@eggjs/security 5.0.0-beta.20 → 5.0.0-beta.22

package/dist/context-C-N1IY85.d.ts

@@ -1,95 +0,0 @@
-import { SecurityConfig } from "./config.default-D8v08Vox.js";
-import { HttpClientOptions, HttpClientRequestURL, HttpClientResponse } from "./safe_curl-mqZZv_YQ.js";
-import { Context, Response } from "egg";
-
-//#region src/app/extend/response.d.ts
-declare class SecurityResponse extends Response {
-  ctx: SecurityContext;
-  /**
-   * This is an unsafe redirection, and we WON'T check if the
-   * destination url is safe or not.
-   * Please DO NOT use this method unless in some very special cases,
-   * otherwise there may be security vulnerabilities.
-   *
-   * @function Response#unsafeRedirect
-   * @param {String} url URL to forward
-   * @example
-   * ```js
-   * ctx.response.unsafeRedirect('http://www.domain.com');
-   * ctx.unsafeRedirect('http://www.domain.com');
-   * ```
-   */
-  unsafeRedirect(url: string, alt?: string): void;
-  /**
-   * A safe redirection, and we'll check if the URL is in
-   * a safe domain or not.
-   * We've overridden the default Koa's implementation by adding a
-   * white list as the filter for that.
-   *
-   * @function Response#redirect
-   * @param {String} url URL to forward
-   * @example
-   * ```js
-   * ctx.response.redirect('/login');
-   * ctx.redirect('/login');
-   * ```
-   */
-  redirect(url: string, alt?: string): void;
-}
-//#endregion
-//#region src/app/extend/context.d.ts
-declare const CSRF_SECRET: unique symbol;
-declare const LOG_CSRF_NOTICE: unique symbol;
-declare const INPUT_TOKEN: unique symbol;
-declare const CSRF_REFERER_CHECK: unique symbol;
-declare const CSRF_CTOKEN_CHECK: unique symbol;
-declare class SecurityContext extends Context {
-  response: SecurityResponse;
-  get securityOptions(): Partial<SecurityConfig>;
-  /**
-   * Check whether the specific `domain` is in / matches the whiteList or not.
-   * @param {string} domain The assigned domain.
-   * @param {Array<string>} [customWhiteList] The custom white list for domain.
-   * @return {boolean} If the domain is in / matches the whiteList, return true;
-   * otherwise false.
-   */
-  isSafeDomain(domain: string, customWhiteList?: string[]): boolean;
-  get nonce(): string;
-  /**
-   * get csrf token, general use in template
-   * @return {String} csrf token
-   * @public
-   */
-  get csrf(): string;
-  /**
-   * get csrf secret from session or cookie
-   * @return {String} csrf secret
-   * @private
-   */
-  get [CSRF_SECRET](): string;
-  /**
-   * ensure csrf secret exists in session or cookie.
-   * @param {Boolean} [rotate] reset secret even if the secret exists
-   * @public
-   */
-  ensureCsrfSecret(rotate?: boolean): void;
-  get [INPUT_TOKEN](): string;
-  /**
-   * rotate csrf secret exists in session or cookie.
-   * must rotate the secret when user login
-   * @public
-   */
-  rotateCsrfSecret(): void;
-  /**
-   * assert csrf token/referer is present
-   * @public
-   */
-  assertCsrf(): void;
-  [CSRF_CTOKEN_CHECK](): "missing csrf token" | "invalid csrf token" | undefined;
-  [CSRF_REFERER_CHECK](): "missing csrf referer or origin" | "invalid csrf referer or origin" | undefined;
-  [LOG_CSRF_NOTICE](msg: string): void;
-  safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
-  unsafeRedirect(url: string, alt?: string): void;
-}
-//#endregion
-export { SecurityContext, SecurityResponse };

