npm - @appwarden/middleware - Versions diffs - 3.10.0 → 3.10.2 - Mend

@appwarden/middleware 3.10.0 → 3.10.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/README.md +4 -4
package/{chunk-UIIYORBW.js → chunk-2WPLLVUI.js} +33 -1
package/chunk-K7ZIT3FM.js +86 -0
package/{chunk-Z7FIMIZS.js → chunk-KE2UVIYR.js} +2 -2
package/{chunk-QGXPAVOA.js → chunk-QUVGY2YI.js} +1 -1
package/{chunk-MYIKUPTR.js → chunk-ZOYE6D3A.js} +3 -3
package/cloudflare/astro.d.ts +1 -1
package/cloudflare/astro.js +5 -5
package/cloudflare/nextjs.d.ts +1 -1
package/cloudflare/nextjs.js +5 -5
package/cloudflare/react-router.d.ts +1 -1
package/cloudflare/react-router.js +5 -5
package/cloudflare/tanstack-start.js +5 -5
package/{cloudflare-PE3JKP3X.js → cloudflare-JVRRPVRP.js} +1 -1
package/cloudflare.d.ts +2 -2
package/cloudflare.js +9 -11
package/index.d.ts +1 -1
package/index.js +3 -3
package/package.json +1 -1
package/{use-content-security-policy-UMl4Biie.d.ts → use-content-security-policy-DpmIa2tk.d.ts} +1 -1
package/vercel.js +3 -3
package/chunk-VSCXTBP6.js +0 -50

package/README.md CHANGED Viewed

@@ -4,7 +4,7 @@
 [![GitHub](https://img.shields.io/badge/GitHub-appwarden%2Fmiddleware-181717?logo=github&logoColor=white)](https://github.com/appwarden/middleware)
 [![npm version](https://img.shields.io/npm/v/@appwarden/middleware.svg)](https://www.npmjs.com/package/@appwarden/middleware)
 [![npm provenance](https://img.shields.io/badge/npm-provenance-green)](https://docs.npmjs.com/generating-provenance-statements)
-![Test Coverage](https://img.shields.io/badge/coverage-92.72%25-brightgreen)
+![Test Coverage](https://img.shields.io/badge/coverage-92.9%25-brightgreen)
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
 ## Core Features
@@ -112,7 +112,7 @@ import { createAppwardenMiddleware } from "@appwarden/middleware/cloudflare"
 const appwardenHandler = createAppwardenMiddleware((cloudflare) => ({
   debug: cloudflare.env.DEBUG,
-  lockPageSlug: cloudflare.env.LOCK_PAGE_SLUG,
+  lockPageSlug: cloudflare.env.APPWARDEN_LOCK_PAGE_SLUG,
   appwardenApiToken: cloudflare.env.APPWARDEN_API_TOKEN,
   contentSecurityPolicy: {
     mode: cloudflare.env.CSP_MODE,
@@ -143,7 +143,7 @@ import { sequence } from "astro:middleware"
 import { createAppwardenMiddleware } from "@appwarden/middleware/cloudflare/astro"
 const appwarden = createAppwardenMiddleware((cloudflare) => ({
-  lockPageSlug: cloudflare.env.LOCK_PAGE_SLUG,
+  lockPageSlug: cloudflare.env.APPWARDEN_LOCK_PAGE_SLUG,
   appwardenApiToken: cloudflare.env.APPWARDEN_API_TOKEN,
   debug: cloudflare.env.DEBUG,
   contentSecurityPolicy: {
@@ -230,7 +230,7 @@ export const config = {
 }
 export default createAppwardenMiddleware((cloudflare) => ({
-  lockPageSlug: cloudflare.env.LOCK_PAGE_SLUG,
+  lockPageSlug: cloudflare.env.APPWARDEN_LOCK_PAGE_SLUG,
   appwardenApiToken: cloudflare.env.APPWARDEN_API_TOKEN,
   debug: cloudflare.env.DEBUG,
   // Headers-only CSP (no HTML rewriting, no nonce support; do not use `{{nonce}}` here)

