@salesforce/pwa-kit-runtime 4.0.0-extensibility-preview.1 → 4.0.0-extensibility-preview.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@salesforce/pwa-kit-runtime",
-  "version": "4.0.0-extensibility-preview.1",
+  "version": "4.0.0-extensibility-preview.3",
   "description": "The PWAKit Runtime",
   "homepage": "https://github.com/SalesforceCommerceCloud/pwa-kit/tree/develop/packages/pwa-kit-runtime#readme",
   "bugs": {
@@ -46,13 +46,13 @@
   },
   "devDependencies": {
     "@loadable/component": "^5.15.3",
-    "@salesforce/pwa-kit-dev": "4.0.0-extensibility-preview.1",
-    "@salesforce/pwa-kit-extension-sdk": "4.0.0-extensibility-preview.1",
+    "@salesforce/pwa-kit-dev": "4.0.0-extensibility-preview.3",
+    "@salesforce/pwa-kit-extension-sdk": "4.0.0-extensibility-preview.3",
     "@serverless/event-mocks": "^1.1.1",
     "@types/express": "^4.17.21",
     "aws-lambda-mock-context": "^3.2.1",
     "fs-extra": "^11.1.1",
-    "internal-lib-build": "4.0.0-extensibility-preview.1",
+    "internal-lib-build": "4.0.0-extensibility-preview.3",
     "nock": "^13.3.0",
     "nodemon": "^2.0.22",
     "sinon": "^13.0.2",
@@ -60,7 +60,7 @@
     "supertest": "^4.0.2"
   },
   "peerDependencies": {
-    "@salesforce/pwa-kit-dev": "4.0.0-extensibility-preview.1"
+    "@salesforce/pwa-kit-dev": "4.0.0-extensibility-preview.3"
   },
   "peerDependenciesMeta": {
     "@salesforce/pwa-kit-dev": {
@@ -74,5 +74,5 @@
   "publishConfig": {
     "directory": "dist"
   },
-  "gitHead": "5728f89cb53ab1b0c89418578f3e90c755efb0f8"
+  "gitHead": "904de01e826117febeea952e034478349e16ea4d"
 }

package/ssr/server/build-remote-server.d.ts

@@ -74,6 +74,11 @@ export namespace RemoteServerFactory {
      * @private
      */
     function _addSDKInternalHandlers(app: any): void;
+    /**
+     * Set x-forward-* headers into locals, this is primarily used to facilitate react sdk hook `useOrigin`
+     * @private
+     */
+    function _setForwardedHeaders(app: any, options: any): void;
     /**
      * @private
      */
@@ -156,7 +161,7 @@ export namespace RemoteServerFactory {
      * @param app {Express} - an Express App
      * @private
      */
-    function _createHandler(app: Express): {
+    function _createHandler(app: Express, options: any): {
         handler: (event: any, context: any, callback: any) => void;
         server: any;
         app: Express;