package/dist/context-e-QJTKfq.js

@@ -1,191 +0,0 @@
-import { checkIfIgnore, getFromUrl, isSafeDomain } from "./utils-Cajs5P8M.js";
-import { Context } from "egg";
-import { debuglog } from "node:util";
-import { nanoid } from "nanoid/non-secure";
-import Tokens from "csrf";
-
-//#region src/app/extend/context.ts
-const debug = debuglog("egg/security/app/extend/context");
-const tokens = new Tokens();
-const CSRF_SECRET = Symbol("egg-security#CSRF_SECRET");
-const _CSRF_SECRET = Symbol("egg-security#_CSRF_SECRET");
-const NEW_CSRF_SECRET = Symbol("egg-security#NEW_CSRF_SECRET");
-const LOG_CSRF_NOTICE = Symbol("egg-security#LOG_CSRF_NOTICE");
-const INPUT_TOKEN = Symbol("egg-security#INPUT_TOKEN");
-const NONCE_CACHE = Symbol("egg-security#NONCE_CACHE");
-const SECURITY_OPTIONS = Symbol("egg-security#SECURITY_OPTIONS");
-const CSRF_REFERER_CHECK = Symbol("egg-security#CSRF_REFERER_CHECK");
-const CSRF_CTOKEN_CHECK = Symbol("egg-security#CSRF_CTOKEN_CHECK");
-function findToken(obj, keys) {
-	if (!obj) return;
-	if (!keys || !keys.length) return;
-	if (typeof keys === "string") return obj[keys];
-	for (const key of keys) if (obj[key]) return obj[key];
-}
-var SecurityContext = class extends Context {
-	get securityOptions() {
-		if (!this[SECURITY_OPTIONS]) this[SECURITY_OPTIONS] = {};
-		return this[SECURITY_OPTIONS];
-	}
-	/**
-	* Check whether the specific `domain` is in / matches the whiteList or not.
-	* @param {string} domain The assigned domain.
-	* @param {Array<string>} [customWhiteList] The custom white list for domain.
-	* @return {boolean} If the domain is in / matches the whiteList, return true;
-	* otherwise false.
-	*/
-	isSafeDomain(domain, customWhiteList) {
-		const domainWhiteList = customWhiteList && customWhiteList.length > 0 ? customWhiteList : this.app.config.security.domainWhiteList;
-		return isSafeDomain(domain, domainWhiteList);
-	}
-	get nonce() {
-		if (!this[NONCE_CACHE]) this[NONCE_CACHE] = nanoid(16);
-		return this[NONCE_CACHE];
-	}
-	/**
-	* get csrf token, general use in template
-	* @return {String} csrf token
-	* @public
-	*/
-	get csrf() {
-		const secret = this[NEW_CSRF_SECRET] || this[CSRF_SECRET];
-		debug("get csrf token, NEW_CSRF_SECRET: %s, _CSRF_SECRET: %s", this[NEW_CSRF_SECRET], this[CSRF_SECRET]);
-		return secret ? tokens.create(secret) : "";
-	}
-	/**
-	* get csrf secret from session or cookie
-	* @return {String} csrf secret
-	* @private
-	*/
-	get [CSRF_SECRET]() {
-		if (this[_CSRF_SECRET]) return this[_CSRF_SECRET];
-		let { useSession, sessionName, cookieName: cookieNames, cookieOptions } = this.app.config.security.csrf;
-		if (useSession) this[_CSRF_SECRET] = this.session[sessionName] || "";
-		else {
-			if (!Array.isArray(cookieNames)) cookieNames = [cookieNames];
-			for (const cookieName of cookieNames) {
-				this[_CSRF_SECRET] = this.cookies.get(cookieName, { signed: cookieOptions.signed }) || "";
-				if (this[_CSRF_SECRET]) break;
-			}
-		}
-		return this[_CSRF_SECRET];
-	}
-	/**
-	* ensure csrf secret exists in session or cookie.
-	* @param {Boolean} [rotate] reset secret even if the secret exists
-	* @public
-	*/
-	ensureCsrfSecret(rotate) {
-		if (this[CSRF_SECRET] && !rotate) return;
-		debug("ensure csrf secret, exists: %s, rotate; %s", this[CSRF_SECRET], rotate);
-		const secret = tokens.secretSync();
-		this[NEW_CSRF_SECRET] = secret;
-		let { useSession, sessionName, cookieDomain, cookieName: cookieNames, cookieOptions } = this.app.config.security.csrf;
-		if (useSession) this.session[sessionName] = secret;
-		else {
-			if (typeof cookieDomain === "function") cookieDomain = cookieDomain(this);
