@nuxt/scripts 1.0.0-beta.5 → 1.0.0-beta.7

package/dist/runtime/registry/posthog.js

@@ -6,7 +6,7 @@ export const PostHogOptions = object({
   region: optional(union([literal("us"), literal("eu")])),
   apiHost: optional(string()),
   autocapture: optional(boolean()),
-  capturePageview: optional(boolean()),
+  capturePageview: optional(union([boolean(), literal("history_change")])),
   capturePageleave: optional(boolean()),
   disableSessionRecording: optional(boolean()),
   config: optional(record(string(), any()))
@@ -58,7 +58,7 @@ export function useScriptPostHog(_options) {
           };
           if (typeof options?.autocapture === "boolean")
             config.autocapture = options.autocapture;
-          if (typeof options?.capturePageview === "boolean")
+          if (typeof options?.capturePageview === "boolean" || options?.capturePageview === "history_change")
             config.capture_pageview = options.capturePageview;
           if (typeof options?.capturePageleave === "boolean")
             config.capture_pageleave = options.capturePageleave;

package/dist/runtime/server/proxy-handler.js

@@ -1,8 +1,6 @@
-import { defineEventHandler, getHeaders, getRequestIP, readBody, getQuery, setResponseHeader, createError } from "h3";
+import { defineEventHandler, getHeaders, getRequestIP, readBody, getRequestWebStream, getQuery, setResponseHeader, createError } from "h3";
 import { useRuntimeConfig } from "#imports";
-import { useStorage, useNitroApp } from "nitropack/runtime";
-import { hash } from "ohash";
-import { rewriteScriptUrls } from "../utils/pure.js";
+import { useNitroApp } from "nitropack/runtime";
 import {
   SENSITIVE_HEADERS,
   anonymizeIP,
@@ -32,7 +30,7 @@ export default defineEventHandler(async (event) => {
       statusMessage: "First-party proxy not configured"
     });
   }
-  const { routes, privacy: globalPrivacy, routePrivacy, cacheTtl = 3600, debug = import.meta.dev } = proxyConfig;
+  const { routes, privacy: globalPrivacy, routePrivacy, debug = import.meta.dev } = proxyConfig;
   const path = event.path;
   const log = debug ? (message, ...args) => {
     console.debug(message, ...args);
@@ -67,6 +65,12 @@ export default defineEventHandler(async (event) => {
   const perScriptResolved = resolvePrivacy(perScriptInput ?? true);
   const privacy = globalPrivacy !== void 0 ? mergePrivacy(perScriptResolved, globalPrivacy) : perScriptResolved;
   const anyPrivacy = privacy.ip || privacy.userAgent || privacy.language || privacy.screen || privacy.timezone || privacy.hardware;
+  const originalHeaders = getHeaders(event);
+  const contentType = originalHeaders["content-type"] || "";
+  const compressionParam = new URL(event.path, "http://localhost").searchParams.get("compression");
+  const isBinaryBody = Boolean(
+    originalHeaders["content-encoding"] || contentType.includes("octet-stream") || compressionParam && /gzip|deflate|br|compress|base64/i.test(compressionParam)
+  );
   let targetPath = path.slice(matchedPrefix.length);
   if (targetPath && !targetPath.startsWith("/")) {
     targetPath = "/" + targetPath;
@@ -80,13 +84,16 @@ export default defineEventHandler(async (event) => {
       targetUrl = strippedQuery ? `${basePath}?${strippedQuery}` : basePath;
     }
   }
-  const originalHeaders = getHeaders(event);
   const headers = {};
   for (const [key, value] of Object.entries(originalHeaders)) {
     if (!value) continue;
     const lowerKey = key.toLowerCase();
     if (SENSITIVE_HEADERS.includes(lowerKey)) continue;
