@nuxt/scripts 1.0.0-beta.1 → 1.0.0-beta.3

package/dist/runtime/registry/plausible-analytics.js

@@ -76,8 +76,8 @@ export function useScriptPlausibleAnalytics(_options) {
         },
         clientInit: import.meta.server ? void 0 : () => {
           const w = window;
-          w.plausible = w.plausible || function() {
-            (w.plausible.q = w.plausible.q || []).push(arguments);
+          w.plausible = w.plausible || function(...args) {
+            (w.plausible.q = w.plausible.q || []).push(args);
           };
           w.plausible.init = w.plausible.init || function(i) {
             w.plausible.o = i || {};

package/dist/runtime/registry/posthog.d.ts

@@ -3,6 +3,7 @@ import type { RegistryScriptInput } from '#nuxt-scripts/types';
 export declare const PostHogOptions: import("valibot").ObjectSchema<{
     readonly apiKey: import("valibot").StringSchema<undefined>;
     readonly region: import("valibot").OptionalSchema<import("valibot").UnionSchema<[import("valibot").LiteralSchema<"us", undefined>, import("valibot").LiteralSchema<"eu", undefined>], undefined>, undefined>;
+    readonly apiHost: import("valibot").OptionalSchema<import("valibot").StringSchema<undefined>, undefined>;
     readonly autocapture: import("valibot").OptionalSchema<import("valibot").BooleanSchema<undefined>, undefined>;
     readonly capturePageview: import("valibot").OptionalSchema<import("valibot").BooleanSchema<undefined>, undefined>;
     readonly capturePageleave: import("valibot").OptionalSchema<import("valibot").BooleanSchema<undefined>, undefined>;

package/dist/runtime/registry/posthog.js

@@ -4,6 +4,7 @@ import { logger } from "../logger.js";
 export const PostHogOptions = object({
   apiKey: string(),
   region: optional(union([literal("us"), literal("eu")])),
+  apiHost: optional(string()),
   autocapture: optional(boolean()),
   capturePageview: optional(boolean()),
   capturePageleave: optional(boolean()),
@@ -47,10 +48,8 @@ export function useScriptPostHog(_options) {
           return;
         }
         const region = options?.region || "us";
-        const apiHost = region === "eu" ? "https://eu.i.posthog.com" : "https://us.i.posthog.com";
-        console.log("[PostHog] Starting dynamic import of posthog-js...");
+        const apiHost = options?.apiHost || (region === "eu" ? "https://eu.i.posthog.com" : "https://us.i.posthog.com");
         window.__posthogInitPromise = import("posthog-js").then(({ default: posthog }) => {
-          console.log("[PostHog] posthog-js imported successfully");
           const config = {
             api_host: apiHost,
             ...options?.config
@@ -63,25 +62,20 @@ export function useScriptPostHog(_options) {
             config.capture_pageleave = options.capturePageleave;
           if (typeof options?.disableSessionRecording === "boolean")
             config.disable_session_recording = options.disableSessionRecording;
-          console.log("[PostHog] Calling posthog.init with apiKey:", options.apiKey, "config:", config);
           const instance = posthog.init(options.apiKey, config);
           if (!instance) {
             logger.error("PostHog init returned undefined - initialization failed");
             delete window._posthogQueue;
             return void 0;
           }
-          console.log("[PostHog] posthog.init succeeded, instance:", instance);
           window.posthog = instance;
           if (window._posthogQueue && window._posthogQueue.length > 0) {
-            console.log("[PostHog] Flushing", window._posthogQueue.length, "queued calls");
             window._posthogQueue.forEach((q) => window.posthog[q.prop]?.(...q.args));
             delete window._posthogQueue;
           }
-          console.log("[PostHog] Initialization complete!");
           return window.posthog;
         }).catch((e) => {
           logger.error("Failed to load posthog-js:", e);
-          console.error("[PostHog] Import/init error:", e);
           delete window._posthogQueue;
           return void 0;
         });

