npm - @adobe/helix-html-pipeline - Versions diffs - 3.5.0 → 3.6.1 - Mend

@adobe/helix-html-pipeline 3.5.0 → 3.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,17 @@
+## [3.6.1](https://github.com/adobe/helix-html-pipeline/compare/v3.6.0...v3.6.1) (2022-10-31)
+### Bug Fixes
+* don't rewrite production urls ([#175](https://github.com/adobe/helix-html-pipeline/issues/175)) ([815c154](https://github.com/adobe/helix-html-pipeline/commit/815c1545bc3e6f960ea320dc775e0edcf2bc414c)), closes [#165](https://github.com/adobe/helix-html-pipeline/issues/165)
+# [3.6.0](https://github.com/adobe/helix-html-pipeline/compare/v3.5.0...v3.6.0) (2022-10-27)
+### Features
+* also support x-fwd-scheme ([#172](https://github.com/adobe/helix-html-pipeline/issues/172)) ([845a5a0](https://github.com/adobe/helix-html-pipeline/commit/845a5a0dada33a3950ffed4f7d6a52090fa6de9a))
 # [3.5.0](https://github.com/adobe/helix-html-pipeline/compare/v3.4.6...v3.5.0) (2022-10-26)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/helix-html-pipeline",
-  "version": "3.5.0",
+  "version": "3.6.1",
   "description": "Helix HTML Pipeline",
   "main": "src/index.js",
   "types": "src/index.d.ts",
@@ -42,13 +42,13 @@
     "@adobe/helix-markdown-support": "5.0.10",
     "@adobe/helix-shared-utils": "2.1.0",
     "cookie": "0.5.0",
-    "github-slugger": "1.4.0",
+    "github-slugger": "1.5.0",
     "hast-util-raw": "7.2.2",
     "hast-util-select": "5.0.2",
     "hast-util-to-html": "8.0.3",
     "hast-util-to-string": "2.0.0",
     "hastscript": "7.1.0",
-    "jose": "4.10.3",
+    "jose": "4.10.4",
     "mdast-util-gfm-footnote": "1.0.1",
     "mdast-util-gfm-strikethrough": "1.0.1",
     "mdast-util-gfm-table": "1.0.6",
@@ -85,7 +85,7 @@
     "eslint-import-resolver-exports": "1.0.0-beta.3",
     "eslint-plugin-header": "3.1.1",
     "eslint-plugin-import": "2.26.0",
-    "esmock": "2.0.6",
+    "esmock": "2.0.7",
     "husky": "8.0.1",
     "js-yaml": "4.1.0",
     "jsdom": "20.0.1",

package/src/steps/utils.js CHANGED Viewed

@@ -175,19 +175,6 @@ export function getAbsoluteUrl(state, url) {
   return resolveUrl(`https://${state.config.host}/`, url);
 }
-/**
- * Checks if the given `str` matches any of the given regs or if `regs` is empty.
- * @param {RegExp[]} regs
- * @param {string} str
- * @returns {boolean} {@code true} if `regs` is empty or if `str` matches any of them.
- */
-function matchAny(regs, str) {
-  if (!regs || regs.length === 0) {
-    return true;
-  }
-  return regs.findIndex((r) => r.test(str)) >= 0;
-}
 /**
  * Rewrites the media, helix or external url. Returns the original if not rewritten.
  * @param {PipelineState} state
@@ -198,9 +185,7 @@ export function rewriteUrl(state, url) {
   if (!url || !url.startsWith('https://')) {
     return url;
   }
-  const {
-    host, pathname, search, hash,
-  } = new URL(url);
+  const { pathname, search, hash } = new URL(url);
   if (AZURE_BLOB_REGEXP.test(url)) {
     const filename = pathname.split('/').pop();
@@ -221,12 +206,5 @@ export function rewriteUrl(state, url) {
     return `${pathname}${search}${hash}`;
   }
-  if (host === state.config?.host && matchAny(state.config.routes, pathname)) {
-    if (hash && pathname === state.info?.path) {
-      return hash;
-    }
-    return `${pathname}${search}${hash}`;
-  }
   return url;
 }

package/src/utils/auth-cookie.js CHANGED Viewed

@@ -11,21 +11,21 @@
  */
 import { parse, serialize } from 'cookie';
-export function clearAuthCookie() {
+export function clearAuthCookie(secure) {
   return serialize('hlx-auth-token', '', {
     path: '/',
     httpOnly: true,
-    secure: true,
+    secure,
     expires: new Date(0),
     sameSite: 'lax',
   });
 }
-export function setAuthCookie(idToken) {
+export function setAuthCookie(idToken, secure) {
   return serialize('hlx-auth-token', idToken, {
     path: '/',
     httpOnly: true,
-    secure: true,
+    secure,
     sameSite: 'lax',
   });
 }

package/src/utils/auth.js CHANGED Viewed

@@ -91,7 +91,8 @@ function getRequestHostAndProto(state, req) {
   if (!host) {
     host = state.config.host;
   }
-  const proto = req.headers.get('x-forwarded-proto') || 'https';
+  // fastly overrides the x-forwarded-proto, so we use x-forwarded-scheme
+  const proto = req.headers.get('x-forwarded-scheme') || req.headers.get('x-forwarded-proto') || 'https';
   state.log.info(`request host is: ${host} (${proto})`);
   return {
     host,
@@ -218,7 +219,7 @@ export class AuthInfo {
     res.status = 302;
     res.body = '';
     res.headers.set('location', url.href);
-    res.headers.set('set-cookie', clearAuthCookie());
+    res.headers.set('set-cookie', clearAuthCookie(proto === 'https'));
     res.headers.set('cache-control', 'no-store, private, must-revalidate');
     res.error = 'moved';
   }
@@ -299,12 +300,12 @@ export class AuthInfo {
     // ctx.attributes.authInfo?.withCookieInvalid(false);
     const location = state.createExternalLocation(req.params.state.requestPath || '/');
-    log.info('[auth] redirecting to home page with id_token cookie', location);
+    log.info('[auth] redirecting to original page with hlx-auth-token cookie: ', location);
     res.status = 302;
     res.body = `please go to <a href="${location}">${location}</a>`;
     res.headers.set('location', location);
     res.headers.set('content-tye', 'text/plain');
-    res.headers.set('set-cookie', setAuthCookie(idToken));
+    res.headers.set('set-cookie', setAuthCookie(idToken, req.params.state.requestProto === 'https'));
     res.headers.set('cache-control', 'no-store, private, must-revalidate');
     res.error = 'moved';
   }