@commercetools-frontend/mc-html-template 22.38.0 → 22.38.2

package/dist/commercetools-frontend-mc-html-template.cjs.dev.js

@@ -12,6 +12,7 @@ var _Object$assign = require('@babel/runtime-corejs3/core-js-stable/object/assig
 var _Object$keys = require('@babel/runtime-corejs3/core-js-stable/object/keys');
 var _mapInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/map');
 var _Object$entries = require('@babel/runtime-corejs3/core-js-stable/object/entries');
+var _trimInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/trim');
 var _concatInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/concat');
 var _Object$getOwnPropertySymbols = require('@babel/runtime-corejs3/core-js-stable/object/get-own-property-symbols');
 var _filterInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/filter');
@@ -34,6 +35,7 @@ var _Object$assign__default = /*#__PURE__*/_interopDefault(_Object$assign);
 var _Object$keys__default = /*#__PURE__*/_interopDefault(_Object$keys);
 var _mapInstanceProperty__default = /*#__PURE__*/_interopDefault(_mapInstanceProperty);
 var _Object$entries__default = /*#__PURE__*/_interopDefault(_Object$entries);
+var _trimInstanceProperty__default = /*#__PURE__*/_interopDefault(_trimInstanceProperty);
 var _concatInstanceProperty__default = /*#__PURE__*/_interopDefault(_concatInstanceProperty);
 var _Object$getOwnPropertySymbols__default = /*#__PURE__*/_interopDefault(_Object$getOwnPropertySymbols);
 var _filterInstanceProperty__default = /*#__PURE__*/_interopDefault(_filterInstanceProperty);
@@ -70,11 +72,12 @@ const htmlScripts$1 = {
   "publicPath": "window.__dynamicImportHandler__=function(n){return window.app.cdnUrl.replace(/\\/$/,\"\")+\"/\"+n.replace(/^(\\.\\/)?/,\"\")},window.__dynamicImportPreload__=function(n){return n.map(n=>window.app.cdnUrl.replace(/\\/$/,\"\")+\"/\"+n)};"
 };
 const toArray = value => _Array$isArray__default["default"](value) ? value : [value];
-const mergeDirectives = function () {
+const parseCSPDirectives = function () {
+  var _context2;
   for (var _len = arguments.length, directives = new Array(_len), _key = 0; _key < _len; _key++) {
     directives[_key] = arguments[_key];
   }
-  return _reduceInstanceProperty__default["default"](directives).call(directives, (mergedDirectives, directive) => {
+  const mergedDirectives = _reduceInstanceProperty__default["default"](directives).call(directives, (mergedDirectives, directive) => {
     var _context;
     return _Object$assign__default["default"](mergedDirectives, _reduceInstanceProperty__default["default"](_context = _Object$keys__default["default"](directive)).call(_context, (mergedDirectiveValues, directiveKey) => {
       const existingDirectiveValue = mergedDirectives[directiveKey];
@@ -83,26 +86,27 @@ const mergeDirectives = function () {
       });
     }, {}));
   }, {});
-};
-const toHeaderString = function () {
-  var _context2;
-  let directives = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
-  return _mapInstanceProperty__default["default"](_context2 = _Object$entries__default["default"](directives)).call(_context2, _ref => {
+  return _mapInstanceProperty__default["default"](_context2 = _Object$entries__default["default"](mergedDirectives)).call(_context2, _ref => {