package/dist/runtime/registry/tiktok-pixel.d.ts

@@ -32,6 +32,7 @@ export interface TikTokPixelApi {
 }
 declare global {
     interface Window extends TikTokPixelApi {
+        TiktokAnalyticsObject: string;
     }
 }
 export declare const TikTokPixelOptions: import("valibot").ObjectSchema<{

package/dist/runtime/registry/tiktok-pixel.js

@@ -22,6 +22,7 @@ export function useScriptTikTokPixel(_options) {
       }
     },
     clientInit: import.meta.server ? void 0 : () => {
+      window.TiktokAnalyticsObject = "ttq";
       const ttq = window.ttq = function(...params) {
         if (ttq.callMethod) {
           ttq.callMethod(...params);

package/dist/runtime/registry/x-embed.d.ts

@@ -0,0 +1,77 @@
+import type { RegistryScriptInput } from '#nuxt-scripts/types';
+export interface XEmbedTweetData {
+    id_str: string;
+    text: string;
+    created_at: string;
+    favorite_count: number;
+    conversation_count: number;
+    user: {
+        name: string;
+        screen_name: string;
+        profile_image_url_https: string;
+        verified?: boolean;
+        is_blue_verified?: boolean;
+    };
+    entities?: {
+        media?: Array<{
+            media_url_https: string;
+            type: string;
+            sizes: Record<string, {
+                w: number;
+                h: number;
+            }>;
+        }>;
+        urls?: Array<{
+            url: string;
+            expanded_url: string;
+            display_url: string;
+        }>;
+    };
+    photos?: Array<{
+        url: string;
+        width: number;
+        height: number;
+    }>;
+    video?: {
+        poster: string;
+        variants: Array<{
+            type: string;
+            src: string;
+        }>;
+    };
+    quoted_tweet?: XEmbedTweetData;
+    parent?: {
+        user: {
+            screen_name: string;
+        };
+    };
+}
+export declare const XEmbedOptions: import("valibot").ObjectSchema<{
+    /**
+     * The tweet ID to embed
+     */
+    readonly tweetId: import("valibot").StringSchema<undefined>;
+    /**
+     * Optional: Custom API endpoint for fetching tweet data
+     * @default '/api/_scripts/x-embed'
+     */
+    readonly apiEndpoint: import("valibot").OptionalSchema<import("valibot").StringSchema<undefined>, undefined>;
+    /**
+     * Optional: Custom image proxy endpoint
+     * @default '/api/_scripts/x-embed-image'
+     */
+    readonly imageProxyEndpoint: import("valibot").OptionalSchema<import("valibot").StringSchema<undefined>, undefined>;
+}, undefined>;
+export type XEmbedInput = RegistryScriptInput<typeof XEmbedOptions, false, false, false>;
+/**
+ * Proxy an X/Twitter image URL through the server
+ */
+export declare function proxyXImageUrl(url: string, proxyEndpoint?: string): string;
+/**
+ * Format a tweet date for display
+ */
+export declare function formatTweetDate(dateString: string): string;
+/**
+ * Format a number for display (e.g., 1234 -> 1.2K)
+ */
+export declare function formatCount(count: number): string;

package/dist/runtime/registry/x-embed.js

@@ -0,0 +1,41 @@
+import { object, optional, string } from "#nuxt-scripts-validator";
+export const XEmbedOptions = object({
+  /**
+   * The tweet ID to embed
+   */
+  tweetId: string(),
+  /**
+   * Optional: Custom API endpoint for fetching tweet data
+   * @default '/api/_scripts/x-embed'
+   */
+  apiEndpoint: optional(string()),
+  /**
+   * Optional: Custom image proxy endpoint
+   * @default '/api/_scripts/x-embed-image'
+   */
+  imageProxyEndpoint: optional(string())
+});
+export function proxyXImageUrl(url, proxyEndpoint = "/api/_scripts/x-embed-image") {
+  const separator = proxyEndpoint.includes("?") ? "&" : "?";
+  return `${proxyEndpoint}${separator}url=${encodeURIComponent(url)}`;
+}
+export function formatTweetDate(dateString) {
+  const date = new Date(dateString);
+  const time = date.toLocaleString("en-US", {
+    hour: "numeric",
+    minute: "numeric",
+    hour12: true,
+    timeZone: "UTC"
+  });
+  const day = date.toLocaleString("en-US", { month: "short", timeZone: "UTC" });
+  return `${time} \xB7 ${day} ${date.getUTCDate()}, ${date.getUTCFullYear()}`;
+}
+export function formatCount(count) {
+  if (count >= 1e6) {
+    return `${(count / 1e6).toFixed(1)}M`;
+  }
+  if (count >= 1e3) {
+    return `${(count / 1e3).toFixed(1)}K`;
+  }
+  return count.toString();
+}

