@appwarden/middleware 3.10.1 → 3.10.2

package/README.md

@@ -4,7 +4,7 @@
 [![GitHub](https://img.shields.io/badge/GitHub-appwarden%2Fmiddleware-181717?logo=github&logoColor=white)](https://github.com/appwarden/middleware)
 [![npm version](https://img.shields.io/npm/v/@appwarden/middleware.svg)](https://www.npmjs.com/package/@appwarden/middleware)
 [![npm provenance](https://img.shields.io/badge/npm-provenance-green)](https://docs.npmjs.com/generating-provenance-statements)
-![Test Coverage](https://img.shields.io/badge/coverage-92.72%25-brightgreen)
+![Test Coverage](https://img.shields.io/badge/coverage-92.9%25-brightgreen)
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
 
 ## Core Features

package/{chunk-6O25N45F.js → chunk-2WPLLVUI.js}

@@ -51,9 +51,9 @@ function isHTMLRequest(request) {
   }
   const normalizedAccept = accept.toLowerCase();
   const isWildcardOnlyAccept = (value) => {
-    const mediaRanges = value.split(",");
+    const mediaRanges2 = value.split(",");
     let hasNonEmptyRange = false;
-    for (const range of mediaRanges) {
+    for (const range of mediaRanges2) {
       const [typeSubtype] = range.split(";");
       const trimmed = typeSubtype.trim();
       if (!trimmed) {
@@ -69,7 +69,15 @@ function isHTMLRequest(request) {
   if (isWildcardOnlyAccept(normalizedAccept)) {
     return false;
   }
-  return normalizedAccept.includes("text/html");
+  const mediaRanges = normalizedAccept.split(",");
+  for (const range of mediaRanges) {
+    const [typeSubtype] = range.split(";");
+    const token = typeSubtype.trim();
+    if (token === "text/html") {
+      return true;
+    }
+  }
+  return false;
 }
 
 // src/schemas/use-content-security-policy.ts

package/chunk-K7ZIT3FM.js

@@ -0,0 +1,86 @@
+import {
+  UseCSPInputSchema,
+  isHTMLResponse
+} from "./chunk-2WPLLVUI.js";
+import {
+  makeCSPHeader
+} from "./chunk-QUVGY2YI.js";
+
+// src/middlewares/use-content-security-policy.ts
+var AppendAttribute = (attribute, nonce) => ({
+  element: function(element) {
+    element.setAttribute(attribute, nonce);
+  }
+});
+var useContentSecurityPolicy = (input) => {
+  const parsedInput = UseCSPInputSchema.safeParse(input);
+  if (!parsedInput.success) {
+    throw parsedInput.error;
+  }
+  const config = parsedInput.data;
+  return async (context, next) => {
+    await next();
+    const { response } = context;
+    if (
+      // if the csp is disabled
+      !["enforced", "report-only"].includes(config.mode)
+    ) {
+      context.debug("CSP is disabled");
+      return;
+    }
+    if (response.headers.has("Content-Type") && !isHTMLResponse(response)) {
+      return;
+    }
+    const cspNonce = crypto.randomUUID();
+    const [cspHeaderName, cspHeaderValue] = makeCSPHeader(
+      cspNonce,
+      config.directives,
+      config.mode
+    );
+    context.debug(`Applying CSP in ${config.mode} mode`);
+    const method = context.request.method.toUpperCase();
+    const shouldSkipTransform = !response.body || response.status === 204 || response.status === 304 || method === "HEAD";
+    if (shouldSkipTransform) {
+      context.debug(
+        "Skipping HTMLRewriter transform for response without body or HEAD request"
+      );
+      const nextResponse2 = new Response(null, response);
+      nextResponse2.headers.set(cspHeaderName, cspHeaderValue);
+      const originalContentType2 = response.headers.get("content-type");
+      if (originalContentType2) {
+        if (/charset\s*=/i.test(originalContentType2)) {
+          nextResponse2.headers.set("content-type", originalContentType2);
+        } else {
+          nextResponse2.headers.set(
+            "content-type",
+            `${originalContentType2}; charset=utf-8`
+          );
+        }
+      } else {
+        nextResponse2.headers.set("content-type", "text/html; charset=utf-8");
+      }
+      context.response = nextResponse2;
+      return;
+    }
+    const nextResponse = new Response(response.clone().body, response);
+    nextResponse.headers.set(cspHeaderName, cspHeaderValue);
+    const originalContentType = response.headers.get("content-type");
+    if (originalContentType) {
+      if (/charset\s*=/i.test(originalContentType)) {
+        nextResponse.headers.set("content-type", originalContentType);
+      } else {
+        nextResponse.headers.set(
+          "content-type",
+          `${originalContentType}; charset=utf-8`
+        );
+      }
+    } else {
+      nextResponse.headers.set("content-type", "text/html; charset=utf-8");
+    }
+    context.response = new HTMLRewriter().on("style", AppendAttribute("nonce", cspNonce)).on("script", AppendAttribute("nonce", cspNonce)).transform(nextResponse);
+  };
+};
+
+export {
+  useContentSecurityPolicy
+};