     let _ref2 = _slicedToArray(_ref, 2),
       directive = _ref2[0],
       value = _ref2[1];
     return `${directive} ${_Array$isArray__default["default"](value) ? value.join(' ') : value}`;
   }).join('; ');
 };
-const toStructuredHeaderString = function () {
+const parsePermissionsPolicyDirectives = (defaultValue, customDirectives) => {
   var _context3;
-  let directives = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
-  return _mapInstanceProperty__default["default"](_context3 = _Object$entries__default["default"](directives)).call(_context3, _ref3 => {
-    let _ref4 = _slicedToArray(_ref3, 2),
-      directive = _ref4[0],
-      value = _ref4[1];
-    return `${directive}=${_Array$isArray__default["default"](value) ? value.join(' ') : value}`;
-  }).join(', ');
+  const mergedDirectives = _mapInstanceProperty__default["default"](_context3 = defaultValue.split(',')).call(_context3, directive => {
+    const _directive$trim$split = _trimInstanceProperty__default["default"](directive).call(directive).split('='),
+      _directive$trim$split2 = _slicedToArray(_directive$trim$split, 2),
+      directiveName = _directive$trim$split2[0],
+      directiveValue = _directive$trim$split2[1];
+    const overrideDirectiveValue = customDirectives[directiveName];
+    if (overrideDirectiveValue) {
+      return [directiveName, overrideDirectiveValue].join('=');
+    }
+    return [directiveName, directiveValue].join('=');
+  });
+  return mergedDirectives.join(', ');
 };
 const processHeaders = applicationConfig => {
   var _context4, _context5, _context6;
@@ -120,7 +124,7 @@ const processHeaders = applicationConfig => {
    * Content Security Policy (CSP)
    * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
    */
-  const cspDirectives = _Object$assign__default["default"]({
+  const defaultCSPDirectives = _Object$assign__default["default"]({
     'default-src': "'none'",
     'script-src': _concatInstanceProperty__default["default"](_context4 = ["'self'"]).call(_context4, isMcDevEnv ?
     // Allow webpack to load source maps on runtime when errors occur
@@ -154,15 +158,12 @@ const processHeaders = applicationConfig => {
   // - `require-sri-for style script` (at the moment not possible because
   //  Intercom scripts are apparently not meant for this)
   );
-
-  // Recursively merge the directives
-  const mergedCsp = mergeDirectives(cspDirectives, applicationConfig.headers?.csp ?? {});
   return _objectSpread(_objectSpread({}, constants.HTTP_SECURITY_HEADERS), {}, {
     // The `Content-Security-Policy` header is always generated
     // based on the Merchant Center customization config.
-    'Content-Security-Policy': toHeaderString(mergedCsp)
+    [constants.HTTP_SECURITY_HEADER_KEYS['Content-Security-Policy']]: parseCSPDirectives(defaultCSPDirectives, applicationConfig.headers?.csp ?? {})
   }, applicationConfig.headers?.permissionsPolicies ? {
-    'Permissions-Policy': toStructuredHeaderString(applicationConfig.headers.permissionsPolicies)
+    [constants.HTTP_SECURITY_HEADER_KEYS['Permissions-Policy']]: parsePermissionsPolicyDirectives(constants.HTTP_SECURITY_HEADERS['Permissions-Policy'], applicationConfig.headers.permissionsPolicies ?? {})
   } : {});
 };
 

