-
Notifications
You must be signed in to change notification settings - Fork 84
Expand file tree
/
Copy pathmodule.ts
More file actions
785 lines (727 loc) · 29.5 KB
/
module.ts
File metadata and controls
785 lines (727 loc) · 29.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
import type { FetchOptions } from 'ofetch'
import type { InterceptRule } from './proxy-configs'
import type { ProxyPrivacyInput } from './runtime/server/utils/privacy'
import type {
NuxtConfigScriptRegistry,
NuxtUseScriptInput,
NuxtUseScriptOptionsSerializable,
RegistryScript,
RegistryScripts,
} from './runtime/types'
import { existsSync, readdirSync, readFileSync } from 'node:fs'
import {
addBuildPlugin,
addComponentsDir,
addImports,
addPluginTemplate,
addServerHandler,
addTemplate,
createResolver,
defineNuxtModule,
hasNuxtModule,
} from '@nuxt/kit'
import { defu } from 'defu'
import { resolve as resolvePath_ } from 'pathe'
import { readPackageJSON } from 'pkg-types'
import { setupPublicAssetStrategy } from './assets'
import { setupDevToolsUI } from './devtools'
import { installNuxtModule } from './kit'
import { logger } from './logger'
import { NuxtScriptsCheckScripts } from './plugins/check-scripts'
import { NuxtScriptBundleTransformer } from './plugins/transform'
import { getAllProxyConfigs, routesToInterceptRules } from './proxy-configs'
import { registry } from './registry'
import { registerTypeTemplates, templatePlugin, templateTriggerResolver } from './templates'
declare module '@nuxt/schema' {
interface NuxtHooks {
'scripts:registry': (registry: RegistryScripts) => void | Promise<void>
}
}
/**
* Global privacy override for all first-party proxy requests.
*
* By default (`undefined`), each script uses its own privacy controls declared in the registry.
* Setting this overrides all per-script defaults:
*
* - `true` - Full anonymize: anonymizes IP, normalizes User-Agent/language,
* generalizes screen/hardware/canvas/timezone data.
*
* - `false` - Passthrough: forwards headers and data, but strips sensitive
* auth/session headers (cookie, authorization).
*
* - `{ ip: false }` - Selective: override individual flags. Unset flags inherit
* from the per-script default.
*/
export type FirstPartyPrivacy = ProxyPrivacyInput
export interface FirstPartyOptions {
/**
* Path prefix for serving bundled scripts.
*
* This is where the downloaded and rewritten script files are served from.
* @default '/_scripts'
* @example '/_analytics'
*/
prefix?: string
/**
* Path prefix for collection/tracking proxy endpoints.
*
* Analytics collection requests are proxied through these paths.
* For example, Google Analytics collection goes to `/_scripts/c/ga/g/collect`.
* @default '/_proxy'
* @example '/_tracking'
*/
collectPrefix?: string
/**
* Global privacy override for all proxied scripts.
*
* By default, each script uses its own privacy controls from the registry.
* Set this to override all scripts at once:
*
* - `true` - Full anonymize for all scripts
* - `false` - Passthrough for all scripts (still strips sensitive auth headers)
* - `{ ip: false }` - Selective override (unset flags inherit per-script defaults)
*
* @default undefined
*/
privacy?: FirstPartyPrivacy
}
/**
* Partytown forward config for registry scripts.
* Scripts not listed here are likely incompatible due to DOM access requirements.
* @see https://partytown.qwik.dev/forwarding-events
*/
// Matches self-closing PascalCase or kebab-case tags starting with "Script"/"script-"
// e.g. <ScriptYouTubePlayer video-id="x" /> or <script-youtube-player />
const SELF_CLOSING_SCRIPT_RE = /<((?:Script[A-Z]|script-)\w[\w-]*)\b([^>]*?)\/\s*>/g
/**
* Expand self-closing `<Script*>` component tags in page files to work around
* a Nuxt core regex issue (nuxt `SFC_SCRIPT_RE` uses case-insensitive matching).