package/ssr/server/build-remote-server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"build-remote-server.d.ts","sourceRoot":"","sources":["../../../src/ssr/server/build-remote-server.js"],"names":[],"mappings":"AAoEA;;;;GAIG;AACH,gDAKC;;IAWG;;OAEG;IACH,uCAgFC;IAED;;OAEG;IAEH,gDAEC;IAED;;OAEG;IAEH,iDAEC;IAED;;OAEG;IAEH,4CAEC;IAED;;OAEG;IACH,uDAEC;IAED;;OAEG;IAEH,2CAEC;IAED;;OAEG;IACH,6CAEC;IAED;;OAEG;IACH,4DAIC;IAED;;OAEG;IAEH,yCAEC;IAED;;OAEG;IAEH,uCA6CC;IAED;;;OAGG;IACH,uCAcC;IAED;;OAEG;IAEH,+CAEC;IAED;;OAEG;IACH,kDAEC;IAED;;OAEG;IACH,oDAEC;IAED;;OAEG;IACH,+EA0CC;IAED;;OAEG;IACH,sFAyDC;IAED;;OAEG;IAEH,iDAEC;IAED;;OAEG;IACH,6DAwLC;IAED;;OAEG;IAEH,sDAOC;IAED;;OAEG;IACH,yDAOC;IAED;;OAEG;IACH,oEAuEC;IAED;;OAEG;IACH,2CAIC;IAED;;OAEG;IACH,8DAaC;IAED;;OAEG;IACH,oDA0EC;IAED;;OAEG;IACH,wCAEC;IAED;;OAEG;IACH,gDAGC;IAED;;;;;;;;;;;OAWG;IACH,sDAwBC;IAED;;;;;;;OAOG;IACH,wFAKC;IAED;;OAEG;IACH,4FASC;IAED;;;;;;;;;;OAUG;IACH,6DAWC;IAED;;;;;;;OAOG;IACH;;;;MA8EC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH;;;;;;;;;;;;MAKC;IAED;;OAEG;IAEH,8CAEC;;AAyFE,uDASN"}
+{"version":3,"file":"build-remote-server.d.ts","sourceRoot":"","sources":["../../../src/ssr/server/build-remote-server.js"],"names":[],"mappings":"AAqEA;;;;GAIG;AACH,gDAKC;;IAWG;;OAEG;IACH,uCAgFC;IAED;;OAEG;IAEH,gDAEC;IAED;;OAEG;IAEH,iDAEC;IAED;;OAEG;IAEH,4CAEC;IAED;;OAEG;IACH,uDAEC;IAED;;OAEG;IAEH,2CAEC;IAED;;OAEG;IACH,6CAEC;IAED;;OAEG;IACH,4DAIC;IAED;;OAEG;IAEH,yCAEC;IAED;;OAEG;IAEH,uCA6CC;IAED;;;OAGG;IACH,uCAcC;IAED;;OAEG;IAEH,+CAEC;IAED;;OAEG;IACH,kDAEC;IAED;;OAEG;IACH,oDAEC;IAED;;OAEG;IACH,+EA2CC;IAED;;OAEG;IACH,sFAyDC;IAED;;OAEG;IAEH,iDAEC;IAED;;;OAGG;IACH,4DAWC;IAED;;OAEG;IACH,6DAwLC;IAED;;OAEG;IAEH,sDAOC;IAED;;OAEG;IACH,yDAOC;IAED;;OAEG;IACH,oEA4EC;IAED;;OAEG;IACH,2CAIC;IAED;;OAEG;IACH,8DAiBC;IAED;;OAEG;IACH,oDA0EC;IAED;;OAEG;IACH,wCAEC;IAED;;OAEG;IACH,gDAGC;IAED;;;;;;;;;;;OAWG;IACH,sDAwBC;IAED;;;;;;;OAOG;IACH,wFAKC;IAED;;OAEG;IACH,4FASC;IAED;;;;;;;;;;OAUG;IACH,6DAWC;IAED;;;;;;;OAOG;IACH;;;;MAgGC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH;;;;;;;;;;;;MAKC;IAED;;OAEG;IAEH,8CAEC;;AA2HE,uDASN"}