package/{chunk-HIGZSGKS.js → chunk-KE2UVIYR.js}

@@ -1,9 +1,9 @@
 import {
   LOCKDOWN_TEST_EXPIRY_MS
-} from "./chunk-6O25N45F.js";
+} from "./chunk-2WPLLVUI.js";
 import {
   printMessage
-} from "./chunk-QGXPAVOA.js";
+} from "./chunk-QUVGY2YI.js";
 
 // src/utils/build-lock-page-url.ts
 function normalizeLockPageSlug(lockPageSlug) {

package/{chunk-QGXPAVOA.js → chunk-QUVGY2YI.js}

@@ -210,7 +210,7 @@ var insertErrorLogs = async (context, error) => {
         { html: true }
       );
     }
-  }).transform(await fetch(context.request));
+  }).transform(await fetch(context.request.clone()));
 };
 
 // src/utils/cloudflare/make-csp-header.ts

package/{chunk-TASPCREA.js → chunk-ZOYE6D3A.js}

@@ -1,17 +1,17 @@
 import {
   MemoryCache,
   debug
-} from "./chunk-HIGZSGKS.js";
+} from "./chunk-KE2UVIYR.js";
 import {
   APPWARDEN_CACHE_KEY,
   APPWARDEN_TEST_ROUTE
-} from "./chunk-6O25N45F.js";
+} from "./chunk-2WPLLVUI.js";
 import {
   deleteEdgeValue,
   getLockValue,
   store,
   syncEdgeValue
-} from "./chunk-QGXPAVOA.js";
+} from "./chunk-QUVGY2YI.js";
 
 // src/core/check-lock-status.ts
 var createContext = async (config) => {

package/cloudflare/astro.js

@@ -3,29 +3,29 @@ import {
 } from "../chunk-XFG6SUSV.js";
 import {
   useContentSecurityPolicy
-} from "../chunk-ZQNXNGLV.js";
+} from "../chunk-K7ZIT3FM.js";
 import {
   getNowMs
 } from "../chunk-X7WZVYQS.js";
 import {
   checkLockStatus
-} from "../chunk-TASPCREA.js";
+} from "../chunk-ZOYE6D3A.js";
 import {
   TEMPORARY_REDIRECT_STATUS,
   buildLockPageUrl,
   createRedirect,
   debug,
   isOnLockPage
-} from "../chunk-HIGZSGKS.js";
+} from "../chunk-KE2UVIYR.js";
 import {
   UseCSPInputSchema,
   isHTMLRequest
-} from "../chunk-6O25N45F.js";
+} from "../chunk-2WPLLVUI.js";
 import {
   AppwardenApiTokenSchema,
   BooleanSchema,
   printMessage
-} from "../chunk-QGXPAVOA.js";
+} from "../chunk-QUVGY2YI.js";
 
 // src/adapters/astro-cloudflare.ts
 import { waitUntil } from "cloudflare:workers";

package/cloudflare/nextjs.js

@@ -3,22 +3,22 @@ import {
 } from "../chunk-X7WZVYQS.js";
 import {
   checkLockStatus
-} from "../chunk-TASPCREA.js";
+} from "../chunk-ZOYE6D3A.js";
 import {
   TEMPORARY_REDIRECT_STATUS,
   buildLockPageUrl,
   debug,
   isOnLockPage
-} from "../chunk-HIGZSGKS.js";
+} from "../chunk-KE2UVIYR.js";
 import {
   UseCSPInputSchema,
   isHTMLRequest
-} from "../chunk-6O25N45F.js";
+} from "../chunk-2WPLLVUI.js";
 import {
   AppwardenApiTokenSchema,
   BooleanSchema,
   printMessage
-} from "../chunk-QGXPAVOA.js";
+} from "../chunk-QUVGY2YI.js";
 