*/
function fixSelfClosingScriptComponents(nuxt: any) {
function expandTags(content: string): string | null {
SELF_CLOSING_SCRIPT_RE.lastIndex = 0
if (!SELF_CLOSING_SCRIPT_RE.test(content))
return null
SELF_CLOSING_SCRIPT_RE.lastIndex = 0
return content.replace(SELF_CLOSING_SCRIPT_RE, (_, tag, attrs) => `<${tag}${attrs.trimEnd()}></${tag}>`)
}
function fixFile(filePath: string) {
if (!existsSync(filePath))
return
const content = readFileSync(filePath, 'utf-8')
const fixed = expandTags(content)
if (fixed)
nuxt.vfs[filePath] = fixed
}
function scanDir(dir: string) {
if (!existsSync(dir))
return
for (const entry of readdirSync(dir, { withFileTypes: true })) {
const fullPath = resolvePath_(dir, entry.name)
if (entry.isDirectory())
scanDir(fullPath)
else if (entry.name.endsWith('.vue'))
fixFile(fullPath)
}
}
const pagesDirs = new Set<string>()
for (const layer of nuxt.options._layers) {
pagesDirs.add(resolvePath_(
layer.config.srcDir,
layer.config.dir?.pages || 'pages',
))
}
for (const dir of pagesDirs) scanDir(dir)
// Keep VFS entries fresh during dev HMR
if (nuxt.options.dev) {
nuxt.hook('builder:watch', (_event: string, relativePath: string) => {
if (!relativePath.endsWith('.vue'))
return
for (const layer of nuxt.options._layers) {
const fullPath = resolvePath_(layer.config.srcDir, relativePath)
for (const dir of pagesDirs) {
if (fullPath.startsWith(`${dir}/`)) {
fixFile(fullPath)
return
}
}
}
})
}
}
const PARTYTOWN_FORWARDS: Record<string, string[]> = {
googleAnalytics: ['dataLayer.push', 'gtag'],
plausible: ['plausible'],
fathom: ['fathom', 'fathom.trackEvent', 'fathom.trackPageview'],
umami: ['umami', 'umami.track'],
matomo: ['_paq.push'],
segment: ['analytics', 'analytics.track', 'analytics.page', 'analytics.identify'],
metaPixel: ['fbq'],
xPixel: ['twq'],
tiktokPixel: ['ttq.track', 'ttq.page', 'ttq.identify'],
snapchatPixel: ['snaptr'],
redditPixel: ['rdt'],
cloudflareWebAnalytics: ['__cfBeacon'],
}
export interface ModuleOptions {
/**
* Route third-party scripts through your domain for improved privacy.
*
* When enabled, scripts are downloaded at build time and served from your domain.
* Collection endpoints (analytics, pixels) are also routed through your server,
* keeping user IPs private and eliminating third-party cookies.
*
* **Benefits:**
* - User IPs stay private (third parties see your server's IP)
* - No third-party cookies (requests are same-origin)
* - Works with ad blockers (requests appear first-party)
* - Faster loads (no extra DNS lookups)
*
* **Options:**
* - `true` - Enable for all supported scripts (default)
* - `false` - Disable (scripts load directly from third parties)
* - `{ collectPrefix: '/_analytics' }` - Enable with custom paths
*
* For static hosting, scripts are bundled but proxy endpoints require
* platform rewrites (see docs). A warning is shown for static presets.
*
* @default true
* @see https://scripts.nuxt.com/docs/guides/first-party
*/
firstParty?: boolean | FirstPartyOptions
/**
* The registry of supported third-party scripts. Loads the scripts in globally using the default script options.
*/
registry?: NuxtConfigScriptRegistry
/**
* Registry scripts to load via Partytown (web worker).
* Shorthand for setting `partytown: true` on individual registry scripts.
* @example ['googleAnalytics', 'plausible', 'fathom']
*/
partytown?: (keyof NuxtConfigScriptRegistry)[]
/**
* Default options for scripts.
*/
defaultScriptOptions?: NuxtUseScriptOptionsSerializable
/**
* Register scripts that should be loaded globally on all pages.
*/
globals?: Record<string, NuxtUseScriptInput | [NuxtUseScriptInput, NuxtUseScriptOptionsSerializable]>
/** Configure the way scripts assets are exposed */
assets?: {
/**
* The baseURL where scripts files are served.
* @default '/_scripts/'
*/
prefix?: string
/**
* Scripts assets are exposed as public assets as part of the build.