package/ssr/server/build-remote-server.js

@@ -297,6 +297,7 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
     // want request-processors applied to development views.
     this._addSDKInternalHandlers(app);
     this._setupSSRRequestProcessorMiddleware(app);
+    this._setForwardedHeaders(app, options);
     this._setupLogging(app);
     this._setupMetricsFlushing(app);
     this._setupHealthcheck(app);
@@ -371,6 +372,22 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
   _addSDKInternalHandlers(app) {
     // This method is used by the dev server, but is not needed here.
   },
+  /**
+   * Set x-forward-* headers into locals, this is primarily used to facilitate react sdk hook `useOrigin`
+   * @private
+   */
+  _setForwardedHeaders(app, options) {
+    app.use((req, res, next) => {
+      var _req$headers, _req$headers2;
+      const xForwardedHost = (_req$headers = req.headers) === null || _req$headers === void 0 ? void 0 : _req$headers['x-forwarded-host'];
+      const xForwardedProto = (_req$headers2 = req.headers) === null || _req$headers2 === void 0 ? void 0 : _req$headers2['x-forwarded-proto'];
+      if (xForwardedHost) {
+        // prettier-ignore
+        res.locals.xForwardedOrigin = `${xForwardedProto || options.protocol}://${xForwardedHost}`;
+      }
+      next();
+    });
+  },
   /**
    * @private
    */
@@ -584,7 +601,7 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
         [_ssrNamespacePaths.slasPrivateProxyPath]: ''
       },
       onProxyReq: (proxyRequest, incomingRequest) => {
-        var _incomingRequest$path;
+        var _incomingRequest$path, _incomingRequest$path2;
         (0, _configureProxy.applyProxyRequestHeaders)({
           proxyRequest,
           incomingRequest,
@@ -603,6 +620,11 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
         if ((_incomingRequest$path = incomingRequest.path) !== null && _incomingRequest$path !== void 0 && _incomingRequest$path.match(options.applySLASPrivateClientToEndpoints)) {
           proxyRequest.setHeader('Authorization', `Basic ${encodedSlasCredentials}`);
         }
+
+        // /oauth2/trusted-agent/token endpoint requires a different auth header
+        if ((_incomingRequest$path2 = incomingRequest.path) !== null && _incomingRequest$path2 !== void 0 && _incomingRequest$path2.match(/\/oauth2\/trusted-agent\/token/)) {
+          proxyRequest.setHeader('_sfdc_client_auth', encodedSlasCredentials);
+        }
       },
       onProxyRes: (proxyRes, req) => {
         if (proxyRes.statusCode && proxyRes.statusCode >= 400) {
@@ -646,6 +668,9 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
     // NOTE: Think about changing the name of this function to `applyApplicationExtensions`. First look into
     // what a common pattern is for application enhancement.
     (0, _express3.applyApplicationExtensions)(app);
+    if (options !== null && options !== void 0 && options.encodeNonAsciiHttpHeaders) {
+      app.use(encodeNonAsciiMiddleware);
+    }
     applyPatches(options);
   },
   /**
@@ -804,13 +829,29 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
    * @param app {Express} - an Express App
    * @private
    */
-  _createHandler(app) {
+  _createHandler(app, options) {
     // This flag is initially false, and is set true on the first request
     // handled by a Lambda. If it is true on entry to the handler function,
     // it indicates that the Lambda container has been reused.
     let lambdaContainerReused = false;
     const server = _awsServerlessExpress.default.createServer(app, null, binaryMimeTypes);
     const handler = (event, context, callback) => {
+      // encode non ASCII request headers
+      if (options !== null && options !== void 0 && options.encodeNonAsciiHttpHeaders) {
+        Object.keys(event.headers).forEach(key => {
+          if (!isASCII(event.headers[key])) {
+            event.headers[key] = encodeURIComponent(event.headers[key]);
+            // x-encoded-headers keeps track of which headers have been modified and encoded
+            if (event.headers[_constants.X_ENCODED_HEADERS]) {
+              // append header key
+              event.headers[_constants.X_ENCODED_HEADERS] = `${event.headers[_constants.X_ENCODED_HEADERS]},${key}`;
+            } else {
+              event.headers[_constants.X_ENCODED_HEADERS] = key;
+            }
+          }
+        });
+      }
+
       // We don't want to wait for an empty event loop once the response
       // has been sent. Setting this to false will "send the response
       // right away when the callback executes", but any pending events
@@ -912,8 +953,8 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
   createHandler(options, customizeApp) {
     process.on('unhandledRejection', _ssrServer.catchAndLog);
     const app = this._createApp(options);
-    customizeApp(app);
-    return this._createHandler(app);
+    customizeApp(app, options);
+    return this._createHandler(app, options);
   },
   /**
    * @private
@@ -996,6 +1037,37 @@ const errorHandlerMiddleware = (err, req, res, next) => {
   res.sendStatus(500);
 };
 
