@abtnode/router-provider 1.16.49-beta-20250829-075052-2563fcb3 → 1.16.49

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/nginx/index.js +3 -2
  2. package/lib/nginx/util.js +5 -0
  3. package/package.json +8 -8
package/lib/nginx/index.js CHANGED
@@ -915,7 +915,7 @@ class NginxProvider extends BaseProvider {
915
915
 
916
916
  const cspFrameSources = [...CSP_OFFICIAL_SOURCES, ...CSP_SYSTEM_SOURCES];
917
917
 
918
- const cspPolicy = `default-src 'self'; frame-src 'self' ${cspFrameSources.join(' ')}; frame-ancestors 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' ${cspImgSources.join(' ')}; font-src 'self' data:; connect-src 'self' ${cspConnectSources.join(' ')} */.well-known/ping; base-uri 'self'; object-src 'none'`;
918
+ const cspPolicy = `default-src 'self'; frame-src 'self' ${cspFrameSources.join(' ')}; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' ${CSP_THIRD_PARTY_SOURCES.join(' ')}; style-src 'self' 'unsafe-inline'; img-src 'self' ${cspImgSources.join(' ')}; font-src 'self' data:; connect-src 'self' ${cspConnectSources.join(' ')} */.well-known/ping; base-uri 'self'; object-src 'none'`;
919
919
  const cspLine = `add_header Content-Security-Policy "${cspPolicy}" always;`;
920
920
 
921
921
  try {
@@ -942,7 +942,7 @@ class NginxProvider extends BaseProvider {
942
942
  '# Use "no-referrer" if you want the strictest setting.',
943
943
  'add_header Referrer-Policy "strict-origin-when-cross-origin" always;',
944
944
  'add_header Permissions-Policy "geolocation=(), microphone=(), camera=(), payment=(), usb=(), bluetooth=(), fullscreen=(), xr-spatial-tracking=(), magnetometer=(), gyroscope=(), accelerometer=(), browsing-topics=()" always;',
945
- 'add_header X-Frame-Options "DENY" always;',
945
+ 'add_header X-Frame-Options "SAMEORIGIN" always;',
946
946
  '# Content-Security-Policy (CSP):',
947
947
  '# Mitigates XSS by restricting resource loading.',
948
948
  '# This baseline only allows self-hosted resources, blocks framing,',
@@ -1132,6 +1132,7 @@ class NginxProvider extends BaseProvider {
1132
1132
  const httpsServerUnit = this._addHttpsServerUnit({ conf, serverName, certificateFileName });
1133
1133
 
1134
1134
  this._addSecurityHeaders(httpsServerUnit, serviceType);
1135
+ httpsServerUnit._addVerbatimBlock('if ($has_multi_origin)', 'return 400;');
1135
1136
 
1136
1137
  const httpServerUnit = this._addHttpServerUnit({ conf, serverName });
1137
1138
  httpServerUnit._add('return', '307 https://$host$request_uri'); // redirect to https if has https
package/lib/nginx/util.js CHANGED
@@ -217,6 +217,11 @@ real_ip_recursive ${proxyPolicy?.trustRecursive ? 'on' : 'off'};`
217
217
  default upgrade;
218
218
  '' "";
219
219
  }
220
+ map $http_origin $has_multi_origin {
221
+ default 0;
222
+ ~*, 1;
223
+ }
224
+
220
225
  client_body_temp_path ${path.join(tmpDir, 'client_body')};
221
226
  proxy_temp_path ${path.join(tmpDir, 'proxy')};
222
227
  fastcgi_temp_path ${path.join(tmpDir, 'fastcgi')};
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@abtnode/router-provider",
3
- "version": "1.16.49-beta-20250829-075052-2563fcb3",
3
+ "version": "1.16.49",
4
4
  "description": "Routing engine implementations for abt node",
5
5
  "author": "polunzh <polunzh@gmail.com>",
6
6
  "homepage": "https://github.com/ArcBlock/blocklet-server#readme",
@@ -32,14 +32,14 @@
32
32
  "url": "https://github.com/ArcBlock/blocklet-server/issues"
33
33
  },
34
34
  "dependencies": {
35
- "@abtnode/constant": "1.16.49-beta-20250829-075052-2563fcb3",
36
- "@abtnode/db-cache": "1.16.49-beta-20250829-075052-2563fcb3",
37
- "@abtnode/logger": "1.16.49-beta-20250829-075052-2563fcb3",
38
- "@abtnode/router-templates": "1.16.49-beta-20250829-075052-2563fcb3",
39
- "@abtnode/util": "1.16.49-beta-20250829-075052-2563fcb3",
35
+ "@abtnode/constant": "1.16.49",
36
+ "@abtnode/db-cache": "1.16.49",
37
+ "@abtnode/logger": "1.16.49",
38
+ "@abtnode/router-templates": "1.16.49",
39
+ "@abtnode/util": "1.16.49",
40
40
  "@arcblock/http-proxy": "^1.19.1",
41
41
  "@arcblock/is-valid-domain": "^1.0.5",
42
- "@ocap/util": "^1.24.0",
42
+ "@ocap/util": "^1.24.3",
43
43
  "axios": "^1.7.9",
44
44
  "debug": "^4.4.1",
45
45
  "fast-glob": "^3.3.2",
@@ -62,5 +62,5 @@
62
62
  "bluebird": "^3.7.2",
63
63
  "fs-extra": "^11.2.0"
64
64
  },
65
- "gitHead": "00522456124ad574b52f682e9debe33864469de0"
65
+ "gitHead": "58c3ce97ab6586c52c5cee838a072d49ccb59b4b"
66
66
  }