@aiyiran/myclaw 1.0.191 → 1.0.193
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/patch.js +45 -0
package/package.json
CHANGED
package/patch.js
CHANGED
|
@@ -246,6 +246,51 @@ function patch() {
|
|
|
246
246
|
console.error('[myclaw-patch] ⚠ Permissions-Policy 修复失败 (非致命): ' + err.message);
|
|
247
247
|
}
|
|
248
248
|
|
|
249
|
+
// 8. Patch X-Frame-Options + frame-ancestors(允许同域 iframe 嵌入)
|
|
250
|
+
try {
|
|
251
|
+
const distParent = path.resolve(uiDir, '..');
|
|
252
|
+
const distFiles = fs.readdirSync(distParent);
|
|
253
|
+
let framePatched = false;
|
|
254
|
+
|
|
255
|
+
for (const f of distFiles) {
|
|
256
|
+
if (f.endsWith('.js' + BACKUP_SUFFIX)) continue; // 跳过备份文件
|
|
257
|
+
const isTarget = (f.startsWith('gateway-cli-') || f.startsWith('server-')) && f.endsWith('.js');
|
|
258
|
+
if (!isTarget) continue;
|
|
259
|
+
|
|
260
|
+
const filePath = path.join(distParent, f);
|
|
261
|
+
let content = fs.readFileSync(filePath, 'utf8');
|
|
262
|
+
let modified = false;
|
|
263
|
+
|
|
264
|
+
// X-Frame-Options: DENY → SAMEORIGIN
|
|
265
|
+
if (content.includes('"DENY"')) {
|
|
266
|
+
const backupFile = filePath + BACKUP_SUFFIX;
|
|
267
|
+
if (!fs.existsSync(backupFile)) {
|
|
268
|
+
fs.copyFileSync(filePath, backupFile);
|
|
269
|
+
}
|
|
270
|
+
content = content.replace(/"X-Frame-Options",\s*"DENY"/g, '"X-Frame-Options", "SAMEORIGIN"');
|
|
271
|
+
modified = true;
|
|
272
|
+
}
|
|
273
|
+
|
|
274
|
+
// frame-ancestors 'none' → 'self'
|
|
275
|
+
if (content.includes("'none'") && content.includes("frame-ancestors")) {
|
|
276
|
+
content = content.replace(/frame-ancestors\s*'none'/g, "frame-ancestors 'self'");
|
|
277
|
+
modified = true;
|
|
278
|
+
}
|
|
279
|
+
|
|
280
|
+
if (modified) {
|
|
281
|
+
fs.writeFileSync(filePath, content, 'utf8');
|
|
282
|
+
console.log('[myclaw-patch] ✅ 已修复 iframe 安全头 (X-Frame-Options + frame-ancestors): ' + f);
|
|
283
|
+
framePatched = true;
|
|
284
|
+
}
|
|
285
|
+
}
|
|
286
|
+
|
|
287
|
+
if (!framePatched) {
|
|
288
|
+
console.log('[myclaw-patch] ⚠ 未找到 iframe 安全头配置');
|
|
289
|
+
}
|
|
290
|
+
} catch (err) {
|
|
291
|
+
console.error('[myclaw-patch] ⚠ iframe 安全头修复失败 (非致命): ' + err.message);
|
|
292
|
+
}
|
|
293
|
+
|
|
249
294
|
console.log('[myclaw-patch] ✅ 注入完成,重启 Gateway 后生效');
|
|
250
295
|
return { success: true, uiDir: uiDir, version: version };
|
|
251
296
|
}
|