+/**
+ * Helper function that checks if a string is composed of ASCII characters
+ * We only check printable ASCII characters and not special ASCII characters
+ * such as NULL
+ *
+ * @private
+ */
+const isASCII = str => {
+  return /^[\x20-\x7E]*$/.test(str);
+};
+
+/**
+ * Express Middleware applied to responses that encode any non ASCII headers
+ *
+ * @private
+ */
+const encodeNonAsciiMiddleware = (req, res, next) => {
+  const originalSetHeader = res.setHeader;
+  res.setHeader = function (key, value) {
+    if (!isASCII(value)) {
+      originalSetHeader.call(this, key, encodeURIComponent(value));
+      let encodedHeaders = res.getHeader(_constants.X_ENCODED_HEADERS);
+      encodedHeaders = encodedHeaders ? `${encodedHeaders},${key}` : key;
+      originalSetHeader.call(this, _constants.X_ENCODED_HEADERS, encodedHeaders);
+    } else {
+      originalSetHeader.call(this, key, value);
+    }
+  };
+  next();
+};
+
 /**
  * Wrap the function fn in such a way that it will be called at most once. Subsequent
  * calls will always return the same value.

package/ssr/server/build-remote-server.test.js

@@ -2,6 +2,8 @@
 
 var _supertest = _interopRequireDefault(require("supertest"));
 var _buildRemoteServer = require("./build-remote-server");
+var _constants = require("./constants");
+var _awsServerlessExpress = _interopRequireDefault(require("aws-serverless-express"));
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
 function ownKeys(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
 function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
@@ -13,6 +15,12 @@ function _toPrimitive(t, r) { if ("object" != typeof t || !t) return t; var e =
  * SPDX-License-Identifier: BSD-3-Clause
  * For full license text, see the LICENSE file in the repo root or https://opensource.org/licenses/BSD-3-Clause
  */
+jest.mock('aws-serverless-express', () => {
+  return {
+    createServer: jest.fn(),
+    proxy: jest.fn()
+  };
+});
 const opts = (overrides = {}) => {
   const defaults = {
     buildDir: './src/ssr/server/test_fixtures',
@@ -178,4 +186,70 @@ describe('remote server factory test coverage', () => {
 //             ]
 //         ]).toF
 //     })
-// })
+// })
+describe('encodeNonAsciiHttpHeaders flag in options to createHandler', () => {
+  test('encodes request headers', () => {
+    const mockApp = {
+      sendMetric: jest.fn()
+    };
+    const mockOptions = {
+      encodeNonAsciiHttpHeaders: true
+    };
+    const originalHeaders = {
+      'x-non-ascii-header-one': 'テスト',
+      'x-non-ascii-header-two': '测试',
+      'x-regular-header': 'ascii-str'
+    };
+    const event = {
+      headers: _objectSpread({}, originalHeaders)
+    };
+    const expectedHeaders = {
+      'x-non-ascii-header-one': '%E3%83%86%E3%82%B9%E3%83%88',
+      'x-non-ascii-header-two': '%E6%B5%8B%E8%AF%95',
+      'x-encoded-headers': 'x-non-ascii-header-one,x-non-ascii-header-two',
+      'x-regular-header': 'ascii-str'
+    };
+    const {
+      handler
+    } = _buildRemoteServer.RemoteServerFactory._createHandler(mockApp, mockOptions);
+    expect(event.headers).toEqual(originalHeaders);
+    handler(event, {}, {});
+    expect(event.headers).toEqual(expectedHeaders);
+    expect(decodeURIComponent(event.headers['x-non-ascii-header-one'])).toEqual(originalHeaders['x-non-ascii-header-one']);
+  });
+  test('encodes response headers', () => {
+    const mockApp = {
+      use: jest.fn()
+    };
+    const mockOptions = {
+      encodeNonAsciiHttpHeaders: true
+    };
+    const res = {
+      headers: {},
+      setHeader: (key, value) => {
+        res.headers[key] = value;
+      },
+      getHeader: key => {
+        return res.headers[key];
+      }
+    };
+    const nonASCIIheader = 'x-non-ascii-header';
+    const nonASCIIstr = 'テスト';
+    const expectedEncoding = '%E3%83%86%E3%82%B9%E3%83%88';
+    const regularHeaderKey = 'x-regular-header';
+    const regularHeaderValue = 'ascii-str';
+    _buildRemoteServer.RemoteServerFactory._setupCommonMiddleware(mockApp, mockOptions);
+    const encodeNonAsciiMiddleware = mockApp.use.mock.calls[3][0];
+    res.setHeader(nonASCIIheader, nonASCIIstr);
+    expect(res.getHeader(nonASCIIheader)).toEqual(nonASCIIstr);
+    encodeNonAsciiMiddleware({}, res, () => {});
+    res.setHeader(nonASCIIheader, nonASCIIstr);
+    expect(res.getHeader(nonASCIIheader)).toEqual(expectedEncoding);
+    expect(decodeURI(expectedEncoding)).toEqual(nonASCIIstr);
+    expect(res.getHeader(_constants.X_ENCODED_HEADERS)).toEqual(nonASCIIheader);
+
+    // confirm ASCII headers are not modified
+    res.setHeader(regularHeaderKey, regularHeaderValue);
+    expect(res.getHeader(regularHeaderKey)).toEqual(regularHeaderValue);
+  });
+});

