@appwarden/middleware 3.9.1 → 3.10.1

package/README.md

@@ -112,7 +112,7 @@ import { createAppwardenMiddleware } from "@appwarden/middleware/cloudflare"
 
 const appwardenHandler = createAppwardenMiddleware((cloudflare) => ({
   debug: cloudflare.env.DEBUG,
-  lockPageSlug: cloudflare.env.LOCK_PAGE_SLUG,
+  lockPageSlug: cloudflare.env.APPWARDEN_LOCK_PAGE_SLUG,
   appwardenApiToken: cloudflare.env.APPWARDEN_API_TOKEN,
   contentSecurityPolicy: {
     mode: cloudflare.env.CSP_MODE,

package/{chunk-UIIYORBW.js → chunk-6O25N45F.js}

@@ -45,7 +45,31 @@ function isHTMLResponse(response) {
   return response.headers.get("Content-Type")?.includes("text/html") ?? false;
 }
 function isHTMLRequest(request) {
-  return request.headers.get("accept")?.includes("text/html") ?? false;
+  const accept = request.headers.get("accept");
+  if (!accept) {
+    return false;
+  }
+  const normalizedAccept = accept.toLowerCase();
+  const isWildcardOnlyAccept = (value) => {
+    const mediaRanges = value.split(",");
+    let hasNonEmptyRange = false;
+    for (const range of mediaRanges) {
+      const [typeSubtype] = range.split(";");
+      const trimmed = typeSubtype.trim();
+      if (!trimmed) {
+        continue;
+      }
+      hasNonEmptyRange = true;
+      if (trimmed !== "*/*" && trimmed !== "*") {
+        return false;
+      }
+    }
+    return hasNonEmptyRange;
+  };
+  if (isWildcardOnlyAccept(normalizedAccept)) {
+    return false;
+  }
+  return normalizedAccept.includes("text/html");
 }
 
 // src/schemas/use-content-security-policy.ts

package/{chunk-Z7FIMIZS.js → chunk-HIGZSGKS.js}

@@ -1,6 +1,6 @@
 import {
   LOCKDOWN_TEST_EXPIRY_MS
-} from "./chunk-UIIYORBW.js";
+} from "./chunk-6O25N45F.js";
 import {
   printMessage
 } from "./chunk-QGXPAVOA.js";

package/{chunk-MYIKUPTR.js → chunk-TASPCREA.js}

@@ -1,11 +1,11 @@
 import {
   MemoryCache,
   debug
-} from "./chunk-Z7FIMIZS.js";
+} from "./chunk-HIGZSGKS.js";
 import {
   APPWARDEN_CACHE_KEY,
   APPWARDEN_TEST_ROUTE
-} from "./chunk-UIIYORBW.js";
+} from "./chunk-6O25N45F.js";
 import {
   deleteEdgeValue,
   getLockValue,

package/{chunk-VSCXTBP6.js → chunk-ZQNXNGLV.js}

@@ -1,7 +1,7 @@
 import {
   UseCSPInputSchema,
   isHTMLResponse
-} from "./chunk-UIIYORBW.js";
+} from "./chunk-6O25N45F.js";
 import {
   makeCSPHeader
 } from "./chunk-QGXPAVOA.js";

package/cloudflare/astro.js

@@ -3,24 +3,24 @@ import {
 } from "../chunk-XFG6SUSV.js";
 import {
   useContentSecurityPolicy
-} from "../chunk-VSCXTBP6.js";
+} from "../chunk-ZQNXNGLV.js";
 import {
   getNowMs
 } from "../chunk-X7WZVYQS.js";
 import {
   checkLockStatus
-} from "../chunk-MYIKUPTR.js";
+} from "../chunk-TASPCREA.js";
 import {
   TEMPORARY_REDIRECT_STATUS,
   buildLockPageUrl,
   createRedirect,
   debug,
   isOnLockPage
-} from "../chunk-Z7FIMIZS.js";
+} from "../chunk-HIGZSGKS.js";
 import {
   UseCSPInputSchema,
   isHTMLRequest
-} from "../chunk-UIIYORBW.js";
+} from "../chunk-6O25N45F.js";
 import {
   AppwardenApiTokenSchema,
   BooleanSchema,

