evercookie VS Nuxt 3

For a bad actor, this is easily work-around-able using various local persistence mechanisms like evercookie. https://samy.pl/evercookie/

If you're talking about the https://samy.pl/evercookie script, for what it's worth, you can defeat it (at least I can with my settings and no extensions) by...

This reminded me of something I haven't thought about in awhile: evercookie - https://github.com/samyk/evercookie

Sure, as Sevetarion said earlier "There is no actual cooke, it's just a metaphor". In contrast to "fingerprinting" a user's unique device configuration (as the rest of this demo does), anti-tracking folks use the term "cookie" broadly to refer to various ways sites can store unique values to be retrieved later. This usage grew out of Samy Kamkar's awesome "Evercookie" work in 2010 (later aka "supercookie") https://samy.pl/evercookie/

Nothing comes to mind directly, sorry. It’s something I want to look deeper into myself as well. One cool thing to look at is evercookie which is a GitHub project that allows you to make tracking cookies and the likes. The repo itself hasn’t been updated in a while but can probably be a good source of information.

Evercookie and the Favicon vuln

Client side: Use Evercookie

Also note, something like the Evercookie may also still be a thing that works. It stores data not only in cookies, but also in everything else that can retain any form of state (localStorage, HTTP browser history, HTTP cache for custom fingerprinted images generated by the server, etc.), and if even one spot doesn't get cleared by the user, the script can re-populate all the spots making for a very persistent "cookie."

- https://github.com/nuxt/framework: An intuitive framework for building web applications, built for the edge.

It uses Nuxi for Command line interface,

Note, the repo linked below, https://github.com/danielroe/nuxt-zero-js, was an experiment that I subsequently moved into Nuxt core: https://github.com/nuxt/framework/pull/7248. I plan to update it to test out per-route zero-JS via a route rule.

I asked this before on the Github discussion https://github.com/nuxt/framework/discussions/10073, but I haven't found an answer yet.

Also one I've reported a long time ago, that's still an issue today: If you start the Nuxt dev server without create the server/ folder, Nuxt isn't going to be able to read any of your server/api files. You have to create the folder and restart the dev server. Only then, it will start detecting your server files. This is an issue on both Windows and Linux.

Perhaps this thread can help you.

But there is a catch, nuxt.config does not allow functions in it. And it could be bother to mention this in every single page. Also, the later part is supposed to act like a Default or Fallback. Hmm.. Now what? Well, that where plugins system comes in. I can create a Plugin named title and add this logic there, which will be implemented on every page. Also, Nuxt devs mentioned this approach here.

I've found a matching issue with a solution I can use as a hotfix for now: https://github.com/nuxt/framework/issues/6648

https://github.com/nuxt/framework/issues/3587 (upstream Vue bug maybe?) https://github.com/nuxt/framework/issues/8634 https://github.com/nuxt/framework/issues/8611

This issue is where I started, and I noticed that in my project, setting the cookie header manually, or through a composable on the server-side doesn't actually set it in the browser (it doesn't show up in the developer tools). They've listed workarounds, but they're just that - the first link (when it comes back up, will show a messy composable you can write). Everything works fine with `axios` (instead of their built-in data fetching APIs), but the request seems to be executed twice on page load for some reason.