package/dist/runtime/server/instagram-embed-asset.d.ts

@@ -0,0 +1,2 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<any>>;
+export default _default;

package/dist/runtime/server/instagram-embed-asset.js

@@ -0,0 +1,42 @@
+import { createError, defineEventHandler, getQuery, setHeader } from "h3";
+import { $fetch } from "ofetch";
+export default defineEventHandler(async (event) => {
+  const query = getQuery(event);
+  const url = query.url?.replace(/&/g, "&");
+  if (!url) {
+    throw createError({
+      statusCode: 400,
+      statusMessage: "Asset URL is required"
+    });
+  }
+  let parsedUrl;
+  try {
+    parsedUrl = new URL(url);
+  } catch {
+    throw createError({
+      statusCode: 400,
+      statusMessage: "Invalid asset URL"
+    });
+  }
+  if (parsedUrl.hostname !== "static.cdninstagram.com") {
+    throw createError({
+      statusCode: 403,
+      statusMessage: "Domain not allowed"
+    });
+  }
+  const response = await $fetch.raw(url, {
+    headers: {
+      "Accept": "*/*",
+      "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"
+    }
+  }).catch((error) => {
+    throw createError({
+      statusCode: error.statusCode || 500,
+      statusMessage: error.statusMessage || "Failed to fetch asset"
+    });
+  });
+  const contentType = response.headers.get("content-type") || "application/octet-stream";
+  setHeader(event, "Content-Type", contentType);
+  setHeader(event, "Cache-Control", "public, max-age=86400, s-maxage=86400");
+  return response._data;
+});

package/dist/runtime/server/instagram-embed-image.d.ts

@@ -0,0 +1,2 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<any>>;
+export default _default;

package/dist/runtime/server/instagram-embed-image.js

@@ -0,0 +1,54 @@
+import { createError, defineEventHandler, getQuery, setHeader } from "h3";
+import { $fetch } from "ofetch";
+export default defineEventHandler(async (event) => {
+  const query = getQuery(event);
+  const url = query.url?.replace(/&/g, "&");
+  if (!url) {
+    throw createError({
+      statusCode: 400,
+      statusMessage: "Image URL is required"
+    });
+  }
+  let parsedUrl;
+  try {
+    parsedUrl = new URL(url);
+  } catch {
+    throw createError({
+      statusCode: 400,
+      statusMessage: "Invalid image URL"
+    });
+  }
+  if (parsedUrl.protocol !== "http:" && parsedUrl.protocol !== "https:") {
+    throw createError({
+      statusCode: 400,
+      statusMessage: "Invalid URL scheme"
+    });
+  }
+  if (!parsedUrl.hostname.endsWith(".cdninstagram.com") && parsedUrl.hostname !== "scontent.cdninstagram.com") {
+    throw createError({
+      statusCode: 403,
+      statusMessage: "Domain not allowed"
+    });
+  }
+  const response = await $fetch.raw(url, {
+    redirect: "manual",
+    headers: {
+      "Accept": "image/webp,image/jpeg,image/png,image/*,*/*;q=0.8",
+      "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"
+    }
+  }).catch((error) => {
+    throw createError({
+      statusCode: error.statusCode || 500,
+      statusMessage: error.statusMessage || "Failed to fetch image"
+    });
+  });
+  if (response.status >= 300 && response.status < 400) {
+    throw createError({
+      statusCode: 403,
+      statusMessage: "Redirects not allowed"
+    });
+  }
+  setHeader(event, "Content-Type", response.headers.get("content-type") || "image/jpeg");
+  setHeader(event, "Cache-Control", "public, max-age=3600, s-maxage=3600");
+  return response._data;
+});