-    if (anyPrivacy && lowerKey === "content-length") continue;
+    if (lowerKey === "content-length") {
+      if (anyPrivacy && !isBinaryBody) continue;
+      headers[lowerKey] = value;
+      continue;
+    }
     if (lowerKey === "x-forwarded-for" || lowerKey === "x-real-ip" || lowerKey === "forwarded" || lowerKey === "cf-connecting-ip" || lowerKey === "true-client-ip" || lowerKey === "x-client-ip" || lowerKey === "x-cluster-client-ip") {
       if (privacy.ip) continue;
       headers[lowerKey] = value;
@@ -125,47 +132,58 @@ export default defineEventHandler(async (event) => {
   }
   let body;
   let rawBody;
-  const contentType = originalHeaders["content-type"] || "";
+  let passthroughBody = false;
   const method = event.method?.toUpperCase();
   const originalQuery = getQuery(event);
-  if (method === "POST" || method === "PUT" || method === "PATCH") {
-    rawBody = await readBody(event);
-    if (anyPrivacy && rawBody) {
-      if (typeof rawBody === "object") {
-        body = stripPayloadFingerprinting(rawBody, privacy);
-      } else if (typeof rawBody === "string") {
-        if (rawBody.startsWith("{") || rawBody.startsWith("[")) {
-          let parsed = null;
-          try {
-            parsed = JSON.parse(rawBody);
-          } catch {
-          }
-          if (parsed && typeof parsed === "object") {
-            body = stripPayloadFingerprinting(parsed, privacy);
+  const isWriteMethod = method === "POST" || method === "PUT" || method === "PATCH";
+  if (isWriteMethod) {
+    if (isBinaryBody || !anyPrivacy) {
+      passthroughBody = true;
+    } else {
+      rawBody = await readBody(event);
+      if (rawBody != null) {
+        if (Array.isArray(rawBody)) {
+          body = rawBody.map(
+            (item) => item && typeof item === "object" && !Array.isArray(item) ? stripPayloadFingerprinting(item, privacy) : item
+          );
+        } else if (typeof rawBody === "object") {
+          body = stripPayloadFingerprinting(rawBody, privacy);
+        } else if (typeof rawBody === "string") {
+          if (rawBody.startsWith("{") || rawBody.startsWith("[")) {
+            let parsed = null;
+            try {
+              parsed = JSON.parse(rawBody);
+            } catch {
+            }
+            if (Array.isArray(parsed)) {
+              body = parsed.map(
+                (item) => item && typeof item === "object" && !Array.isArray(item) ? stripPayloadFingerprinting(item, privacy) : item
+              );
+            } else if (parsed && typeof parsed === "object") {
+              body = stripPayloadFingerprinting(parsed, privacy);
+            } else {
+              body = rawBody;
+            }
+          } else if (contentType.includes("application/x-www-form-urlencoded")) {
+            const params = new URLSearchParams(rawBody);
+            const obj = {};
+            params.forEach((value, key) => {
+              obj[key] = value;
+            });
+            const stripped = stripPayloadFingerprinting(obj, privacy);
+            const stringified = {};
+            for (const [k, v] of Object.entries(stripped)) {
+              if (v === void 0 || v === null) continue;
+              stringified[k] = typeof v === "string" ? v : JSON.stringify(v);
+            }
+            body = new URLSearchParams(stringified).toString();
           } else {
             body = rawBody;
           }
-        } else if (contentType.includes("application/x-www-form-urlencoded")) {
