@lolyjs/core 0.2.0-alpha.10 → 0.2.0-alpha.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.cjs +39 -24
- package/dist/cli.cjs.map +1 -1
- package/dist/cli.js +39 -24
- package/dist/cli.js.map +1 -1
- package/dist/index.cjs +39 -24
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +39 -24
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -4657,7 +4657,11 @@ var setupApplication = async ({
|
|
|
4657
4657
|
helmetConfig.contentSecurityPolicy = {
|
|
4658
4658
|
directives: {
|
|
4659
4659
|
defaultSrc: ["'self'"],
|
|
4660
|
-
styleSrc: [
|
|
4660
|
+
styleSrc: [
|
|
4661
|
+
"'self'",
|
|
4662
|
+
"'unsafe-inline'",
|
|
4663
|
+
"https://fonts.googleapis.com"
|
|
4664
|
+
],
|
|
4661
4665
|
scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
|
|
4662
4666
|
imgSrc: ["'self'", "data:", "https:"],
|
|
4663
4667
|
// Allow fetch/XHR to any HTTPS endpoint - users can restrict in their config if needed
|
|
@@ -4674,7 +4678,11 @@ var setupApplication = async ({
|
|
|
4674
4678
|
const defaultCSP = {
|
|
4675
4679
|
directives: {
|
|
4676
4680
|
defaultSrc: ["'self'"],
|
|
4677
|
-
styleSrc: [
|
|
4681
|
+
styleSrc: [
|
|
4682
|
+
"'self'",
|
|
4683
|
+
"'unsafe-inline'",
|
|
4684
|
+
"https://fonts.googleapis.com"
|
|
4685
|
+
],
|
|
4678
4686
|
scriptSrc: ["'self'", nonceFunction],
|
|
4679
4687
|
imgSrc: ["'self'", "data:", "https:"],
|
|
4680
4688
|
// Allow fetch/XHR to any HTTPS endpoint - users can restrict in their config if needed
|
|
@@ -4697,10 +4705,7 @@ var setupApplication = async ({
|
|
|
4697
4705
|
(src) => typeof src === "function"
|
|
4698
4706
|
);
|
|
4699
4707
|
if (!hasNonceSupport) {
|
|
4700
|
-
mergedDirectives.scriptSrc = [
|
|
4701
|
-
...userScriptSrc,
|
|
4702
|
-
nonceFunction
|
|
4703
|
-
];
|
|
4708
|
+
mergedDirectives.scriptSrc = [...userScriptSrc, nonceFunction];
|
|
4704
4709
|
} else {
|
|
4705
4710
|
mergedDirectives.scriptSrc = userScriptSrc;
|
|
4706
4711
|
}
|
|
@@ -4708,19 +4713,25 @@ var setupApplication = async ({
|
|
|
4708
4713
|
const userConnectSrc = userDirectives.connectSrc;
|
|
4709
4714
|
if (userConnectSrc && Array.isArray(userConnectSrc)) {
|
|
4710
4715
|
const defaultConnectSrc = defaultCSP.directives.connectSrc || [];
|
|
4711
|
-
const mergedConnectSrc = [
|
|
4716
|
+
const mergedConnectSrc = [
|
|
4717
|
+
.../* @__PURE__ */ new Set([...defaultConnectSrc, ...userConnectSrc])
|
|
4718
|
+
];
|
|
4712
4719
|
mergedDirectives.connectSrc = mergedConnectSrc;
|
|
4713
4720
|
}
|
|
4714
4721
|
const userStyleSrc = userDirectives.styleSrc;
|
|
4715
4722
|
if (userStyleSrc && Array.isArray(userStyleSrc)) {
|
|
4716
4723
|
const defaultStyleSrc = defaultCSP.directives.styleSrc || [];
|
|
4717
|
-
const mergedStyleSrc = [
|
|
4724
|
+
const mergedStyleSrc = [
|
|
4725
|
+
.../* @__PURE__ */ new Set([...defaultStyleSrc, ...userStyleSrc])
|
|
4726
|
+
];
|
|
4718
4727
|
mergedDirectives.styleSrc = mergedStyleSrc;
|
|
4719
4728
|
}
|
|
4720
4729
|
const userFontSrc = userDirectives.fontSrc;
|
|
4721
4730
|
if (userFontSrc && Array.isArray(userFontSrc)) {
|
|
4722
4731
|
const defaultFontSrc = defaultCSP.directives.fontSrc || [];
|
|
4723
|
-
const mergedFontSrc = [
|
|
4732
|
+
const mergedFontSrc = [
|
|
4733
|
+
.../* @__PURE__ */ new Set([...defaultFontSrc, ...userFontSrc])
|
|
4734
|
+
];
|
|
4724
4735
|
mergedDirectives.fontSrc = mergedFontSrc;
|
|
4725
4736
|
}
|
|
4726
4737
|
helmetConfig.contentSecurityPolicy = {
|
|
@@ -4740,23 +4751,27 @@ var setupApplication = async ({
|
|
|
4740
4751
|
helmetConfig.hsts = false;
|
|
4741
4752
|
}
|
|
4742
4753
|
if (process.env.NODE_ENV !== "development" && security?.contentSecurityPolicy !== false) {
|
|
4743
|
-
app.use(
|
|
4744
|
-
|
|
4745
|
-
|
|
4746
|
-
|
|
4747
|
-
|
|
4754
|
+
app.use(
|
|
4755
|
+
(req, res, next) => {
|
|
4756
|
+
const nonce = import_crypto.default.randomBytes(16).toString("base64");
|
|
4757
|
+
res.locals.nonce = nonce;
|
|
4758
|
+
next();
|
|
4759
|
+
}
|
|
4760
|
+
);
|
|
4748
4761
|
}
|
|
4749
4762
|
app.use((0, import_helmet.default)(helmetConfig));
|
|
4750
4763
|
const appLogger = createModuleLogger("framework");
|
|
4751
|
-
app.use(
|
|
4752
|
-
|
|
4753
|
-
|
|
4754
|
-
|
|
4755
|
-
|
|
4756
|
-
|
|
4757
|
-
|
|
4758
|
-
|
|
4759
|
-
|
|
4764
|
+
app.use(
|
|
4765
|
+
requestLoggerMiddleware({
|
|
4766
|
+
logger: appLogger.child({ component: "server" }),
|
|
4767
|
+
logRequests: process.env.LOG_REQUESTS === "true",
|
|
4768
|
+
// Default to false (only errors/warnings)
|
|
4769
|
+
logResponses: process.env.LOG_RESPONSES !== "false",
|
|
4770
|
+
// Default to true (but filtered)
|
|
4771
|
+
logStaticAssets: process.env.LOG_STATIC_ASSETS === "true"
|
|
4772
|
+
// Default to false
|
|
4773
|
+
})
|
|
4774
|
+
);
|
|
4760
4775
|
const corsOptions = {
|
|
4761
4776
|
credentials: true
|
|
4762
4777
|
};
|
|
@@ -4772,7 +4787,7 @@ var setupApplication = async ({
|
|
|
4772
4787
|
corsOptions.origin = process.env.NODE_ENV === "development";
|
|
4773
4788
|
}
|
|
4774
4789
|
app.use((0, import_cors.default)(corsOptions));
|
|
4775
|
-
if (rateLimit2) {
|
|
4790
|
+
if (rateLimit2 && process.env.NODE_ENV !== "development") {
|
|
4776
4791
|
const generalLimiter = createRateLimiter({
|
|
4777
4792
|
windowMs: rateLimit2.windowMs,
|
|
4778
4793
|
max: rateLimit2.max
|