package/dist/runtime/server/instagram-embed.d.ts

@@ -0,0 +1,2 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<string>>;
+export default _default;

package/dist/runtime/server/instagram-embed.js

@@ -0,0 +1,91 @@
+import { createError, defineEventHandler, getQuery, setHeader } from "h3";
+import { $fetch } from "ofetch";
+export default defineEventHandler(async (event) => {
+  const query = getQuery(event);
+  const postUrl = query.url;
+  const captions = query.captions === "true";
+  if (!postUrl) {
+    throw createError({
+      statusCode: 400,
+      statusMessage: "Post URL is required"
+    });
+  }
+  let parsedUrl;
+  try {
+    parsedUrl = new URL(postUrl);
+  } catch {
+    throw createError({
+      statusCode: 400,
+      statusMessage: "Invalid postUrl"
+    });
+  }
+  if (!["instagram.com", "www.instagram.com"].includes(parsedUrl.hostname)) {
+    throw createError({
+      statusCode: 400,
+      statusMessage: "Invalid Instagram URL"
+    });
+  }
+  const pathname = parsedUrl.pathname.endsWith("/") ? parsedUrl.pathname : `${parsedUrl.pathname}/`;
+  const cleanUrl = parsedUrl.origin + pathname;
+  const embedUrl = cleanUrl + "embed/" + (captions ? "captioned/" : "");
+  const html = await $fetch(embedUrl, {
+    headers: {
+      "Accept": "text/html",
+      // Use simple UA - full Chrome UA triggers JS-heavy version without static content
+      "User-Agent": "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+    }
+  }).catch((error) => {
+    throw createError({
+      statusCode: error.statusCode || 500,
+      statusMessage: error.statusMessage || "Failed to fetch Instagram embed"
+    });
+  });
+  const cssUrls = [];
+  const linkRegex = /<link[^>]+rel=["']stylesheet["'][^>]+href=["']([^"']+)["'][^>]*>/gi;
+  let match;
+  while ((match = linkRegex.exec(html)) !== null) {
+    if (match[1])
+      cssUrls.push(match[1]);
+  }
+  const linkRegex2 = /<link[^>]+href=["']([^"']+)["'][^>]+rel=["']stylesheet["'][^>]*>/gi;
+  while ((match = linkRegex2.exec(html)) !== null) {
+    if (match[1])
+      cssUrls.push(match[1]);
+  }
+  const cssContents = await Promise.all(
+    cssUrls.map(
+      (url) => $fetch(url, {
+        headers: { Accept: "text/css" }
+      }).catch(() => "")
+    )
+  );
+  let combinedCss = cssContents.join("\n");
+  combinedCss = combinedCss.replace(
+    /url\(\/rsrc\.php([^)]+)\)/g,
+    (_m, path) => `url(/api/_scripts/instagram-embed-asset?url=${encodeURIComponent(`https://static.cdninstagram.com/rsrc.php${path}`)})`
+  );
+  const baseStyles = `
+    html { background: white; max-width: 540px; width: calc(100% - 2px); border-radius: 3px; border: 1px solid rgb(219, 219, 219); display: block; margin: 0px 0px 12px; min-width: 326px; padding: 0px; }
+    #splash-screen { display: none !important; }
+    .Embed { opacity: 1 !important; visibility: visible !important; }
+    .EmbeddedMedia, .EmbeddedMediaImage { display: block !important; visibility: visible !important; }
+  `;
+  let rewrittenHtml = html.replace(/<script[\s\S]*?<\/script>/gi, "").replace(/<link[^>]+rel=["']stylesheet["'][^>]*>/gi, "").replace(/<link[^>]+href=["'][^"']+\.css[^"']*["'][^>]*>/gi, "").replace(/<noscript>[\s\S]*?<\/noscript>/gi, "").replace(
+    /https:\/\/scontent[^"'\s),]+\.cdninstagram\.com[^"'\s),]+/g,
+    (m) => `/api/_scripts/instagram-embed-image?url=${encodeURIComponent(m.replace(/&amp;/g, "&"))}`
+  ).replace(
+    /https:\/\/static\.cdninstagram\.com[^"'\s),]+/g,
+    (m) => `/api/_scripts/instagram-embed-asset?url=${encodeURIComponent(m.replace(/&amp;/g, "&"))}`
+  ).replace(
+    /https:\/\/lookaside\.instagram\.com[^"'\s),]+/g,
+    (m) => `/api/_scripts/instagram-embed-image?url=${encodeURIComponent(m.replace(/&amp;/g, "&"))}`
+  );
+  rewrittenHtml = rewrittenHtml.replace(
+    "</head>",
+    `<style>${baseStyles}
+${combinedCss}</style></head>`
+  );
+  setHeader(event, "Content-Type", "text/html");
+  setHeader(event, "Cache-Control", "public, max-age=600, s-maxage=600");
+  return rewrittenHtml;
+});