-			const cookieOpts = {
-				domain: cookieDomain,
-				...cookieOptions
-			};
-			if (!Array.isArray(cookieNames)) cookieNames = [cookieNames];
-			for (const cookieName of cookieNames) this.cookies.set(cookieName, secret, cookieOpts);
-		}
-	}
-	get [INPUT_TOKEN]() {
-		const { headerName, bodyName, queryName } = this.app.config.security.csrf;
-		const token = findToken(this.request.query, queryName) || findToken(this.request.body, bodyName) || headerName && this.request.get(headerName);
-		debug("get token: %j, secret: %j", token, this[CSRF_SECRET]);
-		return token;
-	}
-	/**
-	* rotate csrf secret exists in session or cookie.
-	* must rotate the secret when user login
-	* @public
-	*/
-	rotateCsrfSecret() {
-		if (!this[NEW_CSRF_SECRET] && this[CSRF_SECRET]) this.ensureCsrfSecret(true);
-	}
-	/**
-	* assert csrf token/referer is present
-	* @public
-	*/
-	assertCsrf() {
-		if (checkIfIgnore(this.app.config.security.csrf, this)) {
-			debug("%s, ignore by csrf options", this.path);
-			return;
-		}
-		const { type } = this.app.config.security.csrf;
-		let message;
-		const messages = [];
-		switch (type) {
-			case "ctoken":
-				message = this[CSRF_CTOKEN_CHECK]();
-				if (message) this.throw(403, message);
-				break;
-			case "referer":
-				message = this[CSRF_REFERER_CHECK]();
-				if (message) this.throw(403, message);
-				break;
-			case "all":
-				message = this[CSRF_CTOKEN_CHECK]();
-				if (message) this.throw(403, message);
-				message = this[CSRF_REFERER_CHECK]();
-				if (message) this.throw(403, message);
-				break;
-			case "any":
-				message = this[CSRF_CTOKEN_CHECK]();
-				if (!message) return;
-				messages.push(message);
-				message = this[CSRF_REFERER_CHECK]();
-				if (!message) return;
-				messages.push(message);
-				this.throw(403, `both ctoken and referer check error: ${messages.join(", ")}`);
-				break;
-			default: this.throw(`invalid type ${type}`);
-		}
-	}
-	[CSRF_CTOKEN_CHECK]() {
-		if (!this[CSRF_SECRET]) {
-			debug("missing csrf token");
-			this[LOG_CSRF_NOTICE]("missing csrf token");
-			return "missing csrf token";
-		}
-		const token = this[INPUT_TOKEN];
-		if (token !== this[CSRF_SECRET] && !tokens.verify(this[CSRF_SECRET], token)) {
-			debug("verify secret and token error");
-			this[LOG_CSRF_NOTICE]("invalid csrf token");
-			const { rotateWhenInvalid } = this.app.config.security.csrf;
-			if (rotateWhenInvalid) this.rotateCsrfSecret();
-			return "invalid csrf token";
-		}
-	}
-	[CSRF_REFERER_CHECK]() {
-		const { refererWhiteList } = this.app.config.security.csrf;
-		const referer = (this.headers.referer ?? this.headers.origin ?? "").toLowerCase();
-		if (!referer) {
-			debug("missing csrf referer or origin");
-			this[LOG_CSRF_NOTICE]("missing csrf referer or origin");
-			return "missing csrf referer or origin";
-		}
-		const host = getFromUrl(referer, "host");
-		const domainList = refererWhiteList.concat(this.host);
-		if (!host || !isSafeDomain(host, domainList)) {
-			debug("verify referer or origin error");
-			this[LOG_CSRF_NOTICE]("invalid csrf referer or origin");
-			return "invalid csrf referer or origin";
-		}
-	}
-	[LOG_CSRF_NOTICE](msg) {
-		if (this.app.config.env === "local") this.logger.warn(`${msg}. See https://eggjs.org/zh-CN/core/security/#%E5%AE%89%E5%85%A8%E5%A8%81%E8%83%81-csrf-%E7%9A%84%E9%98%B2%E8%8C%83`);
-	}
-	async safeCurl(url, options) {
-		return await this.app.safeCurl(url, options);
-	}
-	unsafeRedirect(url, alt) {
-		this.response.unsafeRedirect(url, alt);
-	}
-};
-
-//#endregion
-export { SecurityContext };