*
* TODO Make configurable in future.
*/
strategy?: 'public'
/**
* Fallback to src if bundle fails to load.
* The default behavior is to stop the bundling process if a script fails to be downloaded.
* @default false
*/
fallbackOnSrcOnBundleFail?: boolean
/**
* Configure the fetch options used for downloading scripts.
*/
fetchOptions?: FetchOptions
/**
* Cache duration for bundled scripts in milliseconds.
* Scripts older than this will be re-downloaded during builds.
* @default 604800000 (7 days)
*/
cacheMaxAge?: number
/**
* Enable automatic integrity hash generation for bundled scripts.
* When enabled, calculates SRI (Subresource Integrity) hash and injects
* integrity attribute along with crossorigin="anonymous".
*
* @default false
*/
integrity?: boolean | 'sha256' | 'sha384' | 'sha512'
}
/**
* Google Static Maps proxy configuration.
* Proxies static map images through your server to fix CORS issues and enable caching.
*/
googleStaticMapsProxy?: {
/**
* Enable proxying Google Static Maps through your own origin.
* @default false
*/
enabled?: boolean
/**
* Cache duration for static map images in seconds.
* @default 3600 (1 hour)
*/
cacheMaxAge?: number
}
/**
* Google Geocode proxy configuration.
* Proxies Places API geocoding through your server with aggressive caching
* to reduce API costs for place name to coordinate resolution.
*/
googleGeocodeProxy?: {
/**
* Enable geocode proxying through your own origin.
* @default false
*/
enabled?: boolean
/**
* Cache duration for geocode results in seconds.
* @default 86400 (24 hours)
*/
cacheMaxAge?: number
}
/**
* Whether the module is enabled.
*
* @default true
*/
enabled: boolean
/**
* Enables debug mode.
*
* @false false
*/
debug: boolean
}
export interface ModuleHooks {
'scripts:registry': (registry: RegistryScripts) => void | Promise<void>
}
export default defineNuxtModule<ModuleOptions>({
meta: {
name: '@nuxt/scripts',
configKey: 'scripts',
compatibility: {
nuxt: '>=3.16',
},
},
defaults: {
firstParty: true,
defaultScriptOptions: {
trigger: 'onNuxtReady',
},
assets: {
fetchOptions: {
retry: 3, // Specifies the number of retry attempts for failed fetches.
retryDelay: 2000, // Specifies the delay (in milliseconds) between retry attempts.
timeout: 15_000, // Configures the maximum time (in milliseconds) allowed for each fetch attempt.
},
},
googleStaticMapsProxy: {
enabled: false,
cacheMaxAge: 3600,
},
googleGeocodeProxy: {
enabled: false,
cacheMaxAge: 86400,
},
enabled: true,
debug: false,
},
async setup(config, nuxt) {
const { resolvePath } = createResolver(import.meta.url)
const { version, name } = await readPackageJSON(await resolvePath('../package.json'))
nuxt.options.alias['#nuxt-scripts-validator'] = await resolvePath(`./runtime/validation/${(nuxt.options.dev || nuxt.options._prepare) ? 'valibot' : 'mock'}`)
nuxt.options.alias['#nuxt-scripts'] = await resolvePath('./runtime')
logger.level = (config.debug || nuxt.options.debug) ? 4 : 3
if (!config.enabled) {
// TODO fallback to useHead?
logger.debug('The module is disabled, skipping setup.')
