@blamejs/blamejs-shop 0.4.46 → 0.4.47
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -0
- package/lib/admin.js +5 -0
- package/lib/asset-manifest.json +1 -1
- package/lib/storefront.js +5 -0
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -8,6 +8,8 @@ upgrading across more than a few patches at a time.
|
|
|
8
8
|
|
|
9
9
|
## v0.4.x
|
|
10
10
|
|
|
11
|
+
- v0.4.47 (2026-06-14) — **Signing out wipes the browser's client-side state via Clear-Site-Data.** Both the storefront account sign-out and the admin sign-out now emit an RFC 9527 Clear-Site-Data response header, instructing the browser to clear its cookies, storage, cache, and execution contexts for the origin. Previously sign-out tore down the server-side session and expired the auth cookie but left the rest of the browser's client-side state in place — on a shared or public browser, the next person could find a cached authenticated page or leftover local/session storage. This is defense-in-depth on top of the existing server-side session teardown. No migration to apply. **Security:** *Sign-out clears client-side browser state* — The /account/logout and /admin/logout routes now send Clear-Site-Data with the cookies, storage, cache, and execution-context directives, so a browser drops the origin's client-side state on sign-out rather than only expiring the auth cookie. This closes the window on a shared or public machine where a cached authenticated page or leftover storage could outlive the session.
|
|
12
|
+
|
|
11
13
|
- v0.4.46 (2026-06-14) — **A refund webhook records its own amount, so refunds processed out of order can't over-count the refunded total.** The Stripe charge.refunded mirror recorded the difference between the charge's cumulative refunded figure and the order's recorded refund total. When two refunds happen close together and the second refund's webhook is processed before the first's has been recorded — including two webhooks racing on the same order — both read the same not-yet-updated recorded total, so the later one records the full cumulative difference and double-counts the earlier refund, overstating the order's refunded total (and, with the over-refund cap keyed on that total, potentially distorting later refund limits). The mirror now records each event's own refund amount — the charge lists its refunds newest-first — keyed on the refund id, so a re-delivery or the console's own mirror of the same refund is still de-duplicated. Each refund is counted exactly once regardless of the order or timing its webhooks arrive in. No migration to apply. **Fixed:** *A refund webhook records its own amount, not the cumulative difference* — The charge.refunded mirror now records the specific refund that triggered the event, taken from the charge's own refunds list, instead of the difference between the charge's cumulative refunded figure and the order's ledger. The previous difference-based approach read the recorded total once and could record a value that included an earlier refund whose webhook hadn't landed yet — so when that earlier webhook arrived, the order's refunded total over-counted. Keying each entry on the refund id keeps re-deliveries and the console's own mirror de-duplicated, so the same refund is never recorded twice and the total converges on the true figure whatever order the webhooks arrive in.
|
|
12
14
|
|
|
13
15
|
- v0.4.45 (2026-06-13) — **Sales tax is computed on the discounted price, so a discounted order is no longer over-taxed.** Checkout calculated sales tax on the full pre-discount subtotal even though the tax primitive's documented contract is to receive the post-discount subtotal (lib/tax.js: "Tax is computed against subtotal_minor (post-discount, pre-shipping)"). So every order carrying an automatic discount or a coupon was taxed on merchandise value the customer didn't pay for, over-collecting tax and overstating the order total. The tax base is now the subtotal minus the discount, computed by resolving the discount before the tax call. Shipping rates still gate on the pre-discount merchandise value — a free-shipping threshold is earned on what's in the cart, not the post-discount total — and an order with no discount is unaffected. No migration to apply. **Fixed:** *A discounted order is taxed on the price actually paid* — Sales tax now applies to the post-discount subtotal: the automatic-discount and coupon reduction is resolved first and subtracted from the taxable base before tax is calculated. Previously tax was computed on the full pre-discount subtotal, so a discounted or couponed order was over-taxed and its total overstated by the tax on the discounted-away amount. An order with no discount sees no change, and free-shipping thresholds continue to be evaluated against the pre-discount merchandise value.
|
package/lib/admin.js
CHANGED
|
@@ -13830,6 +13830,11 @@ function mount(router, deps) {
|
|
|
13830
13830
|
});
|
|
13831
13831
|
|
|
13832
13832
|
router.post("/admin/logout", async function (req, res) {
|
|
13833
|
+
// Wipe the operator's client-side state for the origin on sign-out
|
|
13834
|
+
// (cookies, storage, cache, execution contexts) — defense-in-depth so a
|
|
13835
|
+
// shared browser can't carry a cached admin page or leftover client
|
|
13836
|
+
// storage past the server-side session teardown.
|
|
13837
|
+
b.middleware.clearSiteData()(req, res, function () {});
|
|
13833
13838
|
_clearAdminCookie(req, res);
|
|
13834
13839
|
_redirect(res, "/admin");
|
|
13835
13840
|
});
|
package/lib/asset-manifest.json
CHANGED
package/lib/storefront.js
CHANGED
|
@@ -16420,6 +16420,11 @@ function mount(router, deps) {
|
|
|
16420
16420
|
}
|
|
16421
16421
|
|
|
16422
16422
|
router.post("/account/logout", function (req, res) {
|
|
16423
|
+
// Wipe the browser's client-side state for the origin on sign-out
|
|
16424
|
+
// (cookies, storage, cache, execution contexts) — defense-in-depth so a
|
|
16425
|
+
// shared or public browser can't carry a cached authenticated page or
|
|
16426
|
+
// leftover client storage past the server-side session teardown.
|
|
16427
|
+
b.middleware.clearSiteData()(req, res, function () {});
|
|
16423
16428
|
_clearAuthCookie(req, res);
|
|
16424
16429
|
res.status(303); res.setHeader && res.setHeader("location", "/");
|
|
16425
16430
|
return res.end ? res.end() : res.send("");
|
package/package.json
CHANGED