package/{chunk-UIIYORBW.js → chunk-2WPLLVUI.js} RENAMED Viewed

@@ -45,7 +45,39 @@ function isHTMLResponse(response) {
   return response.headers.get("Content-Type")?.includes("text/html") ?? false;
 }
 function isHTMLRequest(request) {
-  return request.headers.get("accept")?.includes("text/html") ?? false;
+  const accept = request.headers.get("accept");
+  if (!accept) {
+    return false;
+  }
+  const normalizedAccept = accept.toLowerCase();
+  const isWildcardOnlyAccept = (value) => {
+    const mediaRanges2 = value.split(",");
+    let hasNonEmptyRange = false;
+    for (const range of mediaRanges2) {
+      const [typeSubtype] = range.split(";");
+      const trimmed = typeSubtype.trim();
+      if (!trimmed) {
+        continue;
+      }
+      hasNonEmptyRange = true;
+      if (trimmed !== "*/*" && trimmed !== "*") {
+        return false;
+      }
+    }
+    return hasNonEmptyRange;
+  };
+  if (isWildcardOnlyAccept(normalizedAccept)) {
+    return false;
+  }
+  const mediaRanges = normalizedAccept.split(",");
+  for (const range of mediaRanges) {
+    const [typeSubtype] = range.split(";");
+    const token = typeSubtype.trim();
+    if (token === "text/html") {
+      return true;
+    }
+  }
+  return false;
 }
 // src/schemas/use-content-security-policy.ts

package/chunk-K7ZIT3FM.js ADDED Viewed

@@ -0,0 +1,86 @@
+import {
+  UseCSPInputSchema,
+  isHTMLResponse
+} from "./chunk-2WPLLVUI.js";
+import {
+  makeCSPHeader
+} from "./chunk-QUVGY2YI.js";
+// src/middlewares/use-content-security-policy.ts
+var AppendAttribute = (attribute, nonce) => ({
+  element: function(element) {
+    element.setAttribute(attribute, nonce);
+  }
+});
+var useContentSecurityPolicy = (input) => {
+  const parsedInput = UseCSPInputSchema.safeParse(input);
+  if (!parsedInput.success) {
+    throw parsedInput.error;
+  }
+  const config = parsedInput.data;
+  return async (context, next) => {
+    await next();
+    const { response } = context;
+    if (
+      // if the csp is disabled
+      !["enforced", "report-only"].includes(config.mode)
+    ) {
+      context.debug("CSP is disabled");
+      return;
+    }
+    if (response.headers.has("Content-Type") && !isHTMLResponse(response)) {
+      return;
+    }
+    const cspNonce = crypto.randomUUID();
+    const [cspHeaderName, cspHeaderValue] = makeCSPHeader(
+      cspNonce,
+      config.directives,
+      config.mode
+    );
+    context.debug(`Applying CSP in ${config.mode} mode`);
+    const method = context.request.method.toUpperCase();
+    const shouldSkipTransform = !response.body || response.status === 204 || response.status === 304 || method === "HEAD";
+    if (shouldSkipTransform) {
+      context.debug(
+        "Skipping HTMLRewriter transform for response without body or HEAD request"
+      );
+      const nextResponse2 = new Response(null, response);
+      nextResponse2.headers.set(cspHeaderName, cspHeaderValue);
+      const originalContentType2 = response.headers.get("content-type");
+      if (originalContentType2) {
+        if (/charset\s*=/i.test(originalContentType2)) {
+          nextResponse2.headers.set("content-type", originalContentType2);
+        } else {
+          nextResponse2.headers.set(
+            "content-type",
+            `${originalContentType2}; charset=utf-8`
+          );
+        }
+      } else {
+        nextResponse2.headers.set("content-type", "text/html; charset=utf-8");
+      }
+      context.response = nextResponse2;
+      return;
+    }
+    const nextResponse = new Response(response.clone().body, response);
+    nextResponse.headers.set(cspHeaderName, cspHeaderValue);
+    const originalContentType = response.headers.get("content-type");
+    if (originalContentType) {
+      if (/charset\s*=/i.test(originalContentType)) {
+        nextResponse.headers.set("content-type", originalContentType);
+      } else {
+        nextResponse.headers.set(
+          "content-type",
+          `${originalContentType}; charset=utf-8`
+        );
+      }
+    } else {
+      nextResponse.headers.set("content-type", "text/html; charset=utf-8");
+    }
+    context.response = new HTMLRewriter().on("style", AppendAttribute("nonce", cspNonce)).on("script", AppendAttribute("nonce", cspNonce)).transform(nextResponse);
+  };
+};
+export {
+  useContentSecurityPolicy
+};

