@angular/ssr 22.0.0-next.6 → 22.0.0-next.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/fesm2022/_validation-chunk.mjs +47 -83
- package/fesm2022/_validation-chunk.mjs.map +1 -1
- package/fesm2022/node.mjs +36 -22
- package/fesm2022/node.mjs.map +1 -1
- package/fesm2022/ssr.mjs +13 -23
- package/fesm2022/ssr.mjs.map +1 -1
- package/package.json +7 -7
- package/third_party/beasties/index.js +54 -17
- package/third_party/beasties/index.js.map +1 -1
- package/types/_app-engine-chunk.d.ts +22 -0
- package/types/node.d.ts +20 -1
|
@@ -67,6 +67,24 @@ interface AngularAppEngineOptions {
|
|
|
67
67
|
* A set of allowed hostnames for the server application.
|
|
68
68
|
*/
|
|
69
69
|
allowedHosts?: readonly string[];
|
|
70
|
+
/**
|
|
71
|
+
* Extends the scope of trusted proxy headers (`X-Forwarded-*`).
|
|
72
|
+
*
|
|
73
|
+
* @remarks
|
|
74
|
+
* **This is a security-sensitive option!**
|
|
75
|
+
*
|
|
76
|
+
* When `trustProxyHeaders` is enabled, request headers such as `X-Forwarded-Host` and
|
|
77
|
+
* `X-Forwarded-Prefix` are trusted by the server and used for routing. These
|
|
78
|
+
* headers must be strictly validated and provided by a trusted client (e.g., at a reverse proxy, load
|
|
79
|
+
* balancer, or API gateway) and must *not* be provided by untrusted end users.
|
|
80
|
+
*
|
|
81
|
+
* If a `string[]` is provided, only those proxy headers are allowed.
|
|
82
|
+
* If `true`, all proxy headers are allowed.
|
|
83
|
+
* If `false` or not provided, proxy headers are ignored.
|
|
84
|
+
*
|
|
85
|
+
* @default false
|
|
86
|
+
*/
|
|
87
|
+
trustProxyHeaders?: boolean | readonly string[];
|
|
70
88
|
}
|
|
71
89
|
/**
|
|
72
90
|
* Angular server application engine.
|
|
@@ -114,6 +132,10 @@ declare class AngularAppEngine {
|
|
|
114
132
|
* A map of supported locales from the server application's manifest.
|
|
115
133
|
*/
|
|
116
134
|
private readonly supportedLocales;
|
|
135
|
+
/**
|
|
136
|
+
* The normalized allowed proxy headers.
|
|
137
|
+
*/
|
|
138
|
+
private readonly trustProxyHeaders;
|
|
117
139
|
/**
|
|
118
140
|
* A cache that holds entry points, keyed by their potential locale string.
|
|
119
141
|
*/
|
package/types/node.d.ts
CHANGED
|
@@ -4,6 +4,10 @@ import { IncomingMessage, ServerResponse } from 'node:http';
|
|
|
4
4
|
import { Http2ServerRequest, Http2ServerResponse } from 'node:http2';
|
|
5
5
|
import { AngularAppEngineOptions } from './_app-engine-chunk.js';
|
|
6
6
|
|
|
7
|
+
/**
|
|
8
|
+
* @deprecated Use `AngularNodeAppEngine` or `AngularAppEngine` instead.
|
|
9
|
+
* Deprecated since v22.
|
|
10
|
+
*/
|
|
7
11
|
interface CommonEngineOptions {
|
|
8
12
|
/** A method that when invoked returns a promise that returns an `ApplicationRef` instance once resolved or an NgModule. */
|
|
9
13
|
bootstrap?: Type<{}> | ((context: BootstrapContext) => Promise<ApplicationRef>);
|
|
@@ -14,6 +18,10 @@ interface CommonEngineOptions {
|
|
|
14
18
|
/** A set of hostnames that are allowed to access the server. */
|
|
15
19
|
allowedHosts?: readonly string[];
|
|
16
20
|
}
|
|
21
|
+
/**
|
|
22
|
+
* @deprecated Use `AngularNodeAppEngine` or `AngularAppEngine` instead.
|
|
23
|
+
* Deprecated since v22.
|
|
24
|
+
*/
|
|
17
25
|
interface CommonEngineRenderOptions {
|
|
18
26
|
/** A method that when invoked returns a promise that returns an `ApplicationRef` instance once resolved or an NgModule. */
|
|
19
27
|
bootstrap?: Type<{}> | ((context: BootstrapContext) => Promise<ApplicationRef>);
|
|
@@ -35,6 +43,9 @@ interface CommonEngineRenderOptions {
|
|
|
35
43
|
}
|
|
36
44
|
/**
|
|
37
45
|
* A common engine to use to server render an application.
|
|
46
|
+
*
|
|
47
|
+
* @deprecated Use `AngularNodeAppEngine` or `AngularAppEngine` instead.
|
|
48
|
+
* Deprecated since v22.
|
|
38
49
|
*/
|
|
39
50
|
declare class CommonEngine {
|
|
40
51
|
private options?;
|
|
@@ -70,6 +81,7 @@ interface AngularNodeAppEngineOptions extends AngularAppEngineOptions {
|
|
|
70
81
|
*/
|
|
71
82
|
declare class AngularNodeAppEngine {
|
|
72
83
|
private readonly angularAppEngine;
|
|
84
|
+
private readonly trustProxyHeaders?;
|
|
73
85
|
/**
|
|
74
86
|
* Creates a new instance of the Angular Node.js server application engine.
|
|
75
87
|
* @param options Options for the Angular Node.js server application engine.
|
|
@@ -180,9 +192,16 @@ declare function writeResponseToNodeResponse(source: Response, destination: Serv
|
|
|
180
192
|
* be used by web platform APIs.
|
|
181
193
|
*
|
|
182
194
|
* @param nodeRequest - The Node.js request object (`IncomingMessage` or `Http2ServerRequest`) to convert.
|
|
195
|
+
* @param trustProxyHeaders - A boolean or an array of proxy headers to trust when constructing the request URL.
|
|
196
|
+
*
|
|
197
|
+
* @remarks
|
|
198
|
+
* When `trustProxyHeaders` is enabled, headers such as `X-Forwarded-Host` and
|
|
199
|
+
* `X-Forwarded-Prefix` should ideally be strictly validated at a higher infrastructure
|
|
200
|
+
* level (e.g., at the reverse proxy or API gateway) before reaching the application.
|
|
201
|
+
*
|
|
183
202
|
* @returns A Web Standard `Request` object.
|
|
184
203
|
*/
|
|
185
|
-
declare function createWebRequestFromNodeRequest(nodeRequest: IncomingMessage | Http2ServerRequest): Request;
|
|
204
|
+
declare function createWebRequestFromNodeRequest(nodeRequest: IncomingMessage | Http2ServerRequest, trustProxyHeaders?: boolean | readonly string[]): Request;
|
|
186
205
|
|
|
187
206
|
/**
|
|
188
207
|
* Determines whether the provided URL represents the main entry point module.
|