package/dist/commercetools-frontend-mc-html-template.cjs.prod.js

@@ -12,6 +12,7 @@ var _Object$assign = require('@babel/runtime-corejs3/core-js-stable/object/assig
 var _Object$keys = require('@babel/runtime-corejs3/core-js-stable/object/keys');
 var _mapInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/map');
 var _Object$entries = require('@babel/runtime-corejs3/core-js-stable/object/entries');
+var _trimInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/trim');
 var _concatInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/concat');
 var _Object$getOwnPropertySymbols = require('@babel/runtime-corejs3/core-js-stable/object/get-own-property-symbols');
 var _filterInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/filter');
@@ -34,6 +35,7 @@ var _Object$assign__default = /*#__PURE__*/_interopDefault(_Object$assign);
 var _Object$keys__default = /*#__PURE__*/_interopDefault(_Object$keys);
 var _mapInstanceProperty__default = /*#__PURE__*/_interopDefault(_mapInstanceProperty);
 var _Object$entries__default = /*#__PURE__*/_interopDefault(_Object$entries);
+var _trimInstanceProperty__default = /*#__PURE__*/_interopDefault(_trimInstanceProperty);
 var _concatInstanceProperty__default = /*#__PURE__*/_interopDefault(_concatInstanceProperty);
 var _Object$getOwnPropertySymbols__default = /*#__PURE__*/_interopDefault(_Object$getOwnPropertySymbols);
 var _filterInstanceProperty__default = /*#__PURE__*/_interopDefault(_filterInstanceProperty);
@@ -70,11 +72,12 @@ const htmlScripts$1 = {
   "publicPath": "window.__dynamicImportHandler__=function(n){return window.app.cdnUrl.replace(/\\/$/,\"\")+\"/\"+n.replace(/^(\\.\\/)?/,\"\")},window.__dynamicImportPreload__=function(n){return n.map(n=>window.app.cdnUrl.replace(/\\/$/,\"\")+\"/\"+n)};"
 };
 const toArray = value => _Array$isArray__default["default"](value) ? value : [value];
-const mergeDirectives = function () {
+const parseCSPDirectives = function () {
+  var _context2;
   for (var _len = arguments.length, directives = new Array(_len), _key = 0; _key < _len; _key++) {
     directives[_key] = arguments[_key];
   }
-  return _reduceInstanceProperty__default["default"](directives).call(directives, (mergedDirectives, directive) => {
+  const mergedDirectives = _reduceInstanceProperty__default["default"](directives).call(directives, (mergedDirectives, directive) => {
     var _context;
     return _Object$assign__default["default"](mergedDirectives, _reduceInstanceProperty__default["default"](_context = _Object$keys__default["default"](directive)).call(_context, (mergedDirectiveValues, directiveKey) => {
       const existingDirectiveValue = mergedDirectives[directiveKey];
@@ -83,26 +86,27 @@ const mergeDirectives = function () {
       });
     }, {}));
   }, {});
-};
-const toHeaderString = function () {
-  var _context2;
-  let directives = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
-  return _mapInstanceProperty__default["default"](_context2 = _Object$entries__default["default"](directives)).call(_context2, _ref => {
+  return _mapInstanceProperty__default["default"](_context2 = _Object$entries__default["default"](mergedDirectives)).call(_context2, _ref => {
     let _ref2 = _slicedToArray(_ref, 2),
       directive = _ref2[0],
       value = _ref2[1];
     return `${directive} ${_Array$isArray__default["default"](value) ? value.join(' ') : value}`;
   }).join('; ');
 };
-const toStructuredHeaderString = function () {
+const parsePermissionsPolicyDirectives = (defaultValue, customDirectives) => {
   var _context3;
-  let directives = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
-  return _mapInstanceProperty__default["default"](_context3 = _Object$entries__default["default"](directives)).call(_context3, _ref3 => {
-    let _ref4 = _slicedToArray(_ref3, 2),
-      directive = _ref4[0],
-      value = _ref4[1];
-    return `${directive}=${_Array$isArray__default["default"](value) ? value.join(' ') : value}`;
-  }).join(', ');
+  const mergedDirectives = _mapInstanceProperty__default["default"](_context3 = defaultValue.split(',')).call(_context3, directive => {
+    const _directive$trim$split = _trimInstanceProperty__default["default"](directive).call(directive).split('='),
+      _directive$trim$split2 = _slicedToArray(_directive$trim$split, 2),
+      directiveName = _directive$trim$split2[0],
+      directiveValue = _directive$trim$split2[1];
+    const overrideDirectiveValue = customDirectives[directiveName];
+    if (overrideDirectiveValue) {
+      return [directiveName, overrideDirectiveValue].join('=');
+    }
+    return [directiveName, directiveValue].join('=');
+  });
+  return mergedDirectives.join(', ');
 };
 const processHeaders = applicationConfig => {
   var _context4, _context5, _context6;
@@ -120,7 +124,7 @@ const processHeaders = applicationConfig => {
    * Content Security Policy (CSP)
    * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
    */
-  const cspDirectives = _Object$assign__default["default"]({
+  const defaultCSPDirectives = _Object$assign__default["default"]({
     'default-src': "'none'",
     'script-src': _concatInstanceProperty__default["default"](_context4 = ["'self'"]).call(_context4, isMcDevEnv ?
     // Allow webpack to load source maps on runtime when errors occur
@@ -154,15 +158,12 @@ const processHeaders = applicationConfig => {
   // - `require-sri-for style script` (at the moment not possible because
   //  Intercom scripts are apparently not meant for this)
   );
-
-  // Recursively merge the directives
-  const mergedCsp = mergeDirectives(cspDirectives, applicationConfig.headers?.csp ?? {});
   return _objectSpread(_objectSpread({}, constants.HTTP_SECURITY_HEADERS), {}, {
     // The `Content-Security-Policy` header is always generated
     // based on the Merchant Center customization config.
-    'Content-Security-Policy': toHeaderString(mergedCsp)
+    [constants.HTTP_SECURITY_HEADER_KEYS['Content-Security-Policy']]: parseCSPDirectives(defaultCSPDirectives, applicationConfig.headers?.csp ?? {})
   }, applicationConfig.headers?.permissionsPolicies ? {
-    'Permissions-Policy': toStructuredHeaderString(applicationConfig.headers.permissionsPolicies)
+    [constants.HTTP_SECURITY_HEADER_KEYS['Permissions-Policy']]: parsePermissionsPolicyDirectives(constants.HTTP_SECURITY_HEADERS['Permissions-Policy'], applicationConfig.headers.permissionsPolicies ?? {})
   } : {});
 };
 