-          const params = new URLSearchParams(rawBody);
-          const obj = {};
-          params.forEach((value, key) => {
-            obj[key] = value;
-          });
-          const stripped = stripPayloadFingerprinting(obj, privacy);
-          const stringified = {};
-          for (const [k, v] of Object.entries(stripped)) {
-            if (v === void 0 || v === null) continue;
-            stringified[k] = typeof v === "string" ? v : JSON.stringify(v);
-          }
-          body = new URLSearchParams(stringified).toString();
         } else {
           body = rawBody;
         }
-      } else {
-        body = rawBody;
       }
-    } else {
-      body = rawBody;
     }
   }
   await nitro.hooks.callHook("nuxt-scripts:proxy", {
@@ -174,29 +192,38 @@ export default defineEventHandler(async (event) => {
     targetUrl,
     method: method || "GET",
     privacy,
+    passthroughBody,
     original: {
       headers: { ...originalHeaders },
       query: originalQuery,
-      body: rawBody ?? null
+      body: passthroughBody ? "<passthrough>" : rawBody ?? null
     },
     stripped: {
       headers,
       query: anyPrivacy ? stripPayloadFingerprinting(originalQuery, privacy) : originalQuery,
-      body: body ?? null
+      body: passthroughBody ? "<passthrough>" : body ?? null
     }
   });
   log("[proxy] Fetching:", targetUrl);
   const controller = new AbortController();
   const timeoutId = setTimeout(() => controller.abort(), 15e3);
+  let fetchBody;
+  if (passthroughBody) {
+    fetchBody = getRequestWebStream(event);
+  } else if (body !== void 0) {
+    fetchBody = typeof body === "string" ? body : JSON.stringify(body);
+  }
   let response;
   try {
     response = await fetch(targetUrl, {
       method: method || "GET",
       headers,
-      body: body ? typeof body === "string" ? body : JSON.stringify(body) : void 0,
+      body: fetchBody,
       credentials: "omit",
       // Don't send cookies to third parties
-      signal: controller.signal
+      signal: controller.signal,
+      // @ts-expect-error Node fetch supports duplex for streaming request bodies
+      duplex: passthroughBody ? "half" : void 0
     });
   } catch (err) {
     clearTimeout(timeoutId);
@@ -225,22 +252,7 @@ export default defineEventHandler(async (event) => {
   const responseContentType = response.headers.get("content-type") || "";
   const isTextContent = responseContentType.includes("text") || responseContentType.includes("javascript") || responseContentType.includes("json");
   if (isTextContent) {
-    let content = await response.text();
-    if (responseContentType.includes("javascript") && proxyConfig?.rewrites?.length) {
-      const cacheKey = `nuxt-scripts:proxy:${hash(targetUrl + JSON.stringify(proxyConfig.rewrites))}`;
-      const storage = useStorage("cache");
-      const cached = await storage.getItem(cacheKey);
-      if (cached && typeof cached === "string") {
-        log("[proxy] Serving rewritten script from cache");
-        content = cached;
-      } else {
-        content = rewriteScriptUrls(content, proxyConfig.rewrites);
-        await storage.setItem(cacheKey, content, { ttl: cacheTtl });
-        log("[proxy] Rewrote URLs in JavaScript response and cached");
-      }
-      setResponseHeader(event, "cache-control", `public, max-age=${cacheTtl}, stale-while-revalidate=${cacheTtl * 2}`);
-    }
-    return content;
+    return await response.text();
   }
   return Buffer.from(await response.arrayBuffer());
 });