package/cloudflare/nextjs.js

@@ -3,17 +3,17 @@ import {
 } from "../chunk-X7WZVYQS.js";
 import {
   checkLockStatus
-} from "../chunk-MYIKUPTR.js";
+} from "../chunk-TASPCREA.js";
 import {
   TEMPORARY_REDIRECT_STATUS,
   buildLockPageUrl,
   debug,
   isOnLockPage
-} from "../chunk-Z7FIMIZS.js";
+} from "../chunk-HIGZSGKS.js";
 import {
   UseCSPInputSchema,
   isHTMLRequest
-} from "../chunk-UIIYORBW.js";
+} from "../chunk-6O25N45F.js";
 import {
   AppwardenApiTokenSchema,
   BooleanSchema,

package/cloudflare/react-router.js

@@ -3,23 +3,23 @@ import {
 } from "../chunk-XFG6SUSV.js";
 import {
   useContentSecurityPolicy
-} from "../chunk-VSCXTBP6.js";
+} from "../chunk-ZQNXNGLV.js";
 import {
   getNowMs
 } from "../chunk-X7WZVYQS.js";
 import {
   checkLockStatus
-} from "../chunk-MYIKUPTR.js";
+} from "../chunk-TASPCREA.js";
 import {
   buildLockPageUrl,
   createRedirect,
   debug,
   isOnLockPage
-} from "../chunk-Z7FIMIZS.js";
+} from "../chunk-HIGZSGKS.js";
 import {
   UseCSPInputSchema,
   isHTMLRequest
-} from "../chunk-UIIYORBW.js";
+} from "../chunk-6O25N45F.js";
 import {
   AppwardenApiTokenSchema,
   BooleanSchema,

package/cloudflare/tanstack-start.js

@@ -3,23 +3,23 @@ import {
 } from "../chunk-XFG6SUSV.js";
 import {
   useContentSecurityPolicy
-} from "../chunk-VSCXTBP6.js";
+} from "../chunk-ZQNXNGLV.js";
 import {
   getNowMs
 } from "../chunk-X7WZVYQS.js";
 import {
   checkLockStatus
-} from "../chunk-MYIKUPTR.js";
+} from "../chunk-TASPCREA.js";
 import {
   buildLockPageUrl,
   createRedirect,
   debug,
   isOnLockPage
-} from "../chunk-Z7FIMIZS.js";
+} from "../chunk-HIGZSGKS.js";
 import {
   UseCSPInputSchema,
   isHTMLRequest
-} from "../chunk-UIIYORBW.js";
+} from "../chunk-6O25N45F.js";
 import {
   AppwardenApiTokenSchema,
   BooleanSchema,

package/cloudflare.d.ts

@@ -1,5 +1,5 @@
-import { B as Bindings } from './use-content-security-policy-jlU0Hjj8.js';
-export { u as useContentSecurityPolicy } from './use-content-security-policy-jlU0Hjj8.js';
+import { B as Bindings } from './use-content-security-policy-DpmIa2tk.js';
+export { u as useContentSecurityPolicy } from './use-content-security-policy-DpmIa2tk.js';
 import { z } from 'zod';
 
 declare const UseAppwardenInputSchema: z.ZodObject<{

package/cloudflare.js

@@ -1,19 +1,19 @@
 import {
   useContentSecurityPolicy
-} from "./chunk-VSCXTBP6.js";
+} from "./chunk-ZQNXNGLV.js";
 import {
   checkLockStatus
-} from "./chunk-MYIKUPTR.js";
+} from "./chunk-TASPCREA.js";
 import {
   buildLockPageUrl,
   createRedirect,
   debug,
   isOnLockPage
-} from "./chunk-Z7FIMIZS.js";
+} from "./chunk-HIGZSGKS.js";
 import {
   UseCSPInputSchema,
   isHTMLRequest
-} from "./chunk-UIIYORBW.js";
+} from "./chunk-6O25N45F.js";
 import {
   AppwardenApiTokenSchema,
   BooleanSchema,
@@ -123,8 +123,7 @@ var useAppwarden = (input) => async (context, next) => {
 var useFetchOrigin = () => async (context, next) => {
   context.response = await fetch(
     new Request(context.request, {
-      ...context.request,
-      redirect: "follow"
+      redirect: "manual"
     })
   );
   await next();