package/dist/runtime/server/proxy-handler.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Privacy-aware proxy handler for first-party script collection endpoints.
+ * Routes requests to third-party analytics while protecting user privacy.
+ */
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<string | Buffer<ArrayBuffer>>>;
+export default _default;

package/dist/runtime/server/proxy-handler.js

@@ -0,0 +1,246 @@
+import { defineEventHandler, getHeaders, getRequestIP, readBody, getQuery, setResponseHeader, createError } from "h3";
+import { useRuntimeConfig } from "#imports";
+import { useStorage, useNitroApp } from "nitropack/runtime";
+import { hash } from "ohash";
+import { rewriteScriptUrls } from "../utils/pure.js";
+import {
+  SENSITIVE_HEADERS,
+  anonymizeIP,
+  normalizeLanguage,
+  normalizeUserAgent,
+  stripPayloadFingerprinting,
+  resolvePrivacy,
+  mergePrivacy
+} from "./utils/privacy.js";
+function stripQueryFingerprinting(query, privacy) {
+  const stripped = stripPayloadFingerprinting(query, privacy);
+  const params = new URLSearchParams();
+  for (const [key, value] of Object.entries(stripped)) {
+    if (value !== void 0 && value !== null) {
+      params.set(key, typeof value === "object" ? JSON.stringify(value) : String(value));
+    }
+  }
+  return params.toString();
+}
+export default defineEventHandler(async (event) => {
+  const config = useRuntimeConfig();
+  const nitro = useNitroApp();
+  const proxyConfig = config["nuxt-scripts-proxy"];
+  if (!proxyConfig) {
+    throw createError({
+      statusCode: 500,
+      statusMessage: "First-party proxy not configured"
+    });
+  }
+  const { routes, privacy: globalPrivacy, routePrivacy, cacheTtl = 3600, debug = import.meta.dev } = proxyConfig;
+  const path = event.path;
+  const log = debug ? (message, ...args) => {
+    console.debug(message, ...args);
+  } : () => {
+  };
+  let targetBase;
+  let matchedPrefix;
+  let matchedRoutePattern;
+  const sortedRoutes = Object.entries(routes).sort((a, b) => b[0].length - a[0].length);
+  for (const [routePattern, target] of sortedRoutes) {
+    const prefix = routePattern.replace(/\/\*\*$/, "");
+    if (path.startsWith(prefix)) {
+      targetBase = target.replace(/\/\*\*$/, "");
+      matchedPrefix = prefix;
+      matchedRoutePattern = routePattern;
+      log("[proxy] Matched:", prefix, "->", targetBase);
+      break;
+    }
+  }
+  if (!targetBase || !matchedPrefix || !matchedRoutePattern) {
+    log("[proxy] No match for path:", path);
+    throw createError({
+      statusCode: 404,
+      statusMessage: "No proxy route matched",
+      message: `No proxy target found for path: ${path}`
+    });
+  }
+  const perScriptInput = routePrivacy[matchedRoutePattern];
+  if (debug && perScriptInput === void 0) {
+    log("[proxy] WARNING: No privacy config for route", matchedRoutePattern, "\u2014 defaulting to full anonymization");
+  }
+  const perScriptResolved = resolvePrivacy(perScriptInput ?? true);
+  const privacy = globalPrivacy !== void 0 ? mergePrivacy(perScriptResolved, globalPrivacy) : perScriptResolved;
+  const anyPrivacy = privacy.ip || privacy.userAgent || privacy.language || privacy.screen || privacy.timezone || privacy.hardware;
+  let targetPath = path.slice(matchedPrefix.length);
+  if (targetPath && !targetPath.startsWith("/")) {
+    targetPath = "/" + targetPath;
+  }
+  let targetUrl = targetBase + targetPath;
+  if (anyPrivacy) {
+    const query = getQuery(event);