package/dist/csp-BW5AJd_f.js

@@ -1,46 +0,0 @@
-import { checkIfIgnore } from "./utils-Cajs5P8M.js";
-import extend from "extend";
-
-//#region src/lib/middlewares/csp.ts
-const HEADER = ["x-content-security-policy", "content-security-policy"];
-const REPORT_ONLY_HEADER = ["x-content-security-policy-report-only", "content-security-policy-report-only"];
-const MSIE_REGEXP = / MSIE /i;
-var csp_default = (options) => {
-	return async function csp(ctx, next) {
-		await next();
-		const opts = {
-			...options,
-			...ctx.securityOptions.csp
-		};
-		if (checkIfIgnore(opts, ctx)) return;
-		let finalHeader;
-		const matchedOption = extend(true, {}, opts.policy);
-		const bufArray = [];
-		const headers = opts.reportOnly ? REPORT_ONLY_HEADER : HEADER;
-		if (opts.supportIE && MSIE_REGEXP.test(ctx.get("user-agent"))) finalHeader = headers[0];
-		else finalHeader = headers[1];
-		for (const key in matchedOption) {
-			const value = matchedOption[key];
-			if (key === "sandbox" && value === true) bufArray.push(key);
-			else {
-				let values = Array.isArray(value) ? value : [value];
-				if (key === "script-src") {
-					if (!values.some(function(val) {
-						return val.indexOf("nonce-") !== -1;
-					})) values.push("'nonce-" + ctx.nonce + "'");
-				}
-				values = values.map(function(d) {
-					if (d.startsWith(".")) d = "*" + d;
-					return d;
-				});
-				bufArray.push(key + " " + values.join(" "));
-			}
-		}
-		const headerString = bufArray.join(";");
-		ctx.set(finalHeader, headerString);
-		ctx.set("x-csp-nonce", ctx.nonce);
-	};
-};
-
-//#endregion
-export { csp_default };

package/dist/csrf-9aSLHiby.js

@@ -1,33 +0,0 @@
-import { checkIfIgnore } from "./utils-Cajs5P8M.js";
-import { debuglog } from "node:util";
-import typeis from "type-is";
-
-//#region src/lib/middlewares/csrf.ts
-const debug = debuglog("egg/security/lib/middlewares/csrf");
-var csrf_default = (options) => {
-	return function csrf(ctx, next) {
-		if (checkIfIgnore(options, ctx)) return next();
-		if ([
-			"any",
-			"all",
-			"ctoken"
-		].includes(options.type)) ctx.ensureCsrfSecret();
-		const method = ctx.method;
-		let isSupported = false;
-		for (const eachRule of options.supportedRequests) if (eachRule.path.test(ctx.path)) {
-			if (eachRule.methods.includes(method)) {
-				isSupported = true;
-				break;
-			}
-		}
-		if (!isSupported) return next();
-		if (options.ignoreJSON && typeis.is(ctx.get("content-type"), "json")) return next();
-		const body = ctx.request.body;
-		debug("%s %s, got %j", ctx.method, ctx.url, body);
-		ctx.assertCsrf();
-		return next();
-	};
-};
-
-//#endregion
-export { csrf_default };

