npm - @angular/ssr - Versions diffs - 21.2.7 → 21.2.9 - Mend

@angular/ssr 21.2.7 → 21.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/fesm2022/_validation-chunk.mjs +57 -78
package/fesm2022/_validation-chunk.mjs.map +1 -1
package/fesm2022/node.mjs +34 -21
package/fesm2022/node.mjs.map +1 -1
package/fesm2022/ssr.mjs +19 -24
package/fesm2022/ssr.mjs.map +1 -1
package/package.json +7 -7
package/third_party/beasties/THIRD_PARTY_LICENSES.txt +1 -1
package/third_party/beasties/index.js +128 -41
package/third_party/beasties/index.js.map +1 -1
package/types/_app-engine-chunk.d.ts +19 -0
package/types/node.d.ts +9 -1

package/fesm2022/ssr.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-import { validateRequest, cloneRequestAndPatchHeaders } from './_validation-chunk.mjs';
+import { normalizeTrustProxyHeaders, sanitizeRequestHeaders, validateRequest } from './_validation-chunk.mjs';
 import { APP_BASE_HREF, PlatformLocation } from '@angular/common';
 import { ɵConsole as _Console, ApplicationRef, REQUEST, makeEnvironmentProviders, provideEnvironmentInitializer, inject, InjectionToken, ɵENABLE_ROOT_COMPONENT_BOOTSTRAP as _ENABLE_ROOT_COMPONENT_BOOTSTRAP, Compiler, createEnvironmentInjector, EnvironmentInjector, runInInjectionContext, ɵresetCompiledComponents as _resetCompiledComponents, REQUEST_CONTEXT, RESPONSE_INIT, LOCALE_ID } from '@angular/core';
 import { platformServer, INITIAL_CONFIG, ɵSERVER_CONTEXT as _SERVER_CONTEXT, ɵrenderInternal as _renderInternal, provideServerRendering as provideServerRendering$1 } from '@angular/platform-server';
@@ -166,12 +166,12 @@ async function renderAngular(html, bootstrap, url, platformProviders, serverCont
         search,
         hash
       } = envInjector.get(PlatformLocation);
-      const finalUrl = constructDecodedUrl({
+      const finalUrl = constructSerializedUrl(router, {
         pathname,
         search,
         hash
       }, requestPrefix);
-      const urlToRenderString = constructDecodedUrl(urlToRender, requestPrefix);
+      const urlToRenderString = constructSerializedUrl(router, urlToRender, requestPrefix);
       if (urlToRenderString !== finalUrl) {
         redirectTo = [pathname, search, hash].join('');
       }
@@ -207,7 +207,7 @@ function asyncDestroyPlatform(platformRef) {
     }, 0);
   });
 }
-function constructDecodedUrl(url, prefix) {
+function constructSerializedUrl(router, url, prefix) {
   const {
     pathname,
     hash,
@@ -220,7 +220,8 @@ function constructDecodedUrl(url, prefix) {
     urlParts.push(stripTrailingSlash(pathname));
   }
   urlParts.push(search, hash);
-  return decodeURIComponent(urlParts.join(''));
+  const urlTree = router.parseUrl(urlParts.join(''));
+  return router.serializeUrl(urlTree);
 }
 function promiseWithAbort(promise, signal, errorMessagePrefix) {
@@ -386,7 +387,7 @@ class RouteTree {
     }
   }
   getPathSegments(route) {
-    return route.split('/').filter(Boolean);
+    return route.split('/').filter(Boolean).map(decodeURIComponent);
   }
   traverseBySegments(segments, node = this.root, currentIndex = 0) {
     if (currentIndex >= segments.length) {
@@ -939,7 +940,6 @@ class ServerRouter {
       pathname
     } = stripIndexHtmlFromURL(url);
     pathname = stripMatrixParams(pathname);
-    pathname = decodeURIComponent(pathname);
     return this.routeTree.match(pathname);
   }
 }
@@ -1176,8 +1176,7 @@ class AngularServerApp {
       redirectTo,
       status,
       renderMode,
-      headers
-    } = matchedRoute;
+      headers} = matchedRoute;
     if (redirectTo !== undefined) {
       return createRedirectResponse(joinUrlParts(request.headers.get('X-Forwarded-Prefix') ?? '', buildPathWithParams(redirectTo, url.pathname)), status, headers);
     }
@@ -1492,9 +1491,11 @@ class AngularAppEngine {
   manifest = getAngularAppEngineManifest();
   allowedHosts;
   supportedLocales = Object.keys(this.manifest.supportedLocales);
+  trustProxyHeaders;
   entryPointsCache = new Map();
   constructor(options) {
     this.allowedHosts = this.getAllowedHosts(options);
+    this.trustProxyHeaders = normalizeTrustProxyHeaders(options?.trustProxyHeaders);
   }
   getAllowedHosts(options) {
     const allowedHosts = new Set([...(options?.allowedHosts ?? []), ...this.manifest.allowedHosts]);
@@ -1505,27 +1506,21 @@ class AngularAppEngine {
   }
   async handle(request, requestContext) {
     const allowedHost = this.allowedHosts;
-    const disableAllowedHostsCheck = AngularAppEngine.ɵdisableAllowedHostsCheck;
+    const {
+      request: securedRequest,
+      deoptToCSR
+    } = sanitizeRequestHeaders(request, this.trustProxyHeaders);
     try {
-      validateRequest(request, allowedHost, disableAllowedHostsCheck);
+      validateRequest(securedRequest, allowedHost, AngularAppEngine.ɵdisableAllowedHostsCheck);
     } catch (error) {
-      return this.handleValidationError(error, request);
+      return this.handleValidationError(error, securedRequest);
     }
-    const {
-      request: securedRequest,
-      onError: onHeaderValidationError
-    } = disableAllowedHostsCheck ? {
-      request,
-      onError: null
-    } : cloneRequestAndPatchHeaders(request, allowedHost);
     const serverApp = await this.getAngularServerAppForRequest(securedRequest);
     if (serverApp) {
-      const promises = [];
-      if (onHeaderValidationError) {
-        promises.push(onHeaderValidationError.then(error => this.handleValidationError(error, securedRequest)));
+      if (deoptToCSR) {
+        return serverApp.serveClientSidePage();
       }
-      promises.push(serverApp.handle(securedRequest, requestContext));
-      return Promise.race(promises);
+      return serverApp.handle(securedRequest, requestContext);
     }
     if (this.supportedLocales.length > 1) {
       return this.redirectBasedOnAcceptLanguage(securedRequest);