package/{chunk-Z7FIMIZS.js → chunk-KE2UVIYR.js} RENAMED Viewed

@@ -1,9 +1,9 @@
 import {
   LOCKDOWN_TEST_EXPIRY_MS
-} from "./chunk-UIIYORBW.js";
+} from "./chunk-2WPLLVUI.js";
 import {
   printMessage
-} from "./chunk-QGXPAVOA.js";
+} from "./chunk-QUVGY2YI.js";
 // src/utils/build-lock-page-url.ts
 function normalizeLockPageSlug(lockPageSlug) {

package/{chunk-QGXPAVOA.js → chunk-QUVGY2YI.js} RENAMED Viewed

@@ -210,7 +210,7 @@ var insertErrorLogs = async (context, error) => {
         { html: true }
       );
     }
-  }).transform(await fetch(context.request));
+  }).transform(await fetch(context.request.clone()));
 };
 // src/utils/cloudflare/make-csp-header.ts

package/{chunk-MYIKUPTR.js → chunk-ZOYE6D3A.js} RENAMED Viewed

@@ -1,17 +1,17 @@
 import {
   MemoryCache,
   debug
-} from "./chunk-Z7FIMIZS.js";
+} from "./chunk-KE2UVIYR.js";
 import {
   APPWARDEN_CACHE_KEY,
   APPWARDEN_TEST_ROUTE
-} from "./chunk-UIIYORBW.js";
+} from "./chunk-2WPLLVUI.js";
 import {
   deleteEdgeValue,
   getLockValue,
   store,
   syncEdgeValue
-} from "./chunk-QGXPAVOA.js";
+} from "./chunk-QUVGY2YI.js";
 // src/core/check-lock-status.ts
 var createContext = async (config) => {

package/cloudflare/astro.d.ts CHANGED Viewed

@@ -386,7 +386,7 @@ type AstroConfigFn = (runtime: AstroCloudflareRuntime) => AstroCloudflareConfigI
  * import { createAppwardenMiddleware } from "@appwarden/middleware/astro"
  *
  * const appwarden = createAppwardenMiddleware(({ env }) => ({
- *   lockPageSlug: env.LOCK_PAGE_SLUG,
+ *   lockPageSlug: env.APPWARDEN_LOCK_PAGE_SLUG,
  *   appwardenApiToken: env.APPWARDEN_API_TOKEN,
  * }))
  *

package/cloudflare/astro.js CHANGED Viewed

@@ -3,29 +3,29 @@ import {
 } from "../chunk-XFG6SUSV.js";
 import {
   useContentSecurityPolicy
-} from "../chunk-VSCXTBP6.js";
+} from "../chunk-K7ZIT3FM.js";
 import {
   getNowMs
 } from "../chunk-X7WZVYQS.js";
 import {
   checkLockStatus
-} from "../chunk-MYIKUPTR.js";
+} from "../chunk-ZOYE6D3A.js";
 import {
   TEMPORARY_REDIRECT_STATUS,
   buildLockPageUrl,
   createRedirect,
   debug,
   isOnLockPage
-} from "../chunk-Z7FIMIZS.js";
+} from "../chunk-KE2UVIYR.js";
 import {
   UseCSPInputSchema,
   isHTMLRequest
-} from "../chunk-UIIYORBW.js";
+} from "../chunk-2WPLLVUI.js";
 import {
   AppwardenApiTokenSchema,
   BooleanSchema,
   printMessage
-} from "../chunk-QGXPAVOA.js";
+} from "../chunk-QUVGY2YI.js";
 // src/adapters/astro-cloudflare.ts
 import { waitUntil } from "cloudflare:workers";