package/dist/dta-DVAKEpJ3.js

@@ -1,13 +0,0 @@
-import { isSafePath } from "./utils-Cajs5P8M.js";
-
-//#region src/lib/middlewares/dta.ts
-var dta_default = () => {
-	return function dta(ctx, next) {
-		const path = ctx.path;
-		if (!isSafePath(path, ctx)) ctx.throw(400);
-		return next();
-	};
-};
-
-//#endregion
-export { dta_default };

package/dist/escape-Dex_Pk9e.d.ts

@@ -1,2 +0,0 @@
-import escapeHTML$1 from "escape-html";
-export { escapeHTML$1 as escapeHTML };

package/dist/escape-p8-cW8c_.js

@@ -1,7 +0,0 @@
-import escapeHTML from "escape-html";
-
-//#region src/lib/helper/escape.ts
-var escape_default = escapeHTML;
-
-//#endregion
-export { escape_default };

package/dist/escapeShellArg-BnzDicAC.d.ts

@@ -1,4 +0,0 @@
-//#region src/lib/helper/escapeShellArg.d.ts
-declare function escapeShellArg(text: string): string;
-//#endregion
-export { escapeShellArg };

package/dist/escapeShellArg-C0v1ZeCl.js

@@ -1,7 +0,0 @@
-//#region src/lib/helper/escapeShellArg.ts
-function escapeShellArg(text) {
-	return "'" + ("" + text).replace(/\\/g, "\\\\").replace(/'/g, "\\'") + "'";
-}
-
-//#endregion
-export { escapeShellArg };

package/dist/escapeShellCmd-CkAdyhtO.js

@@ -1,15 +0,0 @@
-//#region src/lib/helper/escapeShellCmd.ts
-const BASIC_ALPHABETS = new Set("#&;`|*?~<>^()[]{}$;'\",\nÿ".split(""));
-function escapeShellCmd(text) {
-	const str = "" + text;
-	let res = "";
-	let ascii;
-	for (let index = 0; index < str.length; index++) {
-		ascii = str[index];
-		if (!BASIC_ALPHABETS.has(ascii)) res += ascii;
-	}
-	return res;
-}
-
-//#endregion
-export { escapeShellCmd };

package/dist/escapeShellCmd-DQZZIHde.d.ts

@@ -1,4 +0,0 @@
-//#region src/lib/helper/escapeShellCmd.d.ts
-declare function escapeShellCmd(text: string): string;
-//#endregion
-export { escapeShellCmd };

package/dist/helper-DylzfQ_5.js

@@ -1,25 +0,0 @@
-import { cliFilter } from "./cliFilter-7BSD8Nc_.js";
-import { escape_default } from "./escape-p8-cW8c_.js";
-import { escapeShellArg } from "./escapeShellArg-C0v1ZeCl.js";
-import { escapeShellCmd } from "./escapeShellCmd-CkAdyhtO.js";
-import { shtml } from "./shtml-CgF4kOx-.js";
-import { escapeJavaScript } from "./sjs-Cbmkk5xS.js";
-import { jsonEscape } from "./sjson-BetFnVR6.js";
-import { pathFilter } from "./spath-Bu9sy6Kz.js";
-import { surl } from "./surl-ClleTea7.js";
-
-//#region src/lib/helper/index.ts
-var helper_default = {
-	cliFilter,
-	escape: escape_default,
-	escapeShellArg,
-	escapeShellCmd,
-	shtml,
-	sjs: escapeJavaScript,
-	sjson: jsonEscape,
-	spath: pathFilter,
-	surl
-};
-
-//#endregion
-export { helper_default };