package/dist/runtime/utils/pure.d.ts

@@ -7,7 +7,3 @@ export interface ProxyRewrite {
     /** Local path to rewrite to (e.g., '/_scripts/c/ga/g/collect') */
     to: string;
 }
-/**
- * Rewrite URLs in script content based on proxy config.
- */
-export declare function rewriteScriptUrls(content: string, rewrites: ProxyRewrite[]): string;

package/dist/runtime/utils/pure.js

@@ -1,67 +0,0 @@
-import { parseURL, joinURL } from "ufo";
-export function rewriteScriptUrls(content, rewrites) {
-  let result = content;
-  const literalRegex = /(['"`])(.*?)\1/g;
-  for (const { from, to } of rewrites) {
-    const isSuffixMatch = from.startsWith(".");
-    const fromSlashIdx = from.indexOf("/");
-    const fromHost = fromSlashIdx > 0 ? from.slice(0, fromSlashIdx) : from;
-    const fromPath = fromSlashIdx > 0 ? from.slice(fromSlashIdx) : "";
-    result = result.replace(literalRegex, (match, quote, inner) => {
-      if (!inner.includes(fromHost)) return match;
-      const url = parseURL(inner);
-      let shouldRewrite = false;
-      let rewriteSuffix = "";
-      if (url.host) {
-        const hostMatches = isSuffixMatch ? url.host.endsWith(fromHost) : url.host === fromHost;
-        if (hostMatches) {
-          const fullPath = url.pathname + (url.search || "") + (url.hash || "");
-          if (fromPath && fullPath.startsWith(fromPath)) {
-            shouldRewrite = true;
-            rewriteSuffix = fullPath.slice(fromPath.length);
-          } else if (!fromPath) {
-            shouldRewrite = true;
-            rewriteSuffix = fullPath;
-          }
-        }
-      } else if (inner.startsWith("//")) {
-        const hostPart = inner.slice(2).split("/")[0];
-        const hostMatches = isSuffixMatch ? hostPart?.endsWith(fromHost) ?? false : hostPart === fromHost;
-        if (hostMatches) {
-          const remainder = inner.slice(2 + (hostPart?.length ?? 0));
-          if (fromPath && remainder.startsWith(fromPath)) {
-            shouldRewrite = true;
-            rewriteSuffix = remainder.slice(fromPath.length);
-          } else if (!fromPath) {
-            shouldRewrite = true;
-            rewriteSuffix = remainder;
-          }
-        }
-      } else if (fromPath && (inner.startsWith(from) || isSuffixMatch && inner.includes(from))) {
-        const domainEnd = inner.indexOf(from) + from.length;
-        const nextChar = inner[domainEnd];
-        if (!nextChar || nextChar === "/" || nextChar === "?" || nextChar === "#") {
-          shouldRewrite = true;
-          rewriteSuffix = inner.slice(domainEnd);
-        }
-      }
-      if (shouldRewrite) {
-        const rewritten = rewriteSuffix === "/" || rewriteSuffix.startsWith("?") || rewriteSuffix.startsWith("#") ? to + rewriteSuffix : joinURL(to, rewriteSuffix);
-        return "self.location.origin+" + quote + rewritten + quote;
-      }
-      return match;
-    });
-  }
-  const gaRewrite = rewrites.find((r) => r.from.includes("google-analytics.com/g/collect"));
-  if (gaRewrite) {
-    result = result.replace(
-      /"https:\/\/"\+\(.*?\)\+"\.google-analytics\.com\/g\/collect"/g,
-      `self.location.origin+"${gaRewrite.to}"`
-    );
-    result = result.replace(
-      /"https:\/\/"\+\(.*?\)\+"\.analytics\.google\.com\/g\/collect"/g,
-      `self.location.origin+"${gaRewrite.to}"`
-    );
-  }
-  return result;
-}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@nuxt/scripts",
   "type": "module",
-  "version": "1.0.0-beta.5",
+  "version": "1.0.0-beta.7",
   "description": "Load third-party scripts with better performance, privacy and DX in Nuxt Apps.",
   "author": {
     "website": "https://harlanzw.com",
@@ -96,7 +96,7 @@
     "magic-string": "^0.30.21",
     "ofetch": "^1.5.1",
     "ohash": "^2.0.11",
-    "oxc-parser": "^0.115.0",
+    "oxc-parser": "^0.116.0",
     "oxc-walker": "^0.7.0",
     "pathe": "^2.0.3",
     "pkg-types": "^2.3.0",
@@ -113,7 +113,7 @@
     "@nuxt/module-builder": "^1.0.2",
     "@nuxt/test-utils": "^4.0.0",
     "@nuxtjs/partytown": "^2.0.0",
-    "@paypal/paypal-js": "^9.3.0",
+    "@paypal/paypal-js": "^9.4.0",
     "@types/semver": "^7.7.1",
     "@typescript-eslint/typescript-estree": "^8.56.1",
     "@vue/test-utils": "^2.4.6",
@@ -121,18 +121,18 @@
     "changelogen": "^0.6.2",
     "eslint": "^10.0.2",
     "eslint-plugin-n": "^17.24.0",
-    "happy-dom": "^20.7.0",
+    "happy-dom": "^20.8.3",
     "knitwork": "^1.3.0",
     "nuxt": "^4.3.1",
     "playwright-core": "^1.58.2",
-    "posthog-js": "^1.354.3",
-    "shiki": "^3.23.0",
+    "posthog-js": "^1.357.1",
+    "shiki": "^4.0.1",
     "typescript": "5.9.3",
     "vitest": "^4.0.18",
     "vue": "^3.5.29",
     "vue-router": "^5.0.3",
     "vue-tsc": "^3.2.5",
-    "@nuxt/scripts": "1.0.0-beta.5"
+    "@nuxt/scripts": "1.0.0-beta.7"
   },
   "resolutions": {
     "@nuxt/scripts": "workspace:*"