technically re-initialize all the JavaScript modules on each request, just like we do in browsers....

How to avoid cross-request state pollution problems when ...

In the production environment I can use node:vm to implement a sandbox to avoid cross-request state pollution but the development ...

Cross-State Air Pollution Rule (CSAPR) | US EPA

The Cross-State Air Pollution Rule (CSAPR), requires states to significantly improve air quality by reducing power plant emissions that ...

Cross-State Air Pollution Rule - SCDHEC

On August 25, 2017, the Department added Regulation 61-62.97, Cross-State Air Pollution Rule (CSAPR) Trading Program, to incorporate the EPA's CSAPR trading ...