package/dist/hsts-CWMKNTEh.js

@@ -1,19 +0,0 @@
-import { checkIfIgnore } from "./utils-Cajs5P8M.js";
-
-//#region src/lib/middlewares/hsts.ts
-var hsts_default = (options) => {
-	return async function hsts(ctx, next) {
-		await next();
-		const opts = {
-			...options,
-			...ctx.securityOptions.hsts
-		};
-		if (checkIfIgnore(opts, ctx)) return;
-		let val = `max-age=${opts.maxAge}`;
-		if (opts.includeSubdomains) val = `${val}; includeSubdomains`;
-		ctx.set("strict-transport-security", val);
-	};
-};
-
-//#endregion
-export { hsts_default };

package/dist/methodnoallow-BAZONArS.js

@@ -1,15 +0,0 @@
-import { METHODS } from "node:http";
-
-//#region src/lib/middlewares/methodnoallow.ts
-const METHODS_NOT_ALLOWED = ["TRACE", "TRACK"];
-const safeHttpMethodsMap = {};
-for (const method of METHODS) if (!METHODS_NOT_ALLOWED.includes(method)) safeHttpMethodsMap[method.toUpperCase()] = true;
-var methodnoallow_default = () => {
-	return function notAllow(ctx, next) {
-		if (!safeHttpMethodsMap[ctx.method]) ctx.throw(405);
-		return next();
-	};
-};
-
-//#endregion
-export { methodnoallow_default };

package/dist/middlewares-CkQjv8t0.js

@@ -1,27 +0,0 @@
-import { csp_default } from "./csp-BW5AJd_f.js";
-import { csrf_default } from "./csrf-9aSLHiby.js";
-import { dta_default } from "./dta-DVAKEpJ3.js";
-import { hsts_default } from "./hsts-CWMKNTEh.js";
-import { methodnoallow_default } from "./methodnoallow-BAZONArS.js";
-import { noopen_default } from "./noopen-C3jUBwoH.js";
-import { nosniff_default } from "./nosniff-CcLkhX2I.js";
-import { referrerPolicy_default } from "./referrerPolicy-D4Uafq6c.js";
-import { xframe_default } from "./xframe-q9fEZkVI.js";
-import { xssProtection_default } from "./xssProtection-D5QsHX-e.js";
-
-//#region src/lib/middlewares/index.ts
-var middlewares_default = {
-	csp: csp_default,
-	csrf: csrf_default,
-	dta: dta_default,
-	hsts: hsts_default,
-	methodnoallow: methodnoallow_default,
-	noopen: noopen_default,
-	nosniff: nosniff_default,
-	referrerPolicy: referrerPolicy_default,
-	xframe: xframe_default,
-	xssProtection: xssProtection_default
-};
-
-//#endregion
-export { middlewares_default };

package/dist/noopen-C3jUBwoH.js

@@ -1,17 +0,0 @@
-import { checkIfIgnore } from "./utils-Cajs5P8M.js";
-
-//#region src/lib/middlewares/noopen.ts
-var noopen_default = (options) => {
-	return async function noopen(ctx, next) {
-		await next();
-		const opts = {
-			...options,
-			...ctx.securityOptions.noopen
-		};
-		if (checkIfIgnore(opts, ctx)) return;
-		ctx.set("x-download-options", "noopen");
-	};
-};
-
-//#endregion
-export { noopen_default };

package/dist/nosniff-CcLkhX2I.js

@@ -1,27 +0,0 @@
-import { checkIfIgnore } from "./utils-Cajs5P8M.js";
-
-//#region src/lib/middlewares/nosniff.ts
-const RedirectStatus = {
-	300: true,
-	301: true,
-	302: true,
-	303: true,
-	305: true,
-	307: true,
-	308: true
-};
-var nosniff_default = (options) => {
-	return async function nosniff(ctx, next) {
-		await next();
-		if (RedirectStatus[ctx.status]) return;
-		const opts = {
-			...options,
-			...ctx.securityOptions.nosniff
-		};
-		if (checkIfIgnore(opts, ctx)) return;
-		ctx.set("x-content-type-options", "nosniff");
-	};
-};
-
-//#endregion
-export { nosniff_default };