package/dist/commercetools-frontend-mc-html-template.esm.js

@@ -8,6 +8,7 @@ import _Object$assign from '@babel/runtime-corejs3/core-js-stable/object/assign'
 import _Object$keys from '@babel/runtime-corejs3/core-js-stable/object/keys';
 import _mapInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/map';
 import _Object$entries from '@babel/runtime-corejs3/core-js-stable/object/entries';
+import _trimInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/trim';
 import _concatInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/concat';
 import _Object$getOwnPropertySymbols from '@babel/runtime-corejs3/core-js-stable/object/get-own-property-symbols';
 import _filterInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/filter';
@@ -16,7 +17,7 @@ import _forEachInstanceProperty from '@babel/runtime-corejs3/core-js-stable/inst
 import _Object$getOwnPropertyDescriptors from '@babel/runtime-corejs3/core-js-stable/object/get-own-property-descriptors';
 import _Object$defineProperties from '@babel/runtime-corejs3/core-js-stable/object/define-properties';
 import _Object$defineProperty from '@babel/runtime-corejs3/core-js-stable/object/define-property';
-import { HTTP_SECURITY_HEADERS } from '@commercetools-frontend/constants';
+import { HTTP_SECURITY_HEADER_KEYS, HTTP_SECURITY_HEADERS } from '@commercetools-frontend/constants';
 import crypto from 'crypto';
 import serialize from 'serialize-javascript';
 export { g as generateTemplate } from './generate-template-31dee161.esm.js';
@@ -46,11 +47,12 @@ const htmlScripts$1 = {
   "publicPath": "window.__dynamicImportHandler__=function(n){return window.app.cdnUrl.replace(/\\/$/,\"\")+\"/\"+n.replace(/^(\\.\\/)?/,\"\")},window.__dynamicImportPreload__=function(n){return n.map(n=>window.app.cdnUrl.replace(/\\/$/,\"\")+\"/\"+n)};"
 };
 const toArray = value => _Array$isArray(value) ? value : [value];
-const mergeDirectives = function () {
+const parseCSPDirectives = function () {
+  var _context2;
   for (var _len = arguments.length, directives = new Array(_len), _key = 0; _key < _len; _key++) {
     directives[_key] = arguments[_key];
   }
-  return _reduceInstanceProperty(directives).call(directives, (mergedDirectives, directive) => {
+  const mergedDirectives = _reduceInstanceProperty(directives).call(directives, (mergedDirectives, directive) => {
     var _context;
     return _Object$assign(mergedDirectives, _reduceInstanceProperty(_context = _Object$keys(directive)).call(_context, (mergedDirectiveValues, directiveKey) => {
       const existingDirectiveValue = mergedDirectives[directiveKey];
@@ -59,26 +61,27 @@ const mergeDirectives = function () {
       });
     }, {}));
   }, {});
-};
-const toHeaderString = function () {
-  var _context2;
-  let directives = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
-  return _mapInstanceProperty(_context2 = _Object$entries(directives)).call(_context2, _ref => {
+  return _mapInstanceProperty(_context2 = _Object$entries(mergedDirectives)).call(_context2, _ref => {
     let _ref2 = _slicedToArray(_ref, 2),
       directive = _ref2[0],
       value = _ref2[1];
     return `${directive} ${_Array$isArray(value) ? value.join(' ') : value}`;
   }).join('; ');
 };
-const toStructuredHeaderString = function () {
+const parsePermissionsPolicyDirectives = (defaultValue, customDirectives) => {
   var _context3;
-  let directives = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
-  return _mapInstanceProperty(_context3 = _Object$entries(directives)).call(_context3, _ref3 => {
-    let _ref4 = _slicedToArray(_ref3, 2),
-      directive = _ref4[0],
-      value = _ref4[1];
-    return `${directive}=${_Array$isArray(value) ? value.join(' ') : value}`;
-  }).join(', ');
+  const mergedDirectives = _mapInstanceProperty(_context3 = defaultValue.split(',')).call(_context3, directive => {
+    const _directive$trim$split = _trimInstanceProperty(directive).call(directive).split('='),
+      _directive$trim$split2 = _slicedToArray(_directive$trim$split, 2),
+      directiveName = _directive$trim$split2[0],
+      directiveValue = _directive$trim$split2[1];
+    const overrideDirectiveValue = customDirectives[directiveName];
+    if (overrideDirectiveValue) {
+      return [directiveName, overrideDirectiveValue].join('=');
+    }
+    return [directiveName, directiveValue].join('=');
+  });
+  return mergedDirectives.join(', ');
 };
 const processHeaders = applicationConfig => {
   var _context4, _context5, _context6;
@@ -96,7 +99,7 @@ const processHeaders = applicationConfig => {
    * Content Security Policy (CSP)
    * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
    */
-  const cspDirectives = _Object$assign({
+  const defaultCSPDirectives = _Object$assign({
     'default-src': "'none'",
     'script-src': _concatInstanceProperty(_context4 = ["'self'"]).call(_context4, isMcDevEnv ?
     // Allow webpack to load source maps on runtime when errors occur
@@ -130,15 +133,12 @@ const processHeaders = applicationConfig => {
   // - `require-sri-for style script` (at the moment not possible because
   //  Intercom scripts are apparently not meant for this)
   );
-
-  // Recursively merge the directives
-  const mergedCsp = mergeDirectives(cspDirectives, applicationConfig.headers?.csp ?? {});
   return _objectSpread(_objectSpread({}, HTTP_SECURITY_HEADERS), {}, {
     // The `Content-Security-Policy` header is always generated
     // based on the Merchant Center customization config.
-    'Content-Security-Policy': toHeaderString(mergedCsp)
+    [HTTP_SECURITY_HEADER_KEYS['Content-Security-Policy']]: parseCSPDirectives(defaultCSPDirectives, applicationConfig.headers?.csp ?? {})
   }, applicationConfig.headers?.permissionsPolicies ? {
-    'Permissions-Policy': toStructuredHeaderString(applicationConfig.headers.permissionsPolicies)
+    [HTTP_SECURITY_HEADER_KEYS['Permissions-Policy']]: parsePermissionsPolicyDirectives(HTTP_SECURITY_HEADERS['Permissions-Policy'], applicationConfig.headers.permissionsPolicies ?? {})
   } : {});
 };
 