package/cloudflare/nextjs.d.ts CHANGED Viewed

@@ -454,7 +454,7 @@ type NextJsMiddlewareFunction = (request: NextRequest, event?: NextFetchEvent) =
  * }
  *
  * export default createAppwardenMiddleware(({ env }) => ({
- *   lockPageSlug: env.LOCK_PAGE_SLUG,
+ *   lockPageSlug: env.APPWARDEN_LOCK_PAGE_SLUG,
  *   appwardenApiToken: env.APPWARDEN_API_TOKEN,
  * }))
  * ```

package/cloudflare/nextjs.js CHANGED Viewed

@@ -3,22 +3,22 @@ import {
 } from "../chunk-X7WZVYQS.js";
 import {
   checkLockStatus
-} from "../chunk-MYIKUPTR.js";
+} from "../chunk-ZOYE6D3A.js";
 import {
   TEMPORARY_REDIRECT_STATUS,
   buildLockPageUrl,
   debug,
   isOnLockPage
-} from "../chunk-Z7FIMIZS.js";
+} from "../chunk-KE2UVIYR.js";
 import {
   UseCSPInputSchema,
   isHTMLRequest
-} from "../chunk-UIIYORBW.js";
+} from "../chunk-2WPLLVUI.js";
 import {
   AppwardenApiTokenSchema,
   BooleanSchema,
   printMessage
-} from "../chunk-QGXPAVOA.js";
+} from "../chunk-QUVGY2YI.js";
 // src/adapters/nextjs-cloudflare.ts
 import {
@@ -101,7 +101,7 @@ function createAppwardenMiddleware(configFn) {
         debugFn(
           `Applying CSP headers in ${config.contentSecurityPolicy.mode} mode`
         );
-        const { makeCSPHeader } = await import("../cloudflare-PE3JKP3X.js");
+        const { makeCSPHeader } = await import("../cloudflare-JVRRPVRP.js");
         const [headerName, headerValue] = makeCSPHeader(
           "",
           config.contentSecurityPolicy.directives,

package/cloudflare/react-router.d.ts CHANGED Viewed

@@ -381,7 +381,7 @@ type ReactRouterMiddlewareFunction = (args: ReactRouterMiddlewareArgs, next: ()
  *
  * export const unstable_middleware = [
  *   createAppwardenMiddleware(() => ({
- *     lockPageSlug: env.LOCK_PAGE_SLUG,
+ *     lockPageSlug: env.APPWARDEN_LOCK_PAGE_SLUG,
  *     appwardenApiToken: env.APPWARDEN_API_TOKEN,
  *   })),
  * ]

package/cloudflare/react-router.js CHANGED Viewed

@@ -3,28 +3,28 @@ import {
 } from "../chunk-XFG6SUSV.js";
 import {
   useContentSecurityPolicy
-} from "../chunk-VSCXTBP6.js";
+} from "../chunk-K7ZIT3FM.js";
 import {
   getNowMs
 } from "../chunk-X7WZVYQS.js";
 import {
   checkLockStatus
-} from "../chunk-MYIKUPTR.js";
+} from "../chunk-ZOYE6D3A.js";
 import {
   buildLockPageUrl,
   createRedirect,
   debug,
   isOnLockPage
-} from "../chunk-Z7FIMIZS.js";
+} from "../chunk-KE2UVIYR.js";
 import {
   UseCSPInputSchema,
   isHTMLRequest
-} from "../chunk-UIIYORBW.js";
+} from "../chunk-2WPLLVUI.js";
 import {
   AppwardenApiTokenSchema,
   BooleanSchema,
   printMessage
-} from "../chunk-QGXPAVOA.js";
+} from "../chunk-QUVGY2YI.js";
 // src/adapters/react-router-cloudflare.ts
 import { waitUntil } from "cloudflare:workers";

package/cloudflare/tanstack-start.js CHANGED Viewed

@@ -3,28 +3,28 @@ import {
 } from "../chunk-XFG6SUSV.js";
 import {
   useContentSecurityPolicy
-} from "../chunk-VSCXTBP6.js";
+} from "../chunk-K7ZIT3FM.js";
 import {
   getNowMs
 } from "../chunk-X7WZVYQS.js";
 import {
   checkLockStatus
-} from "../chunk-MYIKUPTR.js";
+} from "../chunk-ZOYE6D3A.js";
 import {
   buildLockPageUrl,
   createRedirect,
   debug,
   isOnLockPage
-} from "../chunk-Z7FIMIZS.js";
+} from "../chunk-KE2UVIYR.js";