return
}
// couldn't be found for some reason, assume compatibility
const { version: unheadVersion } = await readPackageJSON('@unhead/vue', {
from: nuxt.options.modulesDir,
}).catch(() => ({ version: null }))
if (unheadVersion?.startsWith('1')) {
logger.error(`Nuxt Scripts requires Unhead >= 2, you are using v${unheadVersion}. Please run \`nuxi upgrade --clean\` to upgrade...`)
}
const mapsApiKey = (nuxt.options.runtimeConfig.public.scripts as any)?.googleMaps?.apiKey
nuxt.options.runtimeConfig['nuxt-scripts'] = {
version: version!,
// Private proxy config with API key (server-side only)
googleStaticMapsProxy: config.googleStaticMapsProxy?.enabled
? { apiKey: mapsApiKey }
: undefined,
googleGeocodeProxy: config.googleGeocodeProxy?.enabled
? { apiKey: mapsApiKey }
: undefined,
} as any
nuxt.options.runtimeConfig.public['nuxt-scripts'] = {
// expose for devtools
version: nuxt.options.dev ? version : undefined,
defaultScriptOptions: config.defaultScriptOptions as any,
// Only expose enabled and cacheMaxAge to client, not apiKey
googleStaticMapsProxy: config.googleStaticMapsProxy?.enabled
? { enabled: true, cacheMaxAge: config.googleStaticMapsProxy.cacheMaxAge }
: undefined,
googleGeocodeProxy: config.googleGeocodeProxy?.enabled
? { enabled: true, cacheMaxAge: config.googleGeocodeProxy.cacheMaxAge }
: undefined,
} as any
// Merge registry config with existing runtimeConfig.public.scripts for proper env var resolution
// Both scripts.registry and runtimeConfig.public.scripts should be supported
if (config.registry) {
// Ensure runtimeConfig.public exists
nuxt.options.runtimeConfig.public = nuxt.options.runtimeConfig.public || {}
nuxt.options.runtimeConfig.public.scripts = defu(
nuxt.options.runtimeConfig.public.scripts || {},
config.registry,
)
}
// Handle deprecation of bundle option
if (config.defaultScriptOptions?.bundle !== undefined) {
logger.warn(
'`scripts.defaultScriptOptions.bundle` is deprecated. '
+ 'Use `scripts.firstParty: true` instead. First-party mode is now enabled by default.',
)
}
// Resolve first-party configuration
const staticPresets = ['static', 'github-pages', 'cloudflare-pages-static']
const preset = process.env.NITRO_PRESET || ''
const isStaticPreset = staticPresets.includes(preset)
const firstPartyEnabled = !!config.firstParty
const firstPartyPrefix = typeof config.firstParty === 'object' ? config.firstParty.prefix : undefined
const firstPartyCollectPrefix = typeof config.firstParty === 'object'
? config.firstParty.collectPrefix || '/_proxy'
: '/_proxy'
const firstPartyPrivacy: ProxyPrivacyInput | undefined = typeof config.firstParty === 'object'
? config.firstParty.privacy
: undefined
const assetsPrefix = firstPartyPrefix || config.assets?.prefix || '/_scripts'
// Process partytown shorthand - add partytown: true to specified registry scripts
// and auto-configure @nuxtjs/partytown forward array
if (config.partytown?.length) {
config.registry = config.registry || {}
const requiredForwards: string[] = []
for (const scriptKey of config.partytown) {
// Collect required forwards for this script
const forwards = PARTYTOWN_FORWARDS[scriptKey]
if (forwards) {
requiredForwards.push(...forwards)
}
else if (import.meta.dev) {
logger.warn(`[partytown] "${scriptKey}" has no known Partytown forwards configured. It may not work correctly or may require manual forward configuration.`)
}
const reg = config.registry as Record<string, any>
const existing = reg[scriptKey]
if (Array.isArray(existing)) {
// [input, options] format - merge partytown into options
existing[1] = { ...existing[1], partytown: true }
}
else if (existing && typeof existing === 'object' && existing !== true && existing !== 'mock') {
// input object format - wrap with partytown option
reg[scriptKey] = [existing, { partytown: true }]
}
else if (existing === true || existing === 'mock') {
// simple enable - convert to array with partytown
reg[scriptKey] = [{}, { partytown: true }]
}
else {
// not configured - add with partytown enabled
reg[scriptKey] = [{}, { partytown: true }]
}
}
// Auto-configure @nuxtjs/partytown forward array
if (requiredForwards.length && hasNuxtModule('@nuxtjs/partytown')) {
const partytownConfig = (nuxt.options as any).partytown || {}
const existingForwards = partytownConfig.forward || []
const newForwards = [...new Set([...existingForwards, ...requiredForwards])]
; (nuxt.options as any).partytown = { ...partytownConfig, forward: newForwards }
logger.info(`[partytown] Auto-configured forwards: ${requiredForwards.join(', ')}`)
}
}
const composables = [
'useScript',
'useScriptEventPage',
'useScriptTriggerConsent',
'useScriptTriggerElement',
'useScriptTriggerIdleTimeout',
'useScriptTriggerInteraction',
'useScriptTriggerServiceWorker',
]
for (const composable of composables) {
addImports({
priority: 2,
name: composable,
as: composable,
from: await resolvePath(`./runtime/composables/${composable}`),
})
}
addComponentsDir({
path: await resolvePath('./runtime/components'),
pathPrefix: false,
})
// Fix #613: Self-closing <Script*> tags break Nuxt's definePageMeta extraction.
