@rayselfs/cf-rule-engine 1.6.2 → 1.8.0

package/dist/{chunk-63WIEBQB.cjs → chunk-45SNLNLR.cjs}

@@ -2,6 +2,10 @@
 
 var _chunkOTFDML3Kcjs = require('./chunk-OTFDML3K.cjs');
 
+
+
+var _chunkWAKA4OJDcjs = require('./chunk-WAKA4OJD.cjs');
+
 // src/helpers/preflight-request.ts
 function matchesOriginPattern(origin, pattern) {
   if (pattern === "*") return true;
@@ -10,27 +14,33 @@ function matchesOriginPattern(origin, pattern) {
   return new RegExp(`^${escaped}$`).test(origin);
 }
 function preflightRequest(options) {
-  const allowedOrigins = _nullishCoalesce(_optionalChain([options, 'optionalAccess', _ => _.allowedOrigins]), () => ( ["*"]));
-  const allowedMethods = _nullishCoalesce(_optionalChain([options, 'optionalAccess', _2 => _2.allowedMethods]), () => ( "GET, POST, OPTIONS"));
-  const allowedHeaders = _nullishCoalesce(_optionalChain([options, 'optionalAccess', _3 => _3.allowedHeaders]), () => ( "Content-Type, Cache-Control, Pragma, Range"));
-  const allowCredentials = _nullishCoalesce(_optionalChain([options, 'optionalAccess', _4 => _4.allowCredentials]), () => ( false));
-  const maxAge = _optionalChain([options, 'optionalAccess', _5 => _5.maxAge]);
+  const { allowedOrigins } = options;
+  const allowedMethods = _nullishCoalesce(options.allowedMethods, () => ( "GET, POST, OPTIONS"));
+  const allowedHeaders = _nullishCoalesce(options.allowedHeaders, () => ( "Content-Type, Cache-Control, Pragma, Range"));
+  const allowCredentials = _nullishCoalesce(options.allowCredentials, () => ( false));
+  const maxAge = options.maxAge;
   return {
     criteria: _chunkOTFDML3Kcjs.methodIs.call(void 0, ["OPTIONS"]),
     behavior: (request) => {
       let allowOrigin;
-      if (_optionalChain([options, 'optionalAccess', _6 => _6.allowOriginEcho])) {
-        const originHeader = _optionalChain([request, 'access', _7 => _7.headers, 'access', _8 => _8["origin"], 'optionalAccess', _9 => _9.value]);
-        allowOrigin = originHeader && allowedOrigins.some((p) => matchesOriginPattern(originHeader, p)) ? originHeader : _nullishCoalesce(allowedOrigins[0], () => ( "*"));
+      if (allowedOrigins === _chunkWAKA4OJDcjs.ORIGIN_WILDCARD) {
+        allowOrigin = "*";
+      } else if (allowedOrigins === _chunkWAKA4OJDcjs.ORIGIN_ECHO) {
+        allowOrigin = _optionalChain([request, 'access', _ => _.headers, 'access', _2 => _2["origin"], 'optionalAccess', _3 => _3.value]);
       } else {
-        allowOrigin = allowedOrigins.includes("*") ? "*" : _nullishCoalesce(allowedOrigins[0], () => ( "*"));
+        const originHeader = _optionalChain([request, 'access', _4 => _4.headers, 'access', _5 => _5["origin"], 'optionalAccess', _6 => _6.value]);
+        if (originHeader && allowedOrigins.some((p) => matchesOriginPattern(originHeader, p))) {
+          allowOrigin = originHeader;
+        }
       }
       const headers = {
         "cache-control": { value: "no-store" },
-        "access-control-allow-origin": { value: allowOrigin },
         "access-control-allow-methods": { value: allowedMethods },
         "access-control-allow-headers": { value: allowedHeaders }
       };
+      if (allowOrigin !== void 0) {
+        headers["access-control-allow-origin"] = { value: allowOrigin };
+      }
       if (allowCredentials) {
         headers["access-control-allow-credentials"] = { value: "true" };
       }