 import {
   UseCSPInputSchema,
   isHTMLRequest
-} from "../chunk-UIIYORBW.js";
+} from "../chunk-2WPLLVUI.js";
 import {
   AppwardenApiTokenSchema,
   BooleanSchema,
   printMessage
-} from "../chunk-QGXPAVOA.js";
+} from "../chunk-QUVGY2YI.js";
 // src/adapters/tanstack-start-cloudflare.ts
 import { waitUntil } from "cloudflare:workers";

package/{cloudflare-PE3JKP3X.js → cloudflare-JVRRPVRP.js} RENAMED Viewed

@@ -11,7 +11,7 @@ import {
   makeCSPHeader,
   store,
   syncEdgeValue
-} from "./chunk-QGXPAVOA.js";
+} from "./chunk-QUVGY2YI.js";
 export {
   CSP_KEYWORDS,
   autoQuoteCSPDirectiveArray,

package/cloudflare.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { B as Bindings } from './use-content-security-policy-UMl4Biie.js';
-export { u as useContentSecurityPolicy } from './use-content-security-policy-UMl4Biie.js';
+import { B as Bindings } from './use-content-security-policy-DpmIa2tk.js';
+export { u as useContentSecurityPolicy } from './use-content-security-policy-DpmIa2tk.js';
 import { z } from 'zod';
 declare const UseAppwardenInputSchema: z.ZodObject<{

package/cloudflare.js CHANGED Viewed

@@ -1,25 +1,25 @@
 import {
   useContentSecurityPolicy
-} from "./chunk-VSCXTBP6.js";
+} from "./chunk-K7ZIT3FM.js";
 import {
   checkLockStatus
-} from "./chunk-MYIKUPTR.js";
+} from "./chunk-ZOYE6D3A.js";
 import {
   buildLockPageUrl,
   createRedirect,
   debug,
   isOnLockPage
-} from "./chunk-Z7FIMIZS.js";
+} from "./chunk-KE2UVIYR.js";
 import {
   UseCSPInputSchema,
   isHTMLRequest
-} from "./chunk-UIIYORBW.js";
+} from "./chunk-2WPLLVUI.js";
 import {
   AppwardenApiTokenSchema,
   BooleanSchema,
   insertErrorLogs,
   printMessage
-} from "./chunk-QGXPAVOA.js";
+} from "./chunk-QUVGY2YI.js";
 // src/runners/appwarden-on-cloudflare.ts
 import { ZodError } from "zod";
@@ -81,6 +81,9 @@ var useAppwarden = (input) => async (context, next) => {
   let shouldCallNext = true;
   try {
     const requestUrl = new URL(request.url);
+    if (request.method.toUpperCase() === "OPTIONS") {
+      return;
+    }
     if (!isHTMLRequest(request)) {
       return;
     }
@@ -121,12 +124,7 @@ var useAppwarden = (input) => async (context, next) => {
 // src/middlewares/use-fetch-origin.ts
 var useFetchOrigin = () => async (context, next) => {
-  context.response = await fetch(
-    new Request(context.request, {
-      ...context.request,
-      redirect: "follow"
-    })
-  );
+  context.response = await fetch(new Request(context.request));
   await next();
 };

package/index.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-export { B as Bindings, C as CSPDirectivesSchema, a as CSPModeSchema, M as Middleware, u as useContentSecurityPolicy } from './use-content-security-policy-UMl4Biie.js';
+export { B as Bindings, C as CSPDirectivesSchema, a as CSPModeSchema, M as Middleware, u as useContentSecurityPolicy } from './use-content-security-policy-DpmIa2tk.js';
 import { z } from 'zod';
 declare const LOCKDOWN_TEST_EXPIRY_MS: number;

package/index.js CHANGED Viewed

@@ -5,14 +5,14 @@ import {
 } from "./chunk-QEFORWCW.js";
 import {
   useContentSecurityPolicy
-} from "./chunk-VSCXTBP6.js";
+} from "./chunk-K7ZIT3FM.js";
 import {