// Nuxt's SFC_SCRIPT_RE regex uses case-insensitive matching, so <ScriptFoo /> is
// matched as a <script> opening tag. Without a closing </ScriptFoo>, the regex
// consumes the real </script> closing tag, losing definePageMeta. Expanding
// self-closing Script* tags to <ScriptFoo></ScriptFoo> provides the closing tag
// that the regex needs to scope its match correctly.
fixSelfClosingScriptComponents(nuxt)
addTemplate({
filename: 'nuxt-scripts-trigger-resolver.mjs',
getContents() {
return templateTriggerResolver(config.defaultScriptOptions)
},
})
logger.debug('[nuxt-scripts] First-party config:', { firstPartyEnabled, firstPartyPrivacy, firstPartyCollectPrefix })
// Populated inside modules:done with only the configured scripts' routes
let interceptRules: InterceptRule[] = []
// Setup first-party proxy mode (must be before modules:done)
if (firstPartyEnabled) {
// Register __nuxtScripts runtime helper — provides sendBeacon/fetch wrappers
// that route matching URLs through the first-party proxy. AST rewriting transforms
// navigator.sendBeacon/fetch calls to use these wrappers at build time.
addPluginTemplate({
filename: 'nuxt-scripts-intercept.client.mjs',
getContents() {
const rulesJson = JSON.stringify(interceptRules)
return `export default defineNuxtPlugin({
name: 'nuxt-scripts:intercept',
enforce: 'pre',
setup() {
const rules = ${rulesJson};
const origBeacon = typeof navigator !== 'undefined' && navigator.sendBeacon
? navigator.sendBeacon.bind(navigator)
: () => false;
const origFetch = globalThis.fetch.bind(globalThis);
function rewriteUrl(url) {
try {
const parsed = new URL(url, location.origin);
for (const rule of rules) {
if (parsed.hostname === rule.pattern || parsed.hostname.endsWith('.' + rule.pattern)) {
if (rule.pathPrefix && !parsed.pathname.startsWith(rule.pathPrefix)) continue;
const path = rule.pathPrefix ? parsed.pathname.slice(rule.pathPrefix.length) : parsed.pathname;
return location.origin + rule.target + (path.startsWith('/') ? '' : '/') + path + parsed.search;
}
}
} catch {}
return url;
}
globalThis.__nuxtScripts = {
sendBeacon: (url, data) => origBeacon(rewriteUrl(url), data),
fetch: (url, opts) => origFetch(typeof url === 'string' ? rewriteUrl(url) : url, opts),
};
},
})
`
},
})
// Register proxy handler for both privacy modes (must be before modules:done)
// Both modes need the handler: 'proxy' strips sensitive headers, 'anonymize' also strips fingerprinting
const proxyHandlerPath = await resolvePath('./runtime/server/proxy-handler')
logger.debug('[nuxt-scripts] Registering proxy handler:', `${firstPartyCollectPrefix}/**`, '->', proxyHandlerPath)
addServerHandler({
route: `${firstPartyCollectPrefix}/**`,
handler: proxyHandlerPath,
})
}
const scripts = await registry(resolvePath) as (RegistryScript & { _importRegistered?: boolean })[]
for (const script of scripts) {
if (script.import?.name) {
addImports({ priority: 2, ...script.import })
script._importRegistered = true
}
}
nuxt.hooks.hook('modules:done', async () => {
const registryScripts = [...scripts]
await nuxt.hooks.callHook('scripts:registry' as any, registryScripts)
for (const script of registryScripts) {
if (script.import?.name && !script._importRegistered) {
addImports({ priority: 3, ...script.import })
}
}
// compare the registryScripts to the original registry to find new scripts
const registryScriptsWithImport = registryScripts.filter(i => !!i.import?.name) as Required<RegistryScript>[]
const newScripts = registryScriptsWithImport.filter(i => !scripts.some(r => r.import?.name === i.import.name))
registerTypeTemplates({ nuxt, config, newScripts })
