@abtnode/util 1.16.53-beta-20251013-005429-ca3b05de → 1.16.53-beta-20251013-075536-64fcb94b

package/lib/security.js

@@ -7,7 +7,7 @@ const { dirname, join, sep } = require('path');
 const resolve = require('resolve/sync');
 const { tmpdir, homedir } = require('os');
 const which = require('which');
-const { withHttps, withHttp } = require('ufo');
+const { withHttps } = require('ufo');
 const { exec } = require('child_process');
 const { promisify } = require('util');
 
@@ -286,8 +286,7 @@ async function patchResponseHeader(rawConfig, { node, blocklet, trustedDomains =
     'connect-src',
     [
       "'self'",
-      // 默认只需要写 http，会同时放行 https；反之不成立
-      ...domainAliases.filter((x) => x).map((x) => `http://${x}/.well-known/ping`),
+      ...domainAliases.filter((x) => x).map((x) => `https://${x}/.well-known/ping`),
 
       // 以下三个域名都是 iconify 的服务
       'https://api.simplesvg.com',
@@ -312,7 +311,7 @@ async function patchResponseHeader(rawConfig, { node, blocklet, trustedDomains =
       "'self'",
       // stripe 服务
       'https://js.stripe.com',
-      ...trustedDomains.filter(Boolean).map((x) => `http://${x}`),
+      ...trustedDomains.filter(Boolean).map((x) => `https://${x}`),
     ]
   );
 
@@ -322,7 +321,7 @@ async function patchResponseHeader(rawConfig, { node, blocklet, trustedDomains =
     [
       "'self'",
       ...(blocklet.settings.userSpaceHosts || []).map((x) => `https://${x}`),
-      ...trustedDomains.filter(Boolean).map((x) => `http://${x}`),
+      ...trustedDomains.filter(Boolean).map((x) => `https://${x}`),
     ]
   );
 
@@ -338,7 +337,7 @@ async function patchCors(rawConfig, { node, blocklet }) {
     const nodeInfo = await node.getNodeInfo({ useCache: true });
     let domainAliases = await node.getBlockletDomainAliases({ blocklet, nodeInfo });
     domainAliases = (domainAliases || []).map((x) => x.value);
-    result.push(...domainAliases.map((x) => withHttps(x)), ...domainAliases.map((x) => withHttp(x)));
+    result.push(...domainAliases.map((x) => withHttps(x)));
     // 获取所有统一登录站点群的所有域名别名
     const federated = blocklet.settings.federated || {};
     const sites = (federated?.sites || []).filter((x) => x?.isMaster !== false || x.status === 'approved');
@@ -347,7 +346,7 @@ async function patchCors(rawConfig, { node, blocklet }) {
       siteAlias.push(new URL(site.appUrl).hostname);
       siteAlias.push(...(site.aliasDomain || []));
     }
-    result.push(...siteAlias.map((x) => withHttps(x)), ...siteAlias.map((x) => withHttp(x)));
+    result.push(...siteAlias.map((x) => withHttps(x)));
     config.origin.value = [...new Set(result)];
   }
   return config;

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.16.53-beta-20251013-005429-ca3b05de",
+  "version": "1.16.53-beta-20251013-075536-64fcb94b",
   "description": "ArcBlock's JavaScript utility",
   "main": "lib/index.js",
   "files": [
@@ -18,14 +18,14 @@
   "author": "polunzh <polunzh@gmail.com> (http://github.com/polunzh)",
   "license": "Apache-2.0",
   "dependencies": {
-    "@abtnode/constant": "1.16.53-beta-20251013-005429-ca3b05de",
-    "@abtnode/db-cache": "1.16.53-beta-20251013-005429-ca3b05de",
+    "@abtnode/constant": "1.16.53-beta-20251013-075536-64fcb94b",
+    "@abtnode/db-cache": "1.16.53-beta-20251013-075536-64fcb94b",
     "@arcblock/did": "1.25.6",
     "@arcblock/event-hub": "1.25.6",
     "@arcblock/pm2": "^6.0.12",
-    "@blocklet/constant": "1.16.53-beta-20251013-005429-ca3b05de",
+    "@blocklet/constant": "1.16.53-beta-20251013-075536-64fcb94b",
     "@blocklet/error": "^0.2.5",
-    "@blocklet/meta": "1.16.53-beta-20251013-005429-ca3b05de",
+    "@blocklet/meta": "1.16.53-beta-20251013-075536-64fcb94b",
     "@blocklet/xss": "^0.2.9",
     "@ocap/client": "1.25.6",
     "@ocap/mcrypto": "1.25.6",
@@ -91,5 +91,5 @@
     "fs-extra": "^11.2.0",
     "jest": "^29.7.0"
   },
-  "gitHead": "fa6cf9ee72911e51fb53cfbee9dfc0e781c60bd4"
+  "gitHead": "0c9fd57c3ffd075ed9f0ed365f76167f91f11f5a"
 }