package/dist/chunk-O4SOSGAP.js

@@ -0,0 +1,21 @@
+// src/behaviors/set-security-headers.ts
+function setSecurityHeaders(options) {
+  return (_request, response) => {
+    const extra = {};
+    if (options.hsts !== void 0)
+      extra["strict-transport-security"] = { value: options.hsts };
+    if (options.xFrameOptions !== void 0)
+      extra["x-frame-options"] = { value: options.xFrameOptions };
+    if (options.xContentTypeOptions !== void 0)
+      extra["x-content-type-options"] = { value: options.xContentTypeOptions };
+    if (options.xXssProtection !== void 0)
+      extra["x-xss-protection"] = { value: options.xXssProtection };
+    return Object.assign({}, response, {
+      headers: Object.assign({}, response.headers, extra)
+    });
+  };
+}
+
+export {
+  setSecurityHeaders
+};

package/dist/{chunk-SOBTD7AD.js → chunk-SRA2DFKG.js}

@@ -1,4 +1,6 @@
 // src/behaviors/set-cors-headers.ts
+var ORIGIN_WILDCARD = "*";
+var ORIGIN_ECHO = "echo";
 function matchesOriginPattern(origin, pattern) {
   if (pattern === "*") return true;
   if (!pattern.includes("*")) return origin === pattern;
@@ -6,26 +8,33 @@ function matchesOriginPattern(origin, pattern) {
   return new RegExp(`^${escaped}$`).test(origin);
 }
 function setCorsHeaders(options) {
-  const allowedOrigins = options?.allowedOrigins ?? ["*"];
-  const allowedMethods = options?.allowedMethods ?? "GET, POST, OPTIONS";
-  const allowedHeaders = options?.allowedHeaders ?? "Content-Type, Cache-Control, Pragma, Range";
+  const { allowedOrigins } = options;
   return (request, response) => {
-    let allowOrigin = allowedOrigins[0] ?? "*";
-    if (options?.allowOriginEcho) {
+    let allowOrigin;
+    if (allowedOrigins === ORIGIN_WILDCARD) {
+      allowOrigin = "*";
+    } else if (allowedOrigins === ORIGIN_ECHO) {
+      allowOrigin = request.headers["origin"]?.value;
+    } else {
       const originHeader = request.headers["origin"]?.value;
       if (originHeader && allowedOrigins.some((p) => matchesOriginPattern(originHeader, p))) {
         allowOrigin = originHeader;
       }
     }
+    if (allowOrigin === void 0) return response;
     const corsHeaders = {
-      "access-control-allow-origin": { value: allowOrigin },
-      "access-control-allow-methods": { value: allowedMethods },
-      "access-control-allow-headers": { value: allowedHeaders }
+      "access-control-allow-origin": { value: allowOrigin }
     };
-    if (options?.allowCredentials) {
+    if (options.allowedMethods !== void 0) {
+      corsHeaders["access-control-allow-methods"] = { value: options.allowedMethods };
+    }
+    if (options.allowedHeaders !== void 0) {
+      corsHeaders["access-control-allow-headers"] = { value: options.allowedHeaders };
+    }
+    if (options.allowCredentials) {
       corsHeaders["access-control-allow-credentials"] = { value: "true" };
     }
-    if (options?.maxAge !== void 0) {
+    if (options.maxAge !== void 0) {
       corsHeaders["access-control-max-age"] = { value: String(options.maxAge) };
     }
     return Object.assign({}, response, {
@@ -35,5 +44,7 @@ function setCorsHeaders(options) {
 }
 
 export {
+  ORIGIN_WILDCARD,
+  ORIGIN_ECHO,
   setCorsHeaders
 };