if (Object.keys(config.globals || {}).length || Object.keys(config.registry || {}).length) {
// create a virtual plugin
addPluginTemplate({
filename: `modules/${name!.replace('/', '-')}/plugin.mjs`,
getContents() {
return templatePlugin(config, registryScriptsWithImport)
},
})
}
const { renderedScript } = setupPublicAssetStrategy(config.assets)
// Inject proxy route rules if first-party mode is enabled
if (firstPartyEnabled) {
const proxyConfigs = getAllProxyConfigs(firstPartyCollectPrefix)
const registryKeys = Object.keys(config.registry || {})
// Collect routes for all configured registry scripts that support proxying
const neededRoutes: Record<string, { proxy: string }> = {}
const routePrivacyOverrides: Record<string, ProxyPrivacyInput> = {}
const unsupportedScripts: string[] = []
for (const key of registryKeys) {
// Find the registry script definition
const script = registryScriptsWithImport.find(s => s.import.name.toLowerCase() === `usescript${key.toLowerCase()}`)
// Only proxy scripts that explicitly opt in with a proxy field
const proxyKey = script?.proxy || undefined
if (proxyKey) {
const proxyConfig = proxyConfigs[proxyKey]
if (proxyConfig?.routes) {
Object.assign(neededRoutes, proxyConfig.routes)
// Record per-script privacy for each route
for (const routePath of Object.keys(proxyConfig.routes)) {
routePrivacyOverrides[routePath] = proxyConfig.privacy
}
}
else {
// Track scripts without proxy support
unsupportedScripts.push(key)
}
}
}
// Auto-inject apiHost for PostHog when first-party proxy is enabled
// PostHog uses NPM mode so URL rewrites don't apply - we set api_host via config instead
if (config.registry?.posthog && typeof config.registry.posthog === 'object') {
// Registry entries can be in array form [inputOptions, scriptOptions] — unwrap to get the actual PostHog input options
const phConfig = (Array.isArray(config.registry.posthog) ? config.registry.posthog[0] : config.registry.posthog) as Record<string, any>
if (phConfig && !phConfig.apiHost) {
const region = phConfig.region || 'us'
phConfig.apiHost = region === 'eu'
? `${firstPartyCollectPrefix}/ph-eu`
: `${firstPartyCollectPrefix}/ph`
}
}
// Warn about scripts that don't support first-party mode
if (unsupportedScripts.length && nuxt.options.dev) {
logger.warn(
`First-party mode is enabled but these scripts don't support it yet: ${unsupportedScripts.join(', ')}.\n`
+ 'They will load directly from third-party servers. Request support at https://github.com/nuxt/scripts/issues',
)
}
// Compute intercept rules from only the configured scripts' routes
interceptRules = routesToInterceptRules(neededRoutes)
// Expose first-party status via runtime config (for DevTools and status endpoint)
const flatRoutes: Record<string, string> = {}
for (const [path, config] of Object.entries(neededRoutes)) {
flatRoutes[path] = config.proxy
}
// Server-side config for proxy privacy handling
nuxt.options.runtimeConfig['nuxt-scripts-proxy'] = {
routes: flatRoutes,
privacy: firstPartyPrivacy, // undefined = use per-script defaults, set = global override
routePrivacy: routePrivacyOverrides, // per-script privacy from registry
} as any
// Proxy handler is registered before modules:done for both privacy modes
if (Object.keys(neededRoutes).length) {
// Log active proxy routes in dev
if (nuxt.options.dev) {
const routeCount = Object.keys(neededRoutes).length
const scriptsCount = registryKeys.length
const privacyLabel = firstPartyPrivacy === undefined ? 'per-script' : typeof firstPartyPrivacy === 'boolean' ? (firstPartyPrivacy ? 'anonymize' : 'passthrough') : 'custom'