package/ssr/server/constants.d.ts

@@ -8,6 +8,7 @@ export const CONTENT_ENCODING: "content-encoding";
 export const X_ORIGINAL_CONTENT_TYPE: "x-original-content-type";
 export const X_MOBIFY_QUERYSTRING: "x-mobify-querystring";
 export const X_MOBIFY_FROM_CACHE: "x-mobify-from-cache";
+export const X_ENCODED_HEADERS: "x-encoded-headers";
 export const SET_COOKIE: "set-cookie";
 export const CACHE_CONTROL: "cache-control";
 export const NO_CACHE: "max-age=0, nocache, nostore, must-revalidate";

package/ssr/server/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../src/ssr/server/constants.js"],"names":[],"mappings":"AAMA,kEAAkE;AAClE,4BAA4B;AAC5B,4CAA4C;AAE5C,oEAAoE;AACpE,gDAAgD;AAGhD,0CAA0C;AAC1C,kDAAkD;AAClD,gEAAgE;AAChE,0DAA0D;AAC1D,wDAAwD;AACxD,sCAAsC;AACtC,4CAA4C;AAC5C,sEAAsE;AACtE,gEAAgE;AAChE,oEAAoE;AAEpE,2EAA2E;AAC3E,4DAA4D"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../src/ssr/server/constants.js"],"names":[],"mappings":"AAMA,kEAAkE;AAClE,4BAA4B;AAC5B,4CAA4C;AAE5C,oEAAoE;AACpE,gDAAgD;AAGhD,0CAA0C;AAC1C,kDAAkD;AAClD,gEAAgE;AAChE,0DAA0D;AAC1D,wDAAwD;AACxD,oDAAoD;AACpD,sCAAsC;AACtC,4CAA4C;AAC5C,sEAAsE;AACtE,gEAAgE;AAChE,oEAAoE;AAEpE,2EAA2E;AAC3E,4DAA4D"}

