@cloudflare/vite-plugin 1.12.1 → 1.12.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/asset-workers/router-worker.js +18 -1
- package/dist/index.js +2 -0
- package/package.json +8 -8
|
@@ -4596,8 +4596,10 @@ var Analytics = class {
|
|
|
4596
4596
|
// blob4
|
|
4597
4597
|
this.data.coloRegion,
|
|
4598
4598
|
// blob5
|
|
4599
|
-
this.data.abuseMitigationURLHost
|
|
4599
|
+
this.data.abuseMitigationURLHost,
|
|
4600
4600
|
// blob6
|
|
4601
|
+
this.data.xssDetectionImageHref
|
|
4602
|
+
// blob7
|
|
4601
4603
|
]
|
|
4602
4604
|
});
|
|
4603
4605
|
}
|
|
@@ -6178,6 +6180,21 @@ var worker_default = {
|
|
|
6178
6180
|
}
|
|
6179
6181
|
}
|
|
6180
6182
|
}
|
|
6183
|
+
if (url.pathname === "/_image") {
|
|
6184
|
+
const hrefParam = url.searchParams.get("href");
|
|
6185
|
+
if (hrefParam && hrefParam.length > 2 && hrefParam.startsWith("//")) {
|
|
6186
|
+
try {
|
|
6187
|
+
const hrefUrl = new URL("https:" + hrefParam);
|
|
6188
|
+
const isImageFetchDest = request.headers.get("sec-fetch-dest") == "image";
|
|
6189
|
+
if (hrefUrl.hostname !== url.hostname && !isImageFetchDest) {
|
|
6190
|
+
analytics.setData({ xssDetectionImageHref: hrefParam });
|
|
6191
|
+
return new Response("Blocked", { status: 403 });
|
|
6192
|
+
}
|
|
6193
|
+
} catch {
|
|
6194
|
+
console.log(`Invalid href parameter in /_image: ${hrefParam}`);
|
|
6195
|
+
}
|
|
6196
|
+
}
|
|
6197
|
+
}
|
|
6181
6198
|
analytics.setData({
|
|
6182
6199
|
timeToDispatch: performance.now() - startTimeMs
|
|
6183
6200
|
});
|
package/dist/index.js
CHANGED
|
@@ -7607,6 +7607,8 @@ function createCloudflareEnvironmentOptions({
|
|
|
7607
7607
|
ssr: true,
|
|
7608
7608
|
rollupOptions: {
|
|
7609
7609
|
input: workerConfig.main,
|
|
7610
|
+
// workerd checks the types of the exports so we need to ensure that additional exports are not added to the entry module
|
|
7611
|
+
preserveEntrySignatures: "strict",
|
|
7610
7612
|
// rolldown-only option
|
|
7611
7613
|
..."rolldownVersion" in vite ? { platform: "neutral" } : {}
|
|
7612
7614
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cloudflare/vite-plugin",
|
|
3
|
-
"version": "1.12.
|
|
3
|
+
"version": "1.12.3",
|
|
4
4
|
"description": "Cloudflare plugin for Vite",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"cloudflare",
|
|
@@ -37,14 +37,14 @@
|
|
|
37
37
|
"get-port": "^7.1.0",
|
|
38
38
|
"picocolors": "^1.1.1",
|
|
39
39
|
"tinyglobby": "^0.2.12",
|
|
40
|
-
"unenv": "2.0.0-rc.
|
|
40
|
+
"unenv": "2.0.0-rc.20",
|
|
41
41
|
"ws": "8.18.0",
|
|
42
|
-
"
|
|
43
|
-
"
|
|
44
|
-
"wrangler": "4.
|
|
42
|
+
"@cloudflare/unenv-preset": "2.7.2",
|
|
43
|
+
"miniflare": "4.20250902.0",
|
|
44
|
+
"wrangler": "4.34.0"
|
|
45
45
|
},
|
|
46
46
|
"devDependencies": {
|
|
47
|
-
"@cloudflare/workers-types": "^4.
|
|
47
|
+
"@cloudflare/workers-types": "^4.20250902.0",
|
|
48
48
|
"@types/node": "^22.10.1",
|
|
49
49
|
"@types/ws": "^8.5.13",
|
|
50
50
|
"magic-string": "^0.30.12",
|
|
@@ -55,12 +55,12 @@
|
|
|
55
55
|
"vitest": "~3.2.0",
|
|
56
56
|
"@cloudflare/containers-shared": "0.2.10",
|
|
57
57
|
"@cloudflare/mock-npm-registry": "0.0.0",
|
|
58
|
-
"@cloudflare/workers-shared": "0.18.
|
|
58
|
+
"@cloudflare/workers-shared": "0.18.8",
|
|
59
59
|
"@cloudflare/workers-tsconfig": "0.0.0"
|
|
60
60
|
},
|
|
61
61
|
"peerDependencies": {
|
|
62
62
|
"vite": "^6.1.0 || ^7.0.0",
|
|
63
|
-
"wrangler": "^4.
|
|
63
|
+
"wrangler": "^4.34.0"
|
|
64
64
|
},
|
|
65
65
|
"publishConfig": {
|
|
66
66
|
"access": "public"
|