logger.success(`First-party mode enabled for ${scriptsCount} script(s), ${routeCount} proxy route(s) configured (privacy: ${privacyLabel})`)
if (logger.level >= 4) {
for (const [path, config] of Object.entries(neededRoutes)) {
logger.debug(` ${path} → ${config.proxy}`)
}
}
}
}
// Warn for static presets with actionable guidance
if (isStaticPreset) {
logger.warn(
`First-party collection endpoints require a server runtime (detected: ${preset || 'static'}).\n`
+ 'Scripts will be bundled, but collection requests will not be proxied.\n'
+ '\n'
+ 'Options:\n'
+ ' 1. Configure platform rewrites (Vercel, Netlify, Cloudflare)\n'
+ ' 2. Switch to server-rendered mode (ssr: true)\n'
+ ' 3. Disable with firstParty: false\n'
+ '\n'
+ 'See: https://scripts.nuxt.com/docs/guides/first-party#static-hosting',
)
}
}
const moduleInstallPromises: Map<string, () => Promise<boolean> | undefined> = new Map()
addBuildPlugin(NuxtScriptsCheckScripts(), {
dev: true,
})
addBuildPlugin(NuxtScriptBundleTransformer({
scripts: registryScriptsWithImport,
registryConfig: nuxt.options.runtimeConfig.public.scripts as Record<string, any> | undefined,
defaultBundle: firstPartyEnabled || config.defaultScriptOptions?.bundle,
firstPartyEnabled,
firstPartyCollectPrefix,
moduleDetected(module) {
if (nuxt.options.dev && module !== '@nuxt/scripts' && !moduleInstallPromises.has(module) && !hasNuxtModule(module))
moduleInstallPromises.set(module, () => installNuxtModule(module))
},
assetsBaseURL: assetsPrefix,
fallbackOnSrcOnBundleFail: config.assets?.fallbackOnSrcOnBundleFail,
fetchOptions: config.assets?.fetchOptions,
cacheMaxAge: config.assets?.cacheMaxAge,
integrity: config.assets?.integrity,
renderedScript,
}))
nuxt.hooks.hook('build:done', async () => {
const initPromise = Array.from(moduleInstallPromises.values())
for (const p of initPromise)
await p?.()
})
})
// Add Google Static Maps proxy handler if enabled
if (config.googleStaticMapsProxy?.enabled) {
addServerHandler({
route: '/_scripts/google-static-maps-proxy',
handler: await resolvePath('./runtime/server/google-static-maps-proxy'),
})
}
// Add Google Geocode proxy handler if enabled
if (config.googleGeocodeProxy?.enabled) {
addServerHandler({
route: '/_scripts/google-maps-geocode-proxy',
handler: await resolvePath('./runtime/server/google-maps-geocode-proxy'),
})
}
// Add Gravatar proxy handler when registry.gravatar is enabled
if (config.registry?.gravatar) {
const gravatarConfig = typeof config.registry.gravatar === 'object' && !Array.isArray(config.registry.gravatar)
? config.registry.gravatar as Record<string, any>
: {}
nuxt.options.runtimeConfig.public['nuxt-scripts'] = defu(
{ gravatarProxy: { cacheMaxAge: gravatarConfig.cacheMaxAge ?? 3600 } },
nuxt.options.runtimeConfig.public['nuxt-scripts'] as any,
) as any
addServerHandler({
route: '/_scripts/gravatar-proxy',
handler: await resolvePath('./runtime/server/gravatar-proxy'),
})
}
// Add X/Twitter embed proxy handlers
addServerHandler({
route: '/api/_scripts/x-embed',
handler: await resolvePath('./runtime/server/x-embed'),
})
addServerHandler({
route: '/api/_scripts/x-embed-image',
handler: await resolvePath('./runtime/server/x-embed-image'),
})
// Add Instagram embed proxy handlers
addServerHandler({
route: '/api/_scripts/instagram-embed',
handler: await resolvePath('./runtime/server/instagram-embed'),
})
addServerHandler({
route: '/api/_scripts/instagram-embed-image',
handler: await resolvePath('./runtime/server/instagram-embed-image'),
})
addServerHandler({
route: '/api/_scripts/instagram-embed-asset',
handler: await resolvePath('./runtime/server/instagram-embed-asset'),
})
if (nuxt.options.dev) {
setupDevToolsUI(config, resolvePath)
}
},
})