@lwrjs/core 0.11.13 → 0.11.14

package/build/cjs/middleware/request-processor-middleware.cjs

@@ -28,11 +28,13 @@ __export(exports, {
 });
 var import_diagnostics = __toModule(require("@lwrjs/diagnostics"));
 var MRT_REQUEST_CLASS = "X-Mobify-Request-Class";
+var FORWARDED = "forwarded";
 var MRT_REQUEST_CLASS_KEY = MRT_REQUEST_CLASS.toLowerCase();
 function requestProcessorMiddleware(app, context) {
   const {basePath} = context.runtimeEnvironment;
-  app.use(async (req, _res, next) => {
+  app.use(async (req, res, next) => {
     let requestClass;
+    let forwarded;
     if (req.headers) {
       if (import_diagnostics.logger.isDebugEnabled()) {
         for (const headerName in req.headers) {
@@ -43,6 +45,11 @@ function requestProcessorMiddleware(app, context) {
         }
       }
       requestClass = req.headers[MRT_REQUEST_CLASS_KEY];
+      forwarded = req.headers[FORWARDED];
+    }
+    if (process.env.BUNDLE_ID && (!req.headers || typeof forwarded !== "string" || forwarded.indexOf("http") !== 0)) {
+      res.status(403).send("Access to this site is restricted to Salesforce-managed domains only.");
+      return;
     }
     if (req.headers && typeof requestClass === "string") {
       const parsedRequestClass = parseRequestClass(requestClass);

package/build/es/middleware/request-processor-middleware.js

@@ -8,11 +8,13 @@
  */
 import { logger } from '@lwrjs/diagnostics';
 const MRT_REQUEST_CLASS = 'X-Mobify-Request-Class';
+const FORWARDED = 'forwarded';
 const MRT_REQUEST_CLASS_KEY = MRT_REQUEST_CLASS.toLowerCase();
 export function requestProcessorMiddleware(app, context) {
     const { basePath } = context.runtimeEnvironment;
-    app.use(async (req, _res, next) => {
+    app.use(async (req, res, next) => {
         let requestClass;
+        let forwarded;
         if (req.headers) {
             // If debug print log all the headers
             if (logger.isDebugEnabled()) {
@@ -25,6 +27,14 @@ export function requestProcessorMiddleware(app, context) {
                 }
             }
             requestClass = req.headers[MRT_REQUEST_CLASS_KEY];
+            forwarded = req.headers[FORWARDED];
+        }
+        // For now if we do not have a forwarded header do not allow us to render this page
+        // BUNDLE_ID is set when on the MRT ENV
+        if (process.env.BUNDLE_ID &&
+            (!req.headers || typeof forwarded !== 'string' || forwarded.indexOf('http') !== 0)) {
+            res.status(403).send('Access to this site is restricted to Salesforce-managed domains only.');
+            return;
         }
         if (req.headers && typeof requestClass === 'string') {
             const parsedRequestClass = parseRequestClass(requestClass);

package/package.json

@@ -4,7 +4,7 @@
     "publishConfig": {
         "access": "public"
     },
-    "version": "0.11.13",
+    "version": "0.11.14",
     "homepage": "https://developer.salesforce.com/docs/platform/lwr/overview",
     "repository": {
         "type": "git",
@@ -39,33 +39,33 @@
         "build": "tsc -b"
     },
     "dependencies": {
-        "@lwrjs/app-service": "0.11.13",
-        "@lwrjs/asset-registry": "0.11.13",
-        "@lwrjs/asset-transformer": "0.11.13",
-        "@lwrjs/base-view-provider": "0.11.13",
-        "@lwrjs/base-view-transformer": "0.11.13",
-        "@lwrjs/client-modules": "0.11.13",
-        "@lwrjs/config": "0.11.13",
-        "@lwrjs/diagnostics": "0.11.13",
-        "@lwrjs/esbuild": "0.11.13",
-        "@lwrjs/fs-asset-provider": "0.11.13",
-        "@lwrjs/fs-watch": "0.11.13",
-        "@lwrjs/html-view-provider": "0.11.13",
-        "@lwrjs/instrumentation": "0.11.13",
-        "@lwrjs/loader": "0.11.13",
-        "@lwrjs/lwc-module-provider": "0.11.13",
-        "@lwrjs/markdown-view-provider": "0.11.13",
-        "@lwrjs/module-bundler": "0.11.13",
-        "@lwrjs/module-registry": "0.11.13",
-        "@lwrjs/npm-module-provider": "0.11.13",
-        "@lwrjs/nunjucks-view-provider": "0.11.13",
-        "@lwrjs/o11y": "0.11.13",
-        "@lwrjs/resource-registry": "0.11.13",
-        "@lwrjs/router": "0.11.13",
-        "@lwrjs/server": "0.11.13",
-        "@lwrjs/shared-utils": "0.11.13",
-        "@lwrjs/static": "0.11.13",
-        "@lwrjs/view-registry": "0.11.13",
+        "@lwrjs/app-service": "0.11.14",
+        "@lwrjs/asset-registry": "0.11.14",
+        "@lwrjs/asset-transformer": "0.11.14",
+        "@lwrjs/base-view-provider": "0.11.14",
+        "@lwrjs/base-view-transformer": "0.11.14",
+        "@lwrjs/client-modules": "0.11.14",
+        "@lwrjs/config": "0.11.14",
+        "@lwrjs/diagnostics": "0.11.14",
+        "@lwrjs/esbuild": "0.11.14",
+        "@lwrjs/fs-asset-provider": "0.11.14",
+        "@lwrjs/fs-watch": "0.11.14",
+        "@lwrjs/html-view-provider": "0.11.14",
+        "@lwrjs/instrumentation": "0.11.14",
+        "@lwrjs/loader": "0.11.14",
+        "@lwrjs/lwc-module-provider": "0.11.14",
+        "@lwrjs/markdown-view-provider": "0.11.14",
+        "@lwrjs/module-bundler": "0.11.14",
+        "@lwrjs/module-registry": "0.11.14",
+        "@lwrjs/npm-module-provider": "0.11.14",
+        "@lwrjs/nunjucks-view-provider": "0.11.14",
+        "@lwrjs/o11y": "0.11.14",
+        "@lwrjs/resource-registry": "0.11.14",
+        "@lwrjs/router": "0.11.14",
+        "@lwrjs/server": "0.11.14",
+        "@lwrjs/shared-utils": "0.11.14",
+        "@lwrjs/static": "0.11.14",
+        "@lwrjs/view-registry": "0.11.14",
         "chokidar": "^3.5.3",
         "esbuild": "^0.9.7",
         "fs-extra": "^11.1.1",
@@ -75,7 +75,7 @@
         "ws": "^8.8.1"
     },
     "devDependencies": {
-        "@lwrjs/types": "0.11.13",
+        "@lwrjs/types": "0.11.14",
         "@types/ws": "^8.5.3"
     },
     "peerDependencies": {
@@ -87,5 +87,5 @@
     "volta": {
         "extends": "../../../package.json"
     },
-    "gitHead": "e91de40d8db1aa100c06a3075cfc4cde950dac5d"
+    "gitHead": "62024bf2f9546aa8532c454bfcbe4c48e32a58a4"
 }