package/dist/chunk-WAKA4OJD.cjs

@@ -0,0 +1,50 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }// src/behaviors/set-cors-headers.ts
+var ORIGIN_WILDCARD = "*";
+var ORIGIN_ECHO = "echo";
+function matchesOriginPattern(origin, pattern) {
+  if (pattern === "*") return true;
+  if (!pattern.includes("*")) return origin === pattern;
+  const escaped = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*");
+  return new RegExp(`^${escaped}$`).test(origin);
+}
+function setCorsHeaders(options) {
+  const { allowedOrigins } = options;
+  return (request, response) => {
+    let allowOrigin;
+    if (allowedOrigins === ORIGIN_WILDCARD) {
+      allowOrigin = "*";
+    } else if (allowedOrigins === ORIGIN_ECHO) {
+      allowOrigin = _optionalChain([request, 'access', _ => _.headers, 'access', _2 => _2["origin"], 'optionalAccess', _3 => _3.value]);
+    } else {
+      const originHeader = _optionalChain([request, 'access', _4 => _4.headers, 'access', _5 => _5["origin"], 'optionalAccess', _6 => _6.value]);
+      if (originHeader && allowedOrigins.some((p) => matchesOriginPattern(originHeader, p))) {
+        allowOrigin = originHeader;
+      }
+    }
+    if (allowOrigin === void 0) return response;
+    const corsHeaders = {
+      "access-control-allow-origin": { value: allowOrigin }
+    };
+    if (options.allowedMethods !== void 0) {
+      corsHeaders["access-control-allow-methods"] = { value: options.allowedMethods };
+    }
+    if (options.allowedHeaders !== void 0) {
+      corsHeaders["access-control-allow-headers"] = { value: options.allowedHeaders };
+    }
+    if (options.allowCredentials) {
+      corsHeaders["access-control-allow-credentials"] = { value: "true" };
+    }
+    if (options.maxAge !== void 0) {
+      corsHeaders["access-control-max-age"] = { value: String(options.maxAge) };
+    }
+    return Object.assign({}, response, {
+      headers: Object.assign({}, response.headers, corsHeaders)
+    });
+  };
+}
+
+
+
+
+
+exports.ORIGIN_WILDCARD = ORIGIN_WILDCARD; exports.ORIGIN_ECHO = ORIGIN_ECHO; exports.setCorsHeaders = setCorsHeaders;

package/dist/criteria/header-equals.d.cts

@@ -17,12 +17,12 @@ import { CriteriaFn } from '../core/types.cjs';
  * ```typescript
  * import { rule } from '@rayselfs/cf-rule-engine'
  * import { headerEquals } from '@rayselfs/cf-rule-engine/criteria'
- * import { setCorsHeaders } from '@rayselfs/cf-rule-engine/behaviors'
+ * import { setCorsHeaders, ORIGIN_ECHO } from '@rayselfs/cf-rule-engine/behaviors'
  *
  * // Apply CORS headers only for requests from known origins
  * rule(
  *   headerEquals('origin', ['https://www.example.com', 'https://store.example.com']),
- *   setCorsHeaders({ allowOriginEcho: true, allowCredentials: true }),
+ *   setCorsHeaders({ allowedOrigins: ORIGIN_ECHO, allowCredentials: true }),
  * )
  * ```
  */

package/dist/criteria/header-equals.d.ts

@@ -17,12 +17,12 @@ import { CriteriaFn } from '../core/types.js';
  * ```typescript
  * import { rule } from '@rayselfs/cf-rule-engine'
  * import { headerEquals } from '@rayselfs/cf-rule-engine/criteria'
- * import { setCorsHeaders } from '@rayselfs/cf-rule-engine/behaviors'
+ * import { setCorsHeaders, ORIGIN_ECHO } from '@rayselfs/cf-rule-engine/behaviors'
  *
  * // Apply CORS headers only for requests from known origins
  * rule(
  *   headerEquals('origin', ['https://www.example.com', 'https://store.example.com']),
- *   setCorsHeaders({ allowOriginEcho: true, allowCredentials: true }),
+ *   setCorsHeaders({ allowedOrigins: ORIGIN_ECHO, allowCredentials: true }),
  * )
  * ```
  */

package/dist/criteria/index.cjs

@@ -1,17 +1,5 @@
 "use strict";Object.defineProperty(exports, "__esModule", {value: true});
 