 // src/adapters/nextjs-cloudflare.ts
 import {
@@ -101,7 +101,7 @@ function createAppwardenMiddleware(configFn) {
         debugFn(
           `Applying CSP headers in ${config.contentSecurityPolicy.mode} mode`
         );
-        const { makeCSPHeader } = await import("../cloudflare-PE3JKP3X.js");
+        const { makeCSPHeader } = await import("../cloudflare-JVRRPVRP.js");
         const [headerName, headerValue] = makeCSPHeader(
           "",
           config.contentSecurityPolicy.directives,

package/cloudflare/react-router.js

@@ -3,28 +3,28 @@ import {
 } from "../chunk-XFG6SUSV.js";
 import {
   useContentSecurityPolicy
-} from "../chunk-ZQNXNGLV.js";
+} from "../chunk-K7ZIT3FM.js";
 import {
   getNowMs
 } from "../chunk-X7WZVYQS.js";
 import {
   checkLockStatus
-} from "../chunk-TASPCREA.js";
+} from "../chunk-ZOYE6D3A.js";
 import {
   buildLockPageUrl,
   createRedirect,
   debug,
   isOnLockPage
-} from "../chunk-HIGZSGKS.js";
+} from "../chunk-KE2UVIYR.js";
 import {
   UseCSPInputSchema,
   isHTMLRequest
-} from "../chunk-6O25N45F.js";
+} from "../chunk-2WPLLVUI.js";
 import {
   AppwardenApiTokenSchema,
   BooleanSchema,
   printMessage
-} from "../chunk-QGXPAVOA.js";
+} from "../chunk-QUVGY2YI.js";
 
 // src/adapters/react-router-cloudflare.ts
 import { waitUntil } from "cloudflare:workers";

package/cloudflare/tanstack-start.js

@@ -3,28 +3,28 @@ import {
 } from "../chunk-XFG6SUSV.js";
 import {
   useContentSecurityPolicy
-} from "../chunk-ZQNXNGLV.js";
+} from "../chunk-K7ZIT3FM.js";
 import {
   getNowMs
 } from "../chunk-X7WZVYQS.js";
 import {
   checkLockStatus
-} from "../chunk-TASPCREA.js";
+} from "../chunk-ZOYE6D3A.js";
 import {
   buildLockPageUrl,
   createRedirect,
   debug,
   isOnLockPage
-} from "../chunk-HIGZSGKS.js";
+} from "../chunk-KE2UVIYR.js";
 import {
   UseCSPInputSchema,
   isHTMLRequest
-} from "../chunk-6O25N45F.js";
+} from "../chunk-2WPLLVUI.js";
 import {
   AppwardenApiTokenSchema,
   BooleanSchema,
   printMessage
-} from "../chunk-QGXPAVOA.js";
+} from "../chunk-QUVGY2YI.js";
 
 // src/adapters/tanstack-start-cloudflare.ts
 import { waitUntil } from "cloudflare:workers";

package/{cloudflare-PE3JKP3X.js → cloudflare-JVRRPVRP.js}

@@ -11,7 +11,7 @@ import {
   makeCSPHeader,
   store,
   syncEdgeValue
-} from "./chunk-QGXPAVOA.js";
+} from "./chunk-QUVGY2YI.js";
 export {
   CSP_KEYWORDS,
   autoQuoteCSPDirectiveArray,

package/cloudflare.js

@@ -1,25 +1,25 @@
 import {
   useContentSecurityPolicy
-} from "./chunk-ZQNXNGLV.js";
+} from "./chunk-K7ZIT3FM.js";
 import {
   checkLockStatus
-} from "./chunk-TASPCREA.js";
+} from "./chunk-ZOYE6D3A.js";
 import {
   buildLockPageUrl,
   createRedirect,
   debug,
   isOnLockPage
-} from "./chunk-HIGZSGKS.js";
+} from "./chunk-KE2UVIYR.js";
 import {
   UseCSPInputSchema,
   isHTMLRequest
-} from "./chunk-6O25N45F.js";
+} from "./chunk-2WPLLVUI.js";
 import {
   AppwardenApiTokenSchema,
   BooleanSchema,
   insertErrorLogs,
   printMessage
-} from "./chunk-QGXPAVOA.js";
+} from "./chunk-QUVGY2YI.js";
 
