npm - @decocms/start - Versions diffs - 5.4.1 → 5.4.2 - Mend

@decocms/start 5.4.1 → 5.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json +1 -1
package/src/sdk/workerEntry.test.ts +106 -0
package/src/sdk/workerEntry.ts +21 -1

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@decocms/start",
-  "version": "5.4.1",
+  "version": "5.4.2",
   "type": "module",
   "description": "Deco framework for TanStack Start - CMS bridge, admin protocol, hooks, schema generation",
   "main": "./src/index.ts",

package/src/sdk/workerEntry.test.ts ADDED Viewed

@@ -0,0 +1,106 @@
+import { describe, expect, it } from "vitest";
+import { injectGeoCookies } from "./workerEntry";
+function parseCookies(header: string): Record<string, string> {
+  return Object.fromEntries(
+    header.split("; ").map((c) => {
+      const [k, ...v] = c.split("=");
+      return [k, v.join("=")];
+    }),
+  );
+}
+function makeRequest(
+  cf: Record<string, string> | undefined,
+  headers: Record<string, string> = {},
+): Request {
+  const req = new Request("https://example.com/", { headers });
+  if (cf) {
+    Object.defineProperty(req, "cf", { value: cf, configurable: true });
+  }
+  return req;
+}
+describe("injectGeoCookies", () => {
+  it("strips cf-region from the outgoing Request headers while preserving the value in __cf_geo_region cookie", () => {
+    const req = makeRequest(
+      { region: "São Paulo", country: "BR" },
+      { "cf-region": "São Paulo", "cf-ipcountry": "BR" },
+    );
+    const out = injectGeoCookies(req);
+    expect(out.headers.get("cf-region")).toBeNull();
+    // ASCII CF headers (cf-ipcountry) are still forwarded
+    expect(out.headers.get("cf-ipcountry")).toBe("BR");
+    // Geo data is preserved as cookies for matchers
+    const cookies = parseCookies(out.headers.get("cookie") ?? "");
+    expect(cookies.__cf_geo_region).toBe(encodeURIComponent("São Paulo"));
+    expect(cookies.__cf_geo_country).toBe("BR");
+  });
+  it("strips cf-ipcity from the outgoing Request headers while preserving the value in __cf_geo_city cookie", () => {
+    const req = makeRequest(
+      { city: "Brasília", country: "BR" },
+      { "cf-ipcity": "Brasília" },
+    );
+    const out = injectGeoCookies(req);
+    expect(out.headers.get("cf-ipcity")).toBeNull();
+    const cookies = parseCookies(out.headers.get("cookie") ?? "");
+    expect(cookies.__cf_geo_city).toBe(encodeURIComponent("Brasília"));
+  });
+  it("returns the original request unchanged when there is no cf object", () => {
+    const req = makeRequest(undefined, { "cf-region": "São Paulo" });
+    const out = injectGeoCookies(req);
+    // Without cf, we don't build cookies, and we return the original request
+    // untouched (so the cf-region header is still present — but that's the
+    // caller's pre-existing state, not something we re-introduced).
+    expect(out).toBe(req);
+  });
+  it("returns the original request unchanged when cf has no relevant geo fields", () => {
+    const req = makeRequest({ asn: "12345" }, { "cf-region": "São Paulo" });
+    const out = injectGeoCookies(req);
+    expect(out).toBe(req);
+  });
+  it("preserves a pre-existing cookie header", () => {
+    const req = makeRequest(
+      { region: "São Paulo" },
+      { cookie: "vtex_segment=abc; another=xyz" },
+    );
+    const out = injectGeoCookies(req);
+    const raw = out.headers.get("cookie") ?? "";
+    expect(raw).toContain("vtex_segment=abc");
+    expect(raw).toContain("another=xyz");
+    expect(raw).toContain("__cf_geo_region=");
+  });
+  it("forwards non-geo headers untouched", () => {
+    const req = makeRequest(
+      { region: "Paraná" },
+      {
+        "user-agent": "test-agent",
+        accept: "*/*",
+        "x-custom": "value",
+        "cf-ray": "9ff5b26cf9bc067a",
+      },
+    );
+    const out = injectGeoCookies(req);
+    expect(out.headers.get("user-agent")).toBe("test-agent");
+    expect(out.headers.get("accept")).toBe("*/*");
+    expect(out.headers.get("x-custom")).toBe("value");
+    expect(out.headers.get("cf-ray")).toBe("9ff5b26cf9bc067a");
+  });
+});

package/src/sdk/workerEntry.ts CHANGED Viewed

@@ -443,7 +443,27 @@ export function injectGeoCookies(request: Request): Request {
   const existing = request.headers.get("cookie") ?? "";
   const combined = existing ? `${existing}; ${parts.join("; ")}` : parts.join("; ");
-  const headers = new Headers(request.headers);
+  // Strip CF geo headers that carry non-ASCII values (cf-region: "São Paulo",
+  // cf-ipcity: "Brasília", etc.) before building the new Request. The geo
+  // data is preserved in the __cf_geo_* cookies we just built, so callers
+  // downstream lose no information.
+  //
+  // Without this strip, the Workers runtime emits a warning on every
+  // request because the new Request inherits these UTF-8 headers from the
+  // inbound request:
+  //
+  //   "A header value for "cf-region" contains non-ASCII characters: "..."
+  //
+  // and the warning is logged once per non-ASCII header — for a Brazilian
+  // storefront with cities/states full of accents that means ~2 warns per
+  // request × every request that hits the worker.
+  const headers = new Headers();
+  for (const [key, value] of request.headers.entries()) {
+    const lk = key.toLowerCase();
+    if (lk === "cf-region" || lk === "cf-ipcity") continue;
+    headers.set(key, value);
+  }
   headers.set("cookie", combined);
   return new Request(request, { headers });