-var _chunkG7JGTBTTcjs = require('../chunk-G7JGTBTT.cjs');
-
-
-var _chunkMVGYPBYBcjs = require('../chunk-MVGYPBYB.cjs');
-
-
-var _chunk32SMWYAFcjs = require('../chunk-32SMWYAF.cjs');
-
-
-var _chunkL7NBJ4JAcjs = require('../chunk-L7NBJ4JA.cjs');
-
-
 var _chunkJGJW7D2Ncjs = require('../chunk-JGJW7D2N.cjs');
 
 
@@ -26,6 +14,12 @@ var _chunkVEEOQ7TScjs = require('../chunk-VEEOQ7TS.cjs');
 
 
 var _chunkCF5PWWTFcjs = require('../chunk-CF5PWWTF.cjs');
+
+
+var _chunkG7JGTBTTcjs = require('../chunk-G7JGTBTT.cjs');
+
+
+var _chunkMVGYPBYBcjs = require('../chunk-MVGYPBYB.cjs');
 require('../chunk-IBXAK2A4.cjs');
 
 
@@ -33,6 +27,12 @@ var _chunkOSZWDCTScjs = require('../chunk-OSZWDCTS.cjs');
 
 
 var _chunkU54FZCOHcjs = require('../chunk-U54FZCOH.cjs');
+
+
+var _chunk32SMWYAFcjs = require('../chunk-32SMWYAF.cjs');
+
+
+var _chunkL7NBJ4JAcjs = require('../chunk-L7NBJ4JA.cjs');
 require('../chunk-75ZPJI57.cjs');
 
 

package/dist/criteria/index.js

@@ -1,15 +1,3 @@
-import {
-  pathPrefix
-} from "../chunk-XLSZ5RB7.js";
-import {
-  userAgentMatches
-} from "../chunk-S2AAATFN.js";
-import {
-  headerContains
-} from "../chunk-SRQF5UEJ.js";
-import {
-  headerEquals
-} from "../chunk-BZQJYOU2.js";
 import {
   hostnameIs
 } from "../chunk-3PVDUC5M.js";
@@ -26,6 +14,12 @@ import {
 import {
   pathMatches
 } from "../chunk-LO2BO3RU.js";
+import {
+  pathPrefix
+} from "../chunk-XLSZ5RB7.js";
+import {
+  userAgentMatches
+} from "../chunk-S2AAATFN.js";
 import "../chunk-2DE6WPPL.js";
 import {
   countryIs
@@ -33,6 +27,12 @@ import {
 import {
   fileExtension
 } from "../chunk-LBJUCJF2.js";
+import {
+  headerContains
+} from "../chunk-SRQF5UEJ.js";
+import {
+  headerEquals
+} from "../chunk-BZQJYOU2.js";
 import "../chunk-MLKGABMK.js";
 export {
   countryIs,

package/dist/helpers/index.cjs

@@ -1,25 +1,26 @@
 "use strict";Object.defineProperty(exports, "__esModule", {value: true});
 
-var _chunk63WIEBQBcjs = require('../chunk-63WIEBQB.cjs');
+var _chunk45SNLNLRcjs = require('../chunk-45SNLNLR.cjs');
 
 
 var _chunkLSCC62CZcjs = require('../chunk-LSCC62CZ.cjs');
 
 
-var _chunkT5EXFHVAcjs = require('../chunk-T5EXFHVA.cjs');
-require('../chunk-MVGYPBYB.cjs');
-
-
-var _chunkL7NBJ4JAcjs = require('../chunk-L7NBJ4JA.cjs');
+var _chunkMO7HW25Rcjs = require('../chunk-MO7HW25R.cjs');
 require('../chunk-D47P7HVZ.cjs');
 require('../chunk-YVUR35RN.cjs');
 require('../chunk-OTFDML3K.cjs');
 require('../chunk-CF5PWWTF.cjs');
+require('../chunk-MVGYPBYB.cjs');
 require('../chunk-IBXAK2A4.cjs');
 