package/index.d.ts

@@ -1,4 +1,4 @@
-export { B as Bindings, C as CSPDirectivesSchema, a as CSPModeSchema, M as Middleware, u as useContentSecurityPolicy } from './use-content-security-policy-jlU0Hjj8.js';
+export { B as Bindings, C as CSPDirectivesSchema, a as CSPModeSchema, M as Middleware, u as useContentSecurityPolicy } from './use-content-security-policy-DpmIa2tk.js';
 import { z } from 'zod';
 
 declare const LOCKDOWN_TEST_EXPIRY_MS: number;

package/index.js

@@ -5,13 +5,13 @@ import {
 } from "./chunk-QEFORWCW.js";
 import {
   useContentSecurityPolicy
-} from "./chunk-VSCXTBP6.js";
+} from "./chunk-ZQNXNGLV.js";
 import {
   APPWARDEN_CACHE_KEY,
   CSPDirectivesSchema,
   CSPModeSchema,
   LOCKDOWN_TEST_EXPIRY_MS
-} from "./chunk-UIIYORBW.js";
+} from "./chunk-6O25N45F.js";
 import "./chunk-QGXPAVOA.js";
 export {
   APPWARDEN_CACHE_KEY,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@appwarden/middleware",
-  "version": "3.9.1",
+  "version": "3.10.1",
   "description": "Instantly disable all user interaction with your app deployed on Cloudflare or Vercel",
   "type": "module",
   "license": "MIT",

package/{use-content-security-policy-jlU0Hjj8.d.ts → use-content-security-policy-DpmIa2tk.d.ts}

@@ -84,16 +84,41 @@ declare const ContentSecurityPolicySchema: z.ZodObject<{
 }>;
 type ContentSecurityPolicyType = z.infer<typeof ContentSecurityPolicySchema>;
 
+/**
+ * Fallback bindings type for when Wrangler types are not available.
+ * This provides a minimal type definition for development.
+ *
+ * When users run `wrangler types`, it generates:
+ * - `declare namespace Cloudflare { interface Env { ... } }`
+ * - `interface Env extends Cloudflare.Env {}`
+ *
+ * Our CloudflareEnv should pick up the user's generated Env type first.
+ */
 type Bindings = {
-    DEBUG: string | boolean;
-    LOCK_PAGE_SLUG: string;
-    CSP_MODE: "disabled" | "report-only" | "enforced";
-    CSP_DIRECTIVES: string | ContentSecurityPolicyType;
-    APPWARDEN_API_TOKEN: string;
+    DEBUG?: string | boolean;
+    APPWARDEN_LOCK_PAGE_SLUG?: string;
+    CSP_MODE?: "disabled" | "report-only" | "enforced";
+    CSP_DIRECTIVES?: string | ContentSecurityPolicyType;
+    APPWARDEN_API_TOKEN?: string;
     APPWARDEN_API_HOSTNAME?: string;
 };
 declare global {
-    interface CloudflareEnv extends Bindings {
+    /**
+     * CloudflareEnv is the global type used by all adapters.
+     *
+     * TypeScript's declaration merging means:
+     * 1. If user has Wrangler-generated `interface Env`, CloudflareEnv will extend it
+     * 2. If not, CloudflareEnv will extend our fallback Bindings type
+     *
+     * This ensures Wrangler types take precedence when available.
+     */
+    interface CloudflareEnv extends Env {
+    }
+    /**
+     * Fallback Env interface when Wrangler types are not generated.
+     * If the user runs `wrangler types`, their generated Env will merge with this.
+     */
+    interface Env extends Bindings {
     }
 }
 

package/vercel.js

@@ -8,7 +8,7 @@ import {
   buildLockPageUrl,
   debug,
   isOnLockPage
-} from "./chunk-Z7FIMIZS.js";
+} from "./chunk-HIGZSGKS.js";
 import {
   APPWARDEN_CACHE_KEY,
   CSPDirectivesSchema,
@@ -16,7 +16,7 @@ import {
   errors,
   globalErrors,
   isHTMLRequest
-} from "./chunk-UIIYORBW.js";
+} from "./chunk-6O25N45F.js";
 import {
   LockValue,
   getErrors,