package/dist/referrerPolicy-D4Uafq6c.js

@@ -1,31 +0,0 @@
-import { checkIfIgnore } from "./utils-Cajs5P8M.js";
-
-//#region src/lib/middlewares/referrerPolicy.ts
-const ALLOWED_POLICIES_ENUM = [
-	"no-referrer",
-	"no-referrer-when-downgrade",
-	"origin",
-	"origin-when-cross-origin",
-	"same-origin",
-	"strict-origin",
-	"strict-origin-when-cross-origin",
-	"unsafe-url",
-	""
-];
-var referrerPolicy_default = (options) => {
-	return async function referrerPolicy(ctx, next) {
-		await next();
-		const opts = {
-			...options,
-			...ctx.securityOptions.refererPolicy,
-			...ctx.securityOptions.referrerPolicy
-		};
-		if (checkIfIgnore(opts, ctx)) return;
-		const policy = opts.value;
-		if (!ALLOWED_POLICIES_ENUM.includes(policy)) throw new Error(`"${policy}" is not available.`);
-		ctx.set("referrer-policy", policy);
-	};
-};
-
-//#endregion
-export { referrerPolicy_default };

package/dist/response-BFnHAJrV.js

@@ -1,69 +0,0 @@
-import { Response } from "egg";
-
-//#region src/app/extend/response.ts
-const unsafeRedirect = Response.prototype.redirect;
-var SecurityResponse = class extends Response {
-	/**
-	* This is an unsafe redirection, and we WON'T check if the
-	* destination url is safe or not.
-	* Please DO NOT use this method unless in some very special cases,
-	* otherwise there may be security vulnerabilities.
-	*
-	* @function Response#unsafeRedirect
-	* @param {String} url URL to forward
-	* @example
-	* ```js
-	* ctx.response.unsafeRedirect('http://www.domain.com');
-	* ctx.unsafeRedirect('http://www.domain.com');
-	* ```
-	*/
-	unsafeRedirect(url, alt) {
-		unsafeRedirect.call(this, url, alt);
-	}
-	/**
-	* A safe redirection, and we'll check if the URL is in
-	* a safe domain or not.
-	* We've overridden the default Koa's implementation by adding a
-	* white list as the filter for that.
-	*
-	* @function Response#redirect
-	* @param {String} url URL to forward
-	* @example
-	* ```js
-	* ctx.response.redirect('/login');
-	* ctx.redirect('/login');
-	* ```
-	*/
-	redirect(url, alt) {
-		url = (url || "/").trim();
-		if (url[0] === "/" && url[1] === "/") url = "/";
-		if (url[0] === "/" && url[1] !== "\\") {
-			this.unsafeRedirect(url, alt);
-			return;
-		}
-		let urlObject;
-		try {
-			urlObject = new URL(url);
-		} catch {
-			url = "/";
-			this.unsafeRedirect(url);
-			return;
-		}
-		const domainWhiteList = this.app.config.security.domainWhiteList;
-		if (urlObject.protocol !== "http:" && urlObject.protocol !== "https:") url = "/";
-		else if (!urlObject.hostname) url = "/";
-		else if (domainWhiteList && domainWhiteList.length !== 0) {
-			if (!this.ctx.isSafeDomain(urlObject.hostname)) {
-				const message = `a security problem has been detected for url "${url}", redirection is prohibited.`;
-				if (process.env.NODE_ENV === "production") {
-					this.app.coreLogger.warn("[@eggjs/security/response/redirect] %s", message);
-					url = "/";
-				} else return this.ctx.throw(500, message);
-			}
-		}
-		this.unsafeRedirect(url);
-	}
-};
-
-//#endregion
-export { SecurityResponse };