+    if (Object.keys(query).length > 0) {
+      const strippedQuery = stripQueryFingerprinting(query, privacy);
+      const basePath = targetUrl.split("?")[0] || targetUrl;
+      targetUrl = strippedQuery ? `${basePath}?${strippedQuery}` : basePath;
+    }
+  }
+  const originalHeaders = getHeaders(event);
+  const headers = {};
+  for (const [key, value] of Object.entries(originalHeaders)) {
+    if (!value) continue;
+    const lowerKey = key.toLowerCase();
+    if (SENSITIVE_HEADERS.includes(lowerKey)) continue;
+    if (anyPrivacy && lowerKey === "content-length") continue;
+    if (lowerKey === "x-forwarded-for" || lowerKey === "x-real-ip" || lowerKey === "forwarded" || lowerKey === "cf-connecting-ip" || lowerKey === "true-client-ip" || lowerKey === "x-client-ip" || lowerKey === "x-cluster-client-ip") {
+      if (privacy.ip) continue;
+      headers[lowerKey] = value;
+      continue;
+    }
+    if (lowerKey === "user-agent") {
+      headers[key] = privacy.userAgent ? normalizeUserAgent(value) : value;
+      continue;
+    }
+    if (lowerKey === "accept-language") {
+      headers[key] = privacy.language ? normalizeLanguage(value) : value;
+      continue;
+    }
+    if (lowerKey === "sec-ch-ua" || lowerKey === "sec-ch-ua-full-version-list") {
+      headers[lowerKey] = privacy.hardware ? value.replace(/;v="(\d+)\.[^"]*"/g, ';v="$1"') : value;
+      continue;
+    }
+    if (lowerKey === "sec-ch-ua-platform-version" || lowerKey === "sec-ch-ua-arch" || lowerKey === "sec-ch-ua-model" || lowerKey === "sec-ch-ua-bitness") {
+      if (privacy.hardware) continue;
+      headers[lowerKey] = value;
+      continue;
+    }
+    headers[key] = value;
+  }
+  if (!headers["x-forwarded-for"]) {
+    const clientIP = getRequestIP(event, { xForwardedFor: true });
+    if (clientIP) {
+      if (privacy.ip) {
+        headers["x-forwarded-for"] = anonymizeIP(clientIP);
+      } else {
+        headers["x-forwarded-for"] = clientIP;
+      }
+    }
+  } else if (privacy.ip) {
+    headers["x-forwarded-for"] = headers["x-forwarded-for"].split(",").map((ip) => anonymizeIP(ip.trim())).join(", ");
+  }
+  let body;
+  let rawBody;
+  const contentType = originalHeaders["content-type"] || "";
+  const method = event.method?.toUpperCase();
+  const originalQuery = getQuery(event);
+  if (method === "POST" || method === "PUT" || method === "PATCH") {
+    rawBody = await readBody(event);
+    if (anyPrivacy && rawBody) {
+      if (typeof rawBody === "object") {
+        body = stripPayloadFingerprinting(rawBody, privacy);
+      } else if (typeof rawBody === "string") {
+        if (rawBody.startsWith("{") || rawBody.startsWith("[")) {
+          let parsed = null;
+          try {
+            parsed = JSON.parse(rawBody);
+          } catch {
+          }
+          if (parsed && typeof parsed === "object") {
+            body = stripPayloadFingerprinting(parsed, privacy);
+          } else {
+            body = rawBody;
+          }
+        } else if (contentType.includes("application/x-www-form-urlencoded")) {
+          const params = new URLSearchParams(rawBody);
+          const obj = {};
+          params.forEach((value, key) => {
+            obj[key] = value;
+          });
+          const stripped = stripPayloadFingerprinting(obj, privacy);
+          const stringified = {};
+          for (const [k, v] of Object.entries(stripped)) {
+            if (v === void 0 || v === null) continue;
+            stringified[k] = typeof v === "string" ? v : JSON.stringify(v);