 
+var _chunkL7NBJ4JAcjs = require('../chunk-L7NBJ4JA.cjs');
+
+
 var _chunkB4WEJSEZcjs = require('../chunk-B4WEJSEZ.cjs');
 require('../chunk-WWSRNCUP.cjs');
+require('../chunk-WAKA4OJD.cjs');
 require('../chunk-WKYMSRCD.cjs');
 require('../chunk-JU5WX5RU.cjs');
 require('../chunk-75ZPJI57.cjs');
@@ -39,4 +40,4 @@ function stagingIndicator() {
 
 
 
-exports.preflightRequest = _chunk63WIEBQBcjs.preflightRequest; exports.sendCountryCode = _chunkLSCC62CZcjs.sendCountryCode; exports.stagingIndicator = stagingIndicator; exports.whitelist = _chunkT5EXFHVAcjs.whitelist;
+exports.preflightRequest = _chunk45SNLNLRcjs.preflightRequest; exports.sendCountryCode = _chunkLSCC62CZcjs.sendCountryCode; exports.stagingIndicator = stagingIndicator; exports.whitelist = _chunkMO7HW25Rcjs.whitelist;

package/dist/helpers/index.js

@@ -1,25 +1,26 @@
 import {
   preflightRequest
-} from "../chunk-H2LO6MQG.js";
+} from "../chunk-3VYYXEER.js";
 import {
   sendCountryCode
 } from "../chunk-C32DL3EP.js";
 import {
   whitelist
-} from "../chunk-RL7ZETZR.js";
-import "../chunk-S2AAATFN.js";
-import {
-  headerEquals
-} from "../chunk-BZQJYOU2.js";
+} from "../chunk-ER2YEZZO.js";
 import "../chunk-KW5YBTSD.js";
 import "../chunk-LNQPYKGG.js";
 import "../chunk-PY3JMRDG.js";
 import "../chunk-LO2BO3RU.js";
+import "../chunk-S2AAATFN.js";
 import "../chunk-2DE6WPPL.js";
+import {
+  headerEquals
+} from "../chunk-BZQJYOU2.js";
 import {
   setResponseHeader
 } from "../chunk-RBBKFG5J.js";
 import "../chunk-DSSFFJWL.js";
+import "../chunk-SRA2DFKG.js";
 import "../chunk-Q4NP4C3B.js";
 import "../chunk-BDNPQ7AU.js";
 import "../chunk-MLKGABMK.js";

package/dist/helpers/preflight-request.cjs

@@ -1,8 +1,9 @@
 "use strict";Object.defineProperty(exports, "__esModule", {value: true});
 
-var _chunk63WIEBQBcjs = require('../chunk-63WIEBQB.cjs');
+var _chunk45SNLNLRcjs = require('../chunk-45SNLNLR.cjs');
 require('../chunk-OTFDML3K.cjs');
+require('../chunk-WAKA4OJD.cjs');
 require('../chunk-75ZPJI57.cjs');
 
 
-exports.preflightRequest = _chunk63WIEBQBcjs.preflightRequest;
+exports.preflightRequest = _chunk45SNLNLRcjs.preflightRequest;