package/ssr/server/constants.js

@@ -3,7 +3,7 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.X_ORIGINAL_CONTENT_TYPE = exports.X_MOBIFY_QUERYSTRING = exports.X_MOBIFY_FROM_CACHE = exports.STRICT_TRANSPORT_SECURITY = exports.STATIC_ASSETS = exports.SLAS_CUSTOM_PROXY_PATH = exports.SET_COOKIE = exports.PROXY_PATH_PREFIX = exports.NO_CACHE = exports.CONTENT_TYPE = exports.CONTENT_SECURITY_POLICY = exports.CONTENT_ENCODING = exports.CACHE_CONTROL = exports.BUILD = exports.APPLICATION_OCTET_STREAM = void 0;
+exports.X_ORIGINAL_CONTENT_TYPE = exports.X_MOBIFY_QUERYSTRING = exports.X_MOBIFY_FROM_CACHE = exports.X_ENCODED_HEADERS = exports.STRICT_TRANSPORT_SECURITY = exports.STATIC_ASSETS = exports.SLAS_CUSTOM_PROXY_PATH = exports.SET_COOKIE = exports.PROXY_PATH_PREFIX = exports.NO_CACHE = exports.CONTENT_TYPE = exports.CONTENT_SECURITY_POLICY = exports.CONTENT_ENCODING = exports.CACHE_CONTROL = exports.BUILD = exports.APPLICATION_OCTET_STREAM = void 0;
 /*
  * Copyright (c) 2021, salesforce.com, inc.
  * All rights reserved.
@@ -23,6 +23,7 @@ const CONTENT_ENCODING = exports.CONTENT_ENCODING = 'content-encoding';
 const X_ORIGINAL_CONTENT_TYPE = exports.X_ORIGINAL_CONTENT_TYPE = 'x-original-content-type';
 const X_MOBIFY_QUERYSTRING = exports.X_MOBIFY_QUERYSTRING = 'x-mobify-querystring';
 const X_MOBIFY_FROM_CACHE = exports.X_MOBIFY_FROM_CACHE = 'x-mobify-from-cache';
+const X_ENCODED_HEADERS = exports.X_ENCODED_HEADERS = 'x-encoded-headers';
 const SET_COOKIE = exports.SET_COOKIE = 'set-cookie';
 const CACHE_CONTROL = exports.CACHE_CONTROL = 'cache-control';
 const NO_CACHE = exports.NO_CACHE = 'max-age=0, nocache, nostore, must-revalidate';

