@adobe/helix-config 5.8.0 → 5.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +7 -0
  2. package/package.json +2 -2
  3. package/src/config-merge.js +1 -1
  4. package/src/config-view.js +36 -0
package/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ # [5.9.0](https://github.com/adobe/helix-config/compare/v5.8.0...v5.9.0) (2026-01-07)
2
+
3
+
4
+ ### Features
5
+
6
+ * add trusted origins header in delivery and pipeline scope ([#349](https://github.com/adobe/helix-config/issues/349)) ([0a4a8c1](https://github.com/adobe/helix-config/commit/0a4a8c1b39a597f1b43fd11ca5978c0e167db9e3))
7
+
1
8
  # [5.8.0](https://github.com/adobe/helix-config/compare/v5.7.0...v5.8.0) (2025-12-17)
2
9
 
3
10
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@adobe/helix-config",
3
- "version": "5.8.0",
3
+ "version": "5.9.0",
4
4
  "description": "Helix Config",
5
5
  "main": "src/index.js",
6
6
  "types": "src/index.d.ts",
@@ -39,7 +39,7 @@
39
39
  "@eslint/config-helpers": "0.5.0",
40
40
  "@semantic-release/changelog": "6.0.3",
41
41
  "@semantic-release/git": "10.0.1",
42
- "@semantic-release/npm": "13.1.2",
42
+ "@semantic-release/npm": "13.1.3",
43
43
  "c8": "10.1.3",
44
44
  "eslint": "9.4.0",
45
45
  "husky": "9.1.7",
package/src/config-merge.js CHANGED
@@ -14,7 +14,7 @@
14
14
  /**
15
15
  * @typedef RootProperty
16
16
  * @property {boolean} atomic whether the property should be overwritten atomically
17
- * @property {boolean} isModified whether the property need special merging
17
+ * @property {boolean} isModifier whether the property need special merging
18
18
  */
19
19
 
20
20
  const ROOT_PROPERTIES = {
package/src/config-view.js CHANGED
@@ -554,6 +554,40 @@ async function computeSiteAdminRoles(ctx, siteConfig, admin, orgConfig, configGr
554
554
  return ret;
555
555
  }
556
556
 
557
+ /**
558
+ * Compute the trusted hosts for the given site.
559
+ * @param {string} org The org name
560
+ * @param {strinf} site The site name
561
+ * @param {SiteConfig} siteConfig The site config
562
+ * @returns {string[]} The trusted hosts
563
+ */
564
+ function computeTrustedHosts(org, site, siteConfig) {
565
+ const trustedHosts = [
566
+ `*--${site}--${org}.aem.page`,
567
+ `*--${site}--${org}.aem.live`,
568
+ `*--${site}--${org}.aem.reviews`,
569
+ `*--${site}--${org}.aem.network`,
570
+ ];
571
+
572
+ if (siteConfig.cdn?.preview?.host) {
573
+ trustedHosts.push(siteConfig.cdn.preview.host);
574
+ }
575
+
576
+ if (siteConfig.cdn?.live?.host) {
577
+ trustedHosts.push(siteConfig.cdn.live.host);
578
+ }
579
+
580
+ if (siteConfig.cdn?.prod?.host) {
581
+ trustedHosts.push(siteConfig.cdn.prod.host);
582
+ }
583
+
584
+ if (siteConfig.sidekick?.trustedHosts) {
585
+ trustedHosts.push(...siteConfig.sidekick.trustedHosts);
586
+ }
587
+
588
+ return trustedHosts;
589
+ }
590
+
557
591
  export async function getConfigResponse(ctx, opts) {
558
592
  const {
559
593
  ref, site, org, scope,
@@ -647,6 +681,7 @@ export async function getConfigResponse(ctx, opts) {
647
681
  'x-hlx-repo': config.code.repo,
648
682
  'x-hlx-auth-hash-preview': canonicalArrayString(config.access, 'preview', 'tokenHash'),
649
683
  'x-hlx-auth-hash-live': canonicalArrayString(config.access, 'live', 'tokenHash'),
684
+ 'x-hlx-trusted-hosts': computeTrustedHosts(org, site, config).join(','),
650
685
  },
651
686
  });
652
687
  }
@@ -716,6 +751,7 @@ export async function getConfigResponse(ctx, opts) {
716
751
  access: config.access,
717
752
  legacy: config.legacy,
718
753
  lastModified: siteConfig.lastModified,
754
+ trustedHosts: computeTrustedHosts(org, site, config),
719
755
  };
720
756
  if (config.features) {
721
757
  pipelineConfig.features = config.features;