 // src/runners/appwarden-on-cloudflare.ts
 import { ZodError } from "zod";
@@ -81,6 +81,9 @@ var useAppwarden = (input) => async (context, next) => {
   let shouldCallNext = true;
   try {
     const requestUrl = new URL(request.url);
+    if (request.method.toUpperCase() === "OPTIONS") {
+      return;
+    }
     if (!isHTMLRequest(request)) {
       return;
     }
@@ -121,11 +124,7 @@ var useAppwarden = (input) => async (context, next) => {
 
 // src/middlewares/use-fetch-origin.ts
 var useFetchOrigin = () => async (context, next) => {
-  context.response = await fetch(
-    new Request(context.request, {
-      redirect: "manual"
-    })
-  );
+  context.response = await fetch(new Request(context.request));
   await next();
 };
 

package/index.js

@@ -5,14 +5,14 @@ import {
 } from "./chunk-QEFORWCW.js";
 import {
   useContentSecurityPolicy
-} from "./chunk-ZQNXNGLV.js";
+} from "./chunk-K7ZIT3FM.js";
 import {
   APPWARDEN_CACHE_KEY,
   CSPDirectivesSchema,
   CSPModeSchema,
   LOCKDOWN_TEST_EXPIRY_MS
-} from "./chunk-6O25N45F.js";
-import "./chunk-QGXPAVOA.js";
+} from "./chunk-2WPLLVUI.js";
+import "./chunk-QUVGY2YI.js";
 export {
   APPWARDEN_CACHE_KEY,
   CSPDirectivesSchema,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@appwarden/middleware",
-  "version": "3.10.1",
+  "version": "3.10.2",
   "description": "Instantly disable all user interaction with your app deployed on Cloudflare or Vercel",
   "type": "module",
   "license": "MIT",

package/vercel.js

@@ -8,7 +8,7 @@ import {
   buildLockPageUrl,
   debug,
   isOnLockPage
-} from "./chunk-HIGZSGKS.js";
+} from "./chunk-KE2UVIYR.js";
 import {
   APPWARDEN_CACHE_KEY,
   CSPDirectivesSchema,
@@ -16,13 +16,13 @@ import {
   errors,
   globalErrors,
   isHTMLRequest
-} from "./chunk-6O25N45F.js";
+} from "./chunk-2WPLLVUI.js";
 import {
   LockValue,
   getErrors,
   makeCSPHeader,
   printMessage
-} from "./chunk-QGXPAVOA.js";
+} from "./chunk-QUVGY2YI.js";
 
 // src/runners/appwarden-on-vercel.ts
 import { waitUntil } from "@vercel/functions";

package/chunk-ZQNXNGLV.js

@@ -1,50 +0,0 @@
-import {
-  UseCSPInputSchema,
-  isHTMLResponse
-} from "./chunk-6O25N45F.js";
-import {
-  makeCSPHeader
-} from "./chunk-QGXPAVOA.js";
-
-// src/middlewares/use-content-security-policy.ts
-var AppendAttribute = (attribute, nonce) => ({
-  element: function(element) {
-    element.setAttribute(attribute, nonce);
-  }
-});
-var useContentSecurityPolicy = (input) => {
-  const parsedInput = UseCSPInputSchema.safeParse(input);
-  if (!parsedInput.success) {
-    throw parsedInput.error;
-  }
-  const config = parsedInput.data;
-  return async (context, next) => {
-    await next();
-    const { response } = context;
-    if (
-      // if the csp is disabled
-      !["enforced", "report-only"].includes(config.mode)
-    ) {
-      context.debug("CSP is disabled");
-      return;
-    }
-    if (response.headers.has("Content-Type") && !isHTMLResponse(response)) {
-      return;
-    }
-    const cspNonce = crypto.randomUUID();
-    const [cspHeaderName, cspHeaderValue] = makeCSPHeader(
-      cspNonce,
-      config.directives,
-      config.mode
-    );
-    context.debug(`Applying CSP in ${config.mode} mode`);
-    const nextResponse = new Response(response.body, response);
-    nextResponse.headers.set(cspHeaderName, cspHeaderValue);
-    nextResponse.headers.set("content-type", "text/html; charset=utf-8");
-    context.response = new HTMLRewriter().on("style", AppendAttribute("nonce", cspNonce)).on("script", AppendAttribute("nonce", cspNonce)).transform(nextResponse);
-  };
-};
-
-export {
-  useContentSecurityPolicy
-};