package/dist/declarations/src/process-headers.d.ts

@@ -1,3 +1,4 @@
 import type { ApplicationRuntimeConfig } from '@commercetools-frontend/application-config';
-declare const processHeaders: (applicationConfig: ApplicationRuntimeConfig) => Record<string, string | undefined>;
+import { type THttpSecurityHeaders } from '@commercetools-frontend/constants';
+declare const processHeaders: (applicationConfig: ApplicationRuntimeConfig) => Record<THttpSecurityHeaders, string | undefined>;
 export default processHeaders;

package/dist/declarations/src/replace-html-placeholders.d.ts

@@ -1,7 +1,8 @@
 import type { ApplicationRuntimeConfig } from '@commercetools-frontend/application-config';
+import type { THttpSecurityHeaders } from '@commercetools-frontend/constants';
 type TReplaceHtmlPlaceholdersOptions = {
     env: ApplicationRuntimeConfig['env'];
-    headers: Record<string, string | undefined>;
+    headers?: Record<THttpSecurityHeaders, string | undefined>;
 };
 declare const replaceHtmlPlaceholders: (indexHtmlContent: string, options: TReplaceHtmlPlaceholdersOptions) => string;
 export default replaceHtmlPlaceholders;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@commercetools-frontend/mc-html-template",
-  "version": "22.38.0",
+  "version": "22.38.2",
   "description": "Everything related to render the index.html for a MC application",
   "bugs": "https://github.com/commercetools/merchant-center-application-kit/issues",
   "repository": {
@@ -38,8 +38,8 @@
   "dependencies": {
     "@babel/runtime": "^7.22.15",
     "@babel/runtime-corejs3": "^7.22.15",
-    "@commercetools-frontend/application-config": "22.38.0",
-    "@commercetools-frontend/constants": "22.38.0",
+    "@commercetools-frontend/application-config": "22.38.2",
+    "@commercetools-frontend/constants": "22.38.2",
     "serialize-javascript": "6.0.2",
     "uglify-js": "3.18.0",
     "uglifycss": "0.0.29"