package/dist/helpers/preflight-request.d.cts

@@ -5,17 +5,18 @@ import { CorsOptions } from '../behaviors/set-cors-headers.cjs';
  * Returns a `Rule` that responds 204 to OPTIONS preflight requests with CORS headers.
  *
  * Accepts the same `CorsOptions` as `setCorsHeaders` — pass the same object to both
- * to define CORS config in one place.
+ * to define CORS config in one place. `allowedMethods` and `allowedHeaders` default to
+ * permissive values if omitted.
  *
  * @example
  * ```ts
  * import { preflightRequest } from '@rayselfs/cf-rule-engine/helpers'
- * import { setCorsHeaders } from '@rayselfs/cf-rule-engine/behaviors'
+ * import { setCorsHeaders, ORIGIN_WILDCARD } from '@rayselfs/cf-rule-engine/behaviors'
  * import { defineViewerRequest, defineViewerResponse } from '@rayselfs/cf-rule-engine/adapters/cf-function'
  * import type { CorsOptions } from '@rayselfs/cf-rule-engine/behaviors'
  *
  * const CORS: CorsOptions = {
- *   allowedOrigins: ['*'],
+ *   allowedOrigins: ORIGIN_WILDCARD,
  *   allowedMethods: 'GET, POST, OPTIONS',
  *   allowedHeaders: 'Content-Type, Cache-Control, Pragma, Range',
  * }
@@ -33,6 +34,6 @@ import { CorsOptions } from '../behaviors/set-cors-headers.cjs';
  *
  * @returns A `Rule` ready to pass into `defineViewerRequest`.
  */
-declare function preflightRequest(options?: CorsOptions): Rule;
+declare function preflightRequest(options: CorsOptions): Rule;
 
 export { preflightRequest };

package/dist/helpers/preflight-request.d.ts

@@ -5,17 +5,18 @@ import { CorsOptions } from '../behaviors/set-cors-headers.js';
  * Returns a `Rule` that responds 204 to OPTIONS preflight requests with CORS headers.
  *
  * Accepts the same `CorsOptions` as `setCorsHeaders` — pass the same object to both
- * to define CORS config in one place.
+ * to define CORS config in one place. `allowedMethods` and `allowedHeaders` default to
+ * permissive values if omitted.
  *
  * @example
  * ```ts
  * import { preflightRequest } from '@rayselfs/cf-rule-engine/helpers'
- * import { setCorsHeaders } from '@rayselfs/cf-rule-engine/behaviors'
+ * import { setCorsHeaders, ORIGIN_WILDCARD } from '@rayselfs/cf-rule-engine/behaviors'
  * import { defineViewerRequest, defineViewerResponse } from '@rayselfs/cf-rule-engine/adapters/cf-function'
  * import type { CorsOptions } from '@rayselfs/cf-rule-engine/behaviors'
  *
  * const CORS: CorsOptions = {
- *   allowedOrigins: ['*'],
+ *   allowedOrigins: ORIGIN_WILDCARD,
  *   allowedMethods: 'GET, POST, OPTIONS',
  *   allowedHeaders: 'Content-Type, Cache-Control, Pragma, Range',
  * }
@@ -33,6 +34,6 @@ import { CorsOptions } from '../behaviors/set-cors-headers.js';
  *
  * @returns A `Rule` ready to pass into `defineViewerRequest`.
  */
-declare function preflightRequest(options?: CorsOptions): Rule;
+declare function preflightRequest(options: CorsOptions): Rule;
 
 export { preflightRequest };

package/dist/helpers/preflight-request.js

@@ -1,7 +1,8 @@
 import {
   preflightRequest
-} from "../chunk-H2LO6MQG.js";
+} from "../chunk-3VYYXEER.js";
 import "../chunk-PY3JMRDG.js";
+import "../chunk-SRA2DFKG.js";
 import "../chunk-MLKGABMK.js";
 export {
   preflightRequest

package/dist/helpers/whitelist.cjs

@@ -1,14 +1,14 @@
 "use strict";Object.defineProperty(exports, "__esModule", {value: true});
 
-var _chunkT5EXFHVAcjs = require('../chunk-T5EXFHVA.cjs');
-require('../chunk-MVGYPBYB.cjs');
+var _chunkMO7HW25Rcjs = require('../chunk-MO7HW25R.cjs');
 require('../chunk-D47P7HVZ.cjs');
 require('../chunk-YVUR35RN.cjs');
 require('../chunk-CF5PWWTF.cjs');
+require('../chunk-MVGYPBYB.cjs');
 require('../chunk-IBXAK2A4.cjs');
 require('../chunk-WWSRNCUP.cjs');
 require('../chunk-WKYMSRCD.cjs');
 require('../chunk-75ZPJI57.cjs');
 