package/ssr/server/express.test.js

@@ -19,6 +19,8 @@ var _crypto = require("crypto");
 function _getRequireWildcardCache(e) { if ("function" != typeof WeakMap) return null; var r = new WeakMap(), t = new WeakMap(); return (_getRequireWildcardCache = function (e) { return e ? t : r; })(e); }
 function _interopRequireWildcard(e, r) { if (!r && e && e.__esModule) return e; if (null === e || "object" != typeof e && "function" != typeof e) return { default: e }; var t = _getRequireWildcardCache(r); if (t && t.has(e)) return t.get(e); var n = { __proto__: null }, a = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var u in e) if ("default" !== u && {}.hasOwnProperty.call(e, u)) { var i = a ? Object.getOwnPropertyDescriptor(e, u) : null; i && (i.get || i.set) ? Object.defineProperty(n, u, i) : n[u] = e[u]; } return n.default = e, t && t.set(e, n), n; }
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
+function asyncGeneratorStep(n, t, e, r, o, a, c) { try { var i = n[a](c), u = i.value; } catch (n) { return void e(n); } i.done ? t(u) : Promise.resolve(u).then(r, o); }
+function _asyncToGenerator(n) { return function () { var t = this, e = arguments; return new Promise(function (r, o) { var a = n.apply(t, e); function _next(n) { asyncGeneratorStep(a, r, o, _next, _throw, "next", n); } function _throw(n) { asyncGeneratorStep(a, r, o, _next, _throw, "throw", n); } _next(void 0); }); }; }
 function _extends() { return _extends = Object.assign ? Object.assign.bind() : function (n) { for (var e = 1; e < arguments.length; e++) { var t = arguments[e]; for (var r in t) ({}).hasOwnProperty.call(t, r) && (n[r] = t[r]); } return n; }, _extends.apply(null, arguments); }
 function ownKeys(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
 function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
@@ -477,6 +479,40 @@ describe('SSRServer operation', () => {
       expect(response.headers['set-cookie']).toBeUndefined();
     });
   });
+  test('should set xForwardedOrigin based on defined x-forwarded-host and x-forwarded-proto headers', () => {
+    process.env = {
+      MRT_ALLOW_COOKIES: 'true'
+    };
+    const forwardedHost = 'www.example.com';
+    const forwardedProto = 'https';
+    const app = _buildRemoteServer.RemoteServerFactory._createApp(opts());
+    const route = (req, res) => {
+      expect(req.headers['x-forwarded-host']).toBe(forwardedHost);
+      expect(res.locals.xForwardedOrigin).toBe(`${forwardedProto}://${forwardedHost}`);
+      res.sendStatus(200);
+    };
+    app.get('/*', route);
+    return (0, _supertest.default)(app).get('/').set('x-forwarded-host', forwardedHost).set('x-forwarded-proto', 'https').then(response => {
+      expect(response.status).toBe(200);
+    });
+  });
+  test('should set xForwardedOrigin based on defined x-forwarded-host and undefined x-forwarded-proto headers', () => {
+    process.env = {
+      MRT_ALLOW_COOKIES: 'true'
+    };
+    const options = opts();
+    const forwardedHost = 'www.example.com';
+    const app = _buildRemoteServer.RemoteServerFactory._createApp(options);
+    const route = (req, res) => {
+      expect(req.headers['x-forwarded-host']).toBe(forwardedHost);
+      expect(res.locals.xForwardedOrigin).toBe(`${options.protocol}://${forwardedHost}`);
+      res.sendStatus(200);
+    };
+    app.get('/*', route);
+    return (0, _supertest.default)(app).get('/').set('x-forwarded-host', forwardedHost).then(response => {
+      expect(response.status).toBe(200);
+    });
+  });
   test(`should reject POST requests to /`, () => {
     const app = _buildRemoteServer.RemoteServerFactory._createApp(opts());
     const route = (req, res) => {
@@ -948,5 +984,50 @@ describe('SLAS private client proxy', () => {
       expect(response.body.host).toBe('shortCode.api.commercecloud.salesforce.com');
       expect(response.body['x-mobify']).toBe('true');
     });
-  });
+  }, 15000);
+  test('does not add _sfdc_client_auth header if request not for /oauth2/trusted-agent/token', /*#__PURE__*/_asyncToGenerator(function* () {
+    process.env.PWA_KIT_SLAS_CLIENT_SECRET = 'a secret';
+    const encodedCredentials = Buffer.from('clientId:a secret').toString('base64');
+    const app = _buildRemoteServer.RemoteServerFactory._createApp(opts({
+      mobify: {
+        app: {
+          commerceAPI: {
+            parameters: {
+              clientId: 'clientId',
+              shortCode: 'shortCode'
+            }
+          }
+        }
+      },
+      useSLASPrivateClient: true,
+      slasTarget: slasTarget
+    }));
+    return yield (0, _supertest.default)(app).get('/mobify/slas/oauth2/other-path').then(response => {
+      expect(response.body._sfdc_client_auth).toBeUndefined();
+    });
+  }), 15000);
+  test('adds _sfdc_client_auth header if request is for /oauth2/trusted-agent/token', /*#__PURE__*/_asyncToGenerator(function* () {
+    process.env.PWA_KIT_SLAS_CLIENT_SECRET = 'a secret';
+    const encodedCredentials = Buffer.from('clientId:a secret').toString('base64');
+    const app = _buildRemoteServer.RemoteServerFactory._createApp(opts({
+      mobify: {
+        app: {
+          commerceAPI: {
+            parameters: {
+              clientId: 'clientId',
+              shortCode: 'shortCode'
+            }
+          }
+        }
+      },
+      useSLASPrivateClient: true,
+      slasTarget: slasTarget,
+      trustedAgentAuthPathMatch: /\/oauth2\/trusted-agent\/token/
+    }));
+    return yield (0, _supertest.default)(app).get('/mobify/slas/private/oauth2/trusted-agent/token').then(response => {
+      expect(response.body['_sfdc_client_auth']).toBe(encodedCredentials);
+      expect(response.body.host).toBe('shortCode.api.commercecloud.salesforce.com');
+      expect(response.body['x-mobify']).toBe('true');
+    });
+  }), 15000);
 });