   APPWARDEN_CACHE_KEY,
   CSPDirectivesSchema,
   CSPModeSchema,
   LOCKDOWN_TEST_EXPIRY_MS
-} from "./chunk-UIIYORBW.js";
-import "./chunk-QGXPAVOA.js";
+} from "./chunk-2WPLLVUI.js";
+import "./chunk-QUVGY2YI.js";
 export {
   APPWARDEN_CACHE_KEY,
   CSPDirectivesSchema,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@appwarden/middleware",
-  "version": "3.10.0",
+  "version": "3.10.2",
   "description": "Instantly disable all user interaction with your app deployed on Cloudflare or Vercel",
   "type": "module",
   "license": "MIT",

package/{use-content-security-policy-UMl4Biie.d.ts → use-content-security-policy-DpmIa2tk.d.ts} RENAMED Viewed

@@ -96,7 +96,7 @@ type ContentSecurityPolicyType = z.infer<typeof ContentSecurityPolicySchema>;
  */
 type Bindings = {
     DEBUG?: string | boolean;
-    LOCK_PAGE_SLUG?: string;
+    APPWARDEN_LOCK_PAGE_SLUG?: string;
     CSP_MODE?: "disabled" | "report-only" | "enforced";
     CSP_DIRECTIVES?: string | ContentSecurityPolicyType;
     APPWARDEN_API_TOKEN?: string;

package/vercel.js CHANGED Viewed

@@ -8,7 +8,7 @@ import {
   buildLockPageUrl,
   debug,
   isOnLockPage
-} from "./chunk-Z7FIMIZS.js";
+} from "./chunk-KE2UVIYR.js";
 import {
   APPWARDEN_CACHE_KEY,
   CSPDirectivesSchema,
@@ -16,13 +16,13 @@ import {
   errors,
   globalErrors,
   isHTMLRequest
-} from "./chunk-UIIYORBW.js";
+} from "./chunk-2WPLLVUI.js";
 import {
   LockValue,
   getErrors,
   makeCSPHeader,
   printMessage
-} from "./chunk-QGXPAVOA.js";
+} from "./chunk-QUVGY2YI.js";
 // src/runners/appwarden-on-vercel.ts
 import { waitUntil } from "@vercel/functions";

package/chunk-VSCXTBP6.js DELETED Viewed

@@ -1,50 +0,0 @@
-import {
-  UseCSPInputSchema,
-  isHTMLResponse
-} from "./chunk-UIIYORBW.js";
-import {
-  makeCSPHeader
-} from "./chunk-QGXPAVOA.js";
-// src/middlewares/use-content-security-policy.ts
-var AppendAttribute = (attribute, nonce) => ({
-  element: function(element) {
-    element.setAttribute(attribute, nonce);
-  }
-});
-var useContentSecurityPolicy = (input) => {
-  const parsedInput = UseCSPInputSchema.safeParse(input);
-  if (!parsedInput.success) {
-    throw parsedInput.error;
-  }
-  const config = parsedInput.data;
-  return async (context, next) => {
-    await next();
-    const { response } = context;
-    if (
-      // if the csp is disabled
-      !["enforced", "report-only"].includes(config.mode)
-    ) {
-      context.debug("CSP is disabled");
-      return;
-    }
-    if (response.headers.has("Content-Type") && !isHTMLResponse(response)) {
-      return;
-    }
-    const cspNonce = crypto.randomUUID();
-    const [cspHeaderName, cspHeaderValue] = makeCSPHeader(
-      cspNonce,
-      config.directives,
-      config.mode
-    );
-    context.debug(`Applying CSP in ${config.mode} mode`);
-    const nextResponse = new Response(response.body, response);
-    nextResponse.headers.set(cspHeaderName, cspHeaderValue);
-    nextResponse.headers.set("content-type", "text/html; charset=utf-8");
-    context.response = new HTMLRewriter().on("style", AppendAttribute("nonce", cspNonce)).on("script", AppendAttribute("nonce", cspNonce)).transform(nextResponse);
-  };
-};
-export {
-  useContentSecurityPolicy
-};