 
-exports.whitelist = _chunkT5EXFHVAcjs.whitelist;
+exports.whitelist = _chunkMO7HW25Rcjs.whitelist;

package/dist/helpers/whitelist.js

@@ -1,10 +1,10 @@
 import {
   whitelist
-} from "../chunk-RL7ZETZR.js";
-import "../chunk-S2AAATFN.js";
+} from "../chunk-ER2YEZZO.js";
 import "../chunk-KW5YBTSD.js";
 import "../chunk-LNQPYKGG.js";
 import "../chunk-LO2BO3RU.js";
+import "../chunk-S2AAATFN.js";
 import "../chunk-2DE6WPPL.js";
 import "../chunk-DSSFFJWL.js";
 import "../chunk-Q4NP4C3B.js";

package/dist/index.d.cts

@@ -1,6 +1,6 @@
 export { BehaviorFn, BehaviorResult, CriteriaFn, HttpRequest, HttpResponse, ResponseBehaviorFn, ResponseRule, Rule, ViewerRequestHandler, ViewerResponseHandler } from './core/types.cjs';
 export { all, any, chain, not, rule, runRules } from './core/rule.cjs';
 export { c as cfFunction } from './cf-function-BkfWpTfl.cjs';
-export { l as lambdaEdge } from './lambda-edge-9xiONGmR.cjs';
+export { l as lambdaEdge } from './lambda-edge-D1NHYwvA.cjs';
 import './adapters/viewer-request.cjs';
 import './adapters/viewer-response.cjs';

package/dist/index.d.ts

@@ -1,6 +1,6 @@
 export { BehaviorFn, BehaviorResult, CriteriaFn, HttpRequest, HttpResponse, ResponseBehaviorFn, ResponseRule, Rule, ViewerRequestHandler, ViewerResponseHandler } from './core/types.js';
 export { all, any, chain, not, rule, runRules } from './core/rule.js';
 export { c as cfFunction } from './cf-function-CZwCWch-.js';
-export { l as lambdaEdge } from './lambda-edge-BK3-bFx8.js';
+export { l as lambdaEdge } from './lambda-edge-DnIvWFGe.js';
 import './adapters/viewer-request.js';
 import './adapters/viewer-response.js';

package/dist/{lambda-edge-9xiONGmR.d.cts → lambda-edge-D1NHYwvA.d.cts}

@@ -51,7 +51,7 @@ declare function defineViewerRequest(rules: Rule[]): (event: unknown) => unknown
  *
  * export const handler = defineViewerResponse([
  *   setSecurityHeaders(),
- *   setCorsHeaders({ allowedOrigins: ['https://www.example.com'], allowOriginEcho: true }),
+ *   setCorsHeaders({ allowedOrigins: ['https://www.example.com'] }),
  * ])
  * ```
  */

package/dist/{lambda-edge-BK3-bFx8.d.ts → lambda-edge-DnIvWFGe.d.ts}

@@ -51,7 +51,7 @@ declare function defineViewerRequest(rules: Rule[]): (event: unknown) => unknown
  *
  * export const handler = defineViewerResponse([
  *   setSecurityHeaders(),
- *   setCorsHeaders({ allowedOrigins: ['https://www.example.com'], allowOriginEcho: true }),
+ *   setCorsHeaders({ allowedOrigins: ['https://www.example.com'] }),
  * ])
  * ```
  */

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rayselfs/cf-rule-engine",
-  "version": "1.6.2",
+  "version": "1.8.0",
   "description": "Composable, tree-shakeable CloudFront Function rules",
   "license": "MIT",
   "sideEffects": false,