+          }
+          body = new URLSearchParams(stringified).toString();
+        } else {
+          body = rawBody;
+        }
+      } else {
+        body = rawBody;
+      }
+    } else {
+      body = rawBody;
+    }
+  }
+  await nitro.hooks.callHook("nuxt-scripts:proxy", {
+    timestamp: Date.now(),
+    path: event.path,
+    targetUrl,
+    method: method || "GET",
+    privacy,
+    original: {
+      headers: { ...originalHeaders },
+      query: originalQuery,
+      body: rawBody ?? null
+    },
+    stripped: {
+      headers,
+      query: anyPrivacy ? stripPayloadFingerprinting(originalQuery, privacy) : originalQuery,
+      body: body ?? null
+    }
+  });
+  log("[proxy] Fetching:", targetUrl);
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), 15e3);
+  let response;
+  try {
+    response = await fetch(targetUrl, {
+      method: method || "GET",
+      headers,
+      body: body ? typeof body === "string" ? body : JSON.stringify(body) : void 0,
+      credentials: "omit",
+      // Don't send cookies to third parties
+      signal: controller.signal
+    });
+  } catch (err) {
+    clearTimeout(timeoutId);
+    log("[proxy] Fetch error:", err instanceof Error ? err.message : err);
+    if (path.includes("/collect") || path.includes("/tr") || path.includes("/events")) {
+      event.node.res.statusCode = 204;
+      return "";
+    }
+    const isTimeout = err instanceof Error && (err.message.includes("aborted") || err.message.includes("timeout"));
+    throw createError({
+      statusCode: isTimeout ? 504 : 502,
+      statusMessage: isTimeout ? "Upstream timeout" : "Bad Gateway",
+      message: "Failed to reach upstream"
+    });
+  }
+  clearTimeout(timeoutId);
+  log("[proxy] Response:", response.status, response.statusText);
+  const skipHeaders = ["set-cookie", "transfer-encoding", "content-encoding", "content-length"];
+  response.headers.forEach((value, key) => {
+    if (!skipHeaders.includes(key.toLowerCase())) {
+      setResponseHeader(event, key, value);
+    }
+  });
+  event.node.res.statusCode = response.status;
+  event.node.res.statusMessage = response.statusText;
+  const responseContentType = response.headers.get("content-type") || "";
+  const isTextContent = responseContentType.includes("text") || responseContentType.includes("javascript") || responseContentType.includes("json");
+  if (isTextContent) {
+    let content = await response.text();
+    if (responseContentType.includes("javascript") && proxyConfig?.rewrites?.length) {
+      const cacheKey = `nuxt-scripts:proxy:${hash(targetUrl + JSON.stringify(proxyConfig.rewrites))}`;
+      const storage = useStorage("cache");
+      const cached = await storage.getItem(cacheKey);
+      if (cached && typeof cached === "string") {
+        log("[proxy] Serving rewritten script from cache");
+        content = cached;
+      } else {
+        content = rewriteScriptUrls(content, proxyConfig.rewrites);
+        await storage.setItem(cacheKey, content, { ttl: cacheTtl });
+        log("[proxy] Rewrote URLs in JavaScript response and cached");
+      }
+      setResponseHeader(event, "cache-control", `public, max-age=${cacheTtl}, stale-while-revalidate=${cacheTtl * 2}`);
+    }
+    return content;
+  }
+  return Buffer.from(await response.arrayBuffer());
+});

package/dist/runtime/server/sw-handler.d.ts

@@ -0,0 +1,2 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<string>>;
+export default _default;