@lolyjs/core 0.2.0-alpha.10 → 0.2.0-alpha.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.cjs +39 -24
- package/dist/cli.cjs.map +1 -1
- package/dist/cli.js +39 -24
- package/dist/cli.js.map +1 -1
- package/dist/index.cjs +39 -24
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +39 -24
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/cli.cjs
CHANGED
|
@@ -4900,7 +4900,11 @@ var setupApplication = async ({
|
|
|
4900
4900
|
helmetConfig.contentSecurityPolicy = {
|
|
4901
4901
|
directives: {
|
|
4902
4902
|
defaultSrc: ["'self'"],
|
|
4903
|
-
styleSrc: [
|
|
4903
|
+
styleSrc: [
|
|
4904
|
+
"'self'",
|
|
4905
|
+
"'unsafe-inline'",
|
|
4906
|
+
"https://fonts.googleapis.com"
|
|
4907
|
+
],
|
|
4904
4908
|
scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
|
|
4905
4909
|
imgSrc: ["'self'", "data:", "https:"],
|
|
4906
4910
|
// Allow fetch/XHR to any HTTPS endpoint - users can restrict in their config if needed
|
|
@@ -4917,7 +4921,11 @@ var setupApplication = async ({
|
|
|
4917
4921
|
const defaultCSP = {
|
|
4918
4922
|
directives: {
|
|
4919
4923
|
defaultSrc: ["'self'"],
|
|
4920
|
-
styleSrc: [
|
|
4924
|
+
styleSrc: [
|
|
4925
|
+
"'self'",
|
|
4926
|
+
"'unsafe-inline'",
|
|
4927
|
+
"https://fonts.googleapis.com"
|
|
4928
|
+
],
|
|
4921
4929
|
scriptSrc: ["'self'", nonceFunction],
|
|
4922
4930
|
imgSrc: ["'self'", "data:", "https:"],
|
|
4923
4931
|
// Allow fetch/XHR to any HTTPS endpoint - users can restrict in their config if needed
|
|
@@ -4940,10 +4948,7 @@ var setupApplication = async ({
|
|
|
4940
4948
|
(src) => typeof src === "function"
|
|
4941
4949
|
);
|
|
4942
4950
|
if (!hasNonceSupport) {
|
|
4943
|
-
mergedDirectives.scriptSrc = [
|
|
4944
|
-
...userScriptSrc,
|
|
4945
|
-
nonceFunction
|
|
4946
|
-
];
|
|
4951
|
+
mergedDirectives.scriptSrc = [...userScriptSrc, nonceFunction];
|
|
4947
4952
|
} else {
|
|
4948
4953
|
mergedDirectives.scriptSrc = userScriptSrc;
|
|
4949
4954
|
}
|
|
@@ -4951,19 +4956,25 @@ var setupApplication = async ({
|
|
|
4951
4956
|
const userConnectSrc = userDirectives.connectSrc;
|
|
4952
4957
|
if (userConnectSrc && Array.isArray(userConnectSrc)) {
|
|
4953
4958
|
const defaultConnectSrc = defaultCSP.directives.connectSrc || [];
|
|
4954
|
-
const mergedConnectSrc = [
|
|
4959
|
+
const mergedConnectSrc = [
|
|
4960
|
+
.../* @__PURE__ */ new Set([...defaultConnectSrc, ...userConnectSrc])
|
|
4961
|
+
];
|
|
4955
4962
|
mergedDirectives.connectSrc = mergedConnectSrc;
|
|
4956
4963
|
}
|
|
4957
4964
|
const userStyleSrc = userDirectives.styleSrc;
|
|
4958
4965
|
if (userStyleSrc && Array.isArray(userStyleSrc)) {
|
|
4959
4966
|
const defaultStyleSrc = defaultCSP.directives.styleSrc || [];
|
|
4960
|
-
const mergedStyleSrc = [
|
|
4967
|
+
const mergedStyleSrc = [
|
|
4968
|
+
.../* @__PURE__ */ new Set([...defaultStyleSrc, ...userStyleSrc])
|
|
4969
|
+
];
|
|
4961
4970
|
mergedDirectives.styleSrc = mergedStyleSrc;
|
|
4962
4971
|
}
|
|
4963
4972
|
const userFontSrc = userDirectives.fontSrc;
|
|
4964
4973
|
if (userFontSrc && Array.isArray(userFontSrc)) {
|
|
4965
4974
|
const defaultFontSrc = defaultCSP.directives.fontSrc || [];
|
|
4966
|
-
const mergedFontSrc = [
|
|
4975
|
+
const mergedFontSrc = [
|
|
4976
|
+
.../* @__PURE__ */ new Set([...defaultFontSrc, ...userFontSrc])
|
|
4977
|
+
];
|
|
4967
4978
|
mergedDirectives.fontSrc = mergedFontSrc;
|
|
4968
4979
|
}
|
|
4969
4980
|
helmetConfig.contentSecurityPolicy = {
|
|
@@ -4983,23 +4994,27 @@ var setupApplication = async ({
|
|
|
4983
4994
|
helmetConfig.hsts = false;
|
|
4984
4995
|
}
|
|
4985
4996
|
if (process.env.NODE_ENV !== "development" && security?.contentSecurityPolicy !== false) {
|
|
4986
|
-
app.use(
|
|
4987
|
-
|
|
4988
|
-
|
|
4989
|
-
|
|
4990
|
-
|
|
4997
|
+
app.use(
|
|
4998
|
+
(req, res, next) => {
|
|
4999
|
+
const nonce = import_crypto.default.randomBytes(16).toString("base64");
|
|
5000
|
+
res.locals.nonce = nonce;
|
|
5001
|
+
next();
|
|
5002
|
+
}
|
|
5003
|
+
);
|
|
4991
5004
|
}
|
|
4992
5005
|
app.use((0, import_helmet.default)(helmetConfig));
|
|
4993
5006
|
const appLogger = createModuleLogger("framework");
|
|
4994
|
-
app.use(
|
|
4995
|
-
|
|
4996
|
-
|
|
4997
|
-
|
|
4998
|
-
|
|
4999
|
-
|
|
5000
|
-
|
|
5001
|
-
|
|
5002
|
-
|
|
5007
|
+
app.use(
|
|
5008
|
+
requestLoggerMiddleware({
|
|
5009
|
+
logger: appLogger.child({ component: "server" }),
|
|
5010
|
+
logRequests: process.env.LOG_REQUESTS === "true",
|
|
5011
|
+
// Default to false (only errors/warnings)
|
|
5012
|
+
logResponses: process.env.LOG_RESPONSES !== "false",
|
|
5013
|
+
// Default to true (but filtered)
|
|
5014
|
+
logStaticAssets: process.env.LOG_STATIC_ASSETS === "true"
|
|
5015
|
+
// Default to false
|
|
5016
|
+
})
|
|
5017
|
+
);
|
|
5003
5018
|
const corsOptions = {
|
|
5004
5019
|
credentials: true
|
|
5005
5020
|
};
|
|
@@ -5015,7 +5030,7 @@ var setupApplication = async ({
|
|
|
5015
5030
|
corsOptions.origin = process.env.NODE_ENV === "development";
|
|
5016
5031
|
}
|
|
5017
5032
|
app.use((0, import_cors.default)(corsOptions));
|
|
5018
|
-
if (rateLimit2) {
|
|
5033
|
+
if (rateLimit2 && process.env.NODE_ENV !== "development") {
|
|
5019
5034
|
const generalLimiter = createRateLimiter({
|
|
5020
5035
|
windowMs: rateLimit2.windowMs,
|
|
5021
5036
|
max: rateLimit2.max
|