package/dist/chunk-GK5JX7OM.cjs

@@ -1,39 +0,0 @@
-"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } } function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }// src/behaviors/set-cors-headers.ts
-function matchesOriginPattern(origin, pattern) {
-  if (pattern === "*") return true;
-  if (!pattern.includes("*")) return origin === pattern;
-  const escaped = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*");
-  return new RegExp(`^${escaped}$`).test(origin);
-}
-function setCorsHeaders(options) {
-  const allowedOrigins = _nullishCoalesce(_optionalChain([options, 'optionalAccess', _ => _.allowedOrigins]), () => ( ["*"]));
-  const allowedMethods = _nullishCoalesce(_optionalChain([options, 'optionalAccess', _2 => _2.allowedMethods]), () => ( "GET, POST, OPTIONS"));
-  const allowedHeaders = _nullishCoalesce(_optionalChain([options, 'optionalAccess', _3 => _3.allowedHeaders]), () => ( "Content-Type, Cache-Control, Pragma, Range"));
-  return (request, response) => {
-    let allowOrigin = _nullishCoalesce(allowedOrigins[0], () => ( "*"));
-    if (_optionalChain([options, 'optionalAccess', _4 => _4.allowOriginEcho])) {
-      const originHeader = _optionalChain([request, 'access', _5 => _5.headers, 'access', _6 => _6["origin"], 'optionalAccess', _7 => _7.value]);
-      if (originHeader && allowedOrigins.some((p) => matchesOriginPattern(originHeader, p))) {
-        allowOrigin = originHeader;
-      }
-    }
-    const corsHeaders = {
-      "access-control-allow-origin": { value: allowOrigin },
-      "access-control-allow-methods": { value: allowedMethods },
-      "access-control-allow-headers": { value: allowedHeaders }
-    };
-    if (_optionalChain([options, 'optionalAccess', _8 => _8.allowCredentials])) {
-      corsHeaders["access-control-allow-credentials"] = { value: "true" };
-    }
-    if (_optionalChain([options, 'optionalAccess', _9 => _9.maxAge]) !== void 0) {
-      corsHeaders["access-control-max-age"] = { value: String(options.maxAge) };
-    }
-    return Object.assign({}, response, {
-      headers: Object.assign({}, response.headers, corsHeaders)
-    });
-  };
-}
-
-
-
-exports.setCorsHeaders = setCorsHeaders;

package/dist/chunk-UI6LKDJI.cjs

@@ -1,19 +0,0 @@
-"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } } function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }// src/behaviors/set-security-headers.ts
-function setSecurityHeaders(options) {
-  const hsts = _nullishCoalesce(_optionalChain([options, 'optionalAccess', _ => _.hsts]), () => ( "max-age=31536000; includeSubDomains"));
-  const xFrameOptions = _nullishCoalesce(_optionalChain([options, 'optionalAccess', _2 => _2.xFrameOptions]), () => ( "SAMEORIGIN"));
-  const xContentTypeOptions = _nullishCoalesce(_optionalChain([options, 'optionalAccess', _3 => _3.xContentTypeOptions]), () => ( "nosniff"));
-  return (_request, response) => {
-    return Object.assign({}, response, {
-      headers: Object.assign({}, response.headers, {
-        "strict-transport-security": { value: hsts },
-        "x-frame-options": { value: xFrameOptions },
-        "x-content-type-options": { value: xContentTypeOptions }
-      })
-    });
-  };
-}
-
-
-
-exports.setSecurityHeaders = setSecurityHeaders;

package/dist/chunk-VQCRSBWL.js

@@ -1,19 +0,0 @@
-// src/behaviors/set-security-headers.ts
-function setSecurityHeaders(options) {
-  const hsts = options?.hsts ?? "max-age=31536000; includeSubDomains";
-  const xFrameOptions = options?.xFrameOptions ?? "SAMEORIGIN";
-  const xContentTypeOptions = options?.xContentTypeOptions ?? "nosniff";
-  return (_request, response) => {
-    return Object.assign({}, response, {
-      headers: Object.assign({}, response.headers, {
-        "strict-transport-security": { value: hsts },
-        "x-frame-options": { value: xFrameOptions },
-        "x-content-type-options": { value: xContentTypeOptions }
-      })
-    });
-  };
-}
-
-export {
-  setSecurityHeaders
-};

package/dist/{chunk-RL7ZETZR.js → chunk-ER2YEZZO.js}

@@ -1,12 +1,12 @@
-import {
-  userAgentMatches
-} from "./chunk-S2AAATFN.js";
 import {
   ipCidr
 } from "./chunk-KW5YBTSD.js";
 import {
   pathMatches
 } from "./chunk-LO2BO3RU.js";
+import {
+  userAgentMatches
+} from "./chunk-S2AAATFN.js";
 import {
   redirect
 } from "./chunk-DSSFFJWL.js";