@salesforce/sdk-data 1.90.4 → 1.92.0

package/dist/index.js

@@ -1,6 +1,6 @@
 import { getSurface as T, Surface as h } from "@salesforce/sdk-core";
 const m = "salesforce_graphql";
-class v {
+class C {
   async graphql(e, r) {
     return (await window.openai.callTool(m, {
       query: e,
@@ -8,31 +8,31 @@ class v {
     })).structuredContent;
   }
 }
-function o(t) {
-  return R(t) ? t.then((e) => e) : {
+function u(t) {
+  return S(t) ? t.then((e) => e) : {
     then: (e, r) => {
       try {
-        return o(e(t));
+        return u(e(t));
       } catch (n) {
-        return e === void 0 ? o(t) : p(n);
+        return e === void 0 ? u(t) : _(n);
       }
     }
   };
 }
-function p(t) {
-  return R(t) ? t.then((e) => e) : {
+function _(t) {
+  return S(t) ? t.then((e) => e) : {
     then: (e, r) => {
       if (typeof r == "function")
         try {
-          return o(r(t));
+          return u(r(t));
         } catch (n) {
-          return p(n);
+          return _(n);
         }
-      return p(t);
+      return _(t);
     }
   };
 }
-function R(t) {
+function S(t) {
   return typeof t?.then == "function";
 }
 function A(t = {
@@ -49,18 +49,18 @@ function A(t = {
       const s = (n = t.createContext) == null ? void 0 : n.call(t), {
         request: a = [],
         retry: c = void 0,
-        response: u = [],
-        finally: w = []
-      } = t, P = a.reduce(
-        (i, l) => i.then((y) => l(y, s)),
-        o(r)
+        response: o = [],
+        finally: y = []
+      } = t, p = a.reduce(
+        (i, l) => i.then((w) => l(w, s)),
+        u(r)
       );
-      return Promise.resolve(P).then((i) => c ? c(i, e, s) : e ? e.applyRetry(() => fetch(...i)) : fetch(...i)).then((i) => u.reduce(
-        (l, y) => l.then((k) => y(k, s)),
-        o(i)
+      return Promise.resolve(p).then((i) => c ? c(i, e, s) : e ? e.applyRetry(() => fetch(...i)) : fetch(...i)).then((i) => o.reduce(
+        (l, w) => l.then((v) => w(v, s)),
+        u(i)
       )).finally(() => {
-        if (w.length > 0)
-          return w.reduce(
+        if (y.length > 0)
+          return y.reduce(
             (i, l) => i.then(() => l(s)),
             Promise.resolve()
           );
@@ -68,7 +68,7 @@ function A(t = {
     }
   };
 }
-function C(t, e, [r, n = {}], {
+function E(t, e, [r, n = {}], {
   throwOnExisting: s = !1,
   errorMessage: a = `Unexpected ${t} header encountered`
 } = {}) {
@@ -92,7 +92,7 @@ function C(t, e, [r, n = {}], {
   }
   return [r, n];
 }
-class E {
+class I {
   constructor(e) {
     this.defaultRetryPolicy = e;
   }
@@ -107,8 +107,8 @@ class E {
       lastResult: a
     };
     for (; await r.shouldRetry(a, c); ) {
-      const u = await r.calculateDelay(a, c);
-      await this.delay(u), r.prepareRetry && await r.prepareRetry(a, c), s++, a = await e(), c = {
+      const o = await r.calculateDelay(a, c);
+      await this.delay(o), r.prepareRetry && await r.prepareRetry(a, c), s++, a = await e(), c = {
         attempt: s,
         totalElapsedMs: Date.now() - n,
         lastResult: a
@@ -122,44 +122,44 @@ class E {
     });
   }
 }
-class I {
+class b {
 }
-function b(t) {
+function D(t) {
   return {
     version: "1.0",
-    service: new E(t),
+    service: new I(t),
     type: "retry"
   };
 }
-const _ = "X-CSRF-Token";
-function D(t, e = {}) {
-  const { protectedUrls: r = [] } = e;
-  return async (n) => {
-    const [s, a] = n, c = new Request(s, a);
-    if (q(c.method) && g(r, c.url) && !c.headers.has(_)) {
-      const u = await t.getToken();
-      n = C(_, u, n);
+const P = "X-CSRF-Token";
+function q(t, e = {}) {
+  const { protectedUrls: r = [], alwaysProtectedUrls: n = [] } = e;
+  return async (s) => {
+    const [a, c] = s, o = new Request(a, c);
+    if (!o.headers.has(P) && (R(n, o.url) || g(o.method) && R(r, o.url))) {
+      const p = await t.getToken();
+      s = E(P, p, s);
     }
-    return o(n);
+    return u(s);
   };
 }
-function q(t) {
+function g(t) {
   const e = t.toLowerCase();
   return e === "post" || e === "put" || e === "patch" || e === "delete";
 }
-function g(t, e) {
+function R(t, e) {
   const r = new URL(e);
   return t.some((n) => r.pathname.includes(n));
 }
 function F(t, e = {}) {
-  const r = D(t, e);
+  const r = q(t, e);
   async function n(s) {
     const a = await r(s);
     return fetch(a[0], a[1]);
   }
   return (s, a) => a ? a.applyRetry(async () => n(s)) : n(s);
 }
-class H extends I {
+class H extends b {
   constructor(e) {
     super(e), this.csrfTokenManager = e;
   }
@@ -240,26 +240,27 @@ function $(t) {
   const e = t.csrf, r = new O(e.endpoint, e.cacheName);
   return A(
     { retry: F(r, e) },
-    b(new H(r)).service
+    D(new H(r)).service
   ).service;
 }
-const N = 1, L = `@salesforce/sdk-data_v${N}`, j = typeof __SF_API_VERSION__ < "u" ? __SF_API_VERSION__ : "65.0", B = typeof __SF_SERVER_BASE_PATH__ < "u" ? __SF_SERVER_BASE_PATH__ : "", S = `/services/data/v${j}`, U = `${S}/ui-api`;
-class x {
+const N = 1, U = `@salesforce/sdk-data_v${N}`, x = typeof __SF_API_VERSION__ < "u" ? __SF_API_VERSION__ : "65.0", L = typeof __SF_SERVER_BASE_PATH__ < "u" ? __SF_SERVER_BASE_PATH__ : "", k = `/services/data/v${x}`, j = `${k}/ui-api`;
+class B {
   base;
   clientFetch;
   on401;
   on403;
   constructor(e) {
-    this.base = e?.basePath ?? B, this.on401 = e?.on401, this.on403 = e?.on403, this.clientFetch = $({
+    this.base = e?.basePath ?? L, this.on401 = e?.on401, this.on403 = e?.on403, this.clientFetch = $({
       csrf: {
-        endpoint: `${this.base}${U}/session/csrf`,
-        cacheName: L,
-        protectedUrls: ["/services/data/v"]
+        endpoint: `${this.base}${j}/session/csrf`,
+        cacheName: U,
+        protectedUrls: ["/services/data/v", "/services/apexrest"],
+        alwaysProtectedUrls: ["/services/apexrest"]
       }
     });
   }
   async graphql(e, r) {
-    return (await this.fetch(`${S}/graphql`, {
+    return (await this.fetch(`${k}/graphql`, {
       method: "POST",
       body: JSON.stringify({ query: e, variables: r }),
       headers: {
@@ -297,10 +298,10 @@ function W(t, ...e) {
 async function K(t) {
   switch (T(t?.surface)) {
     case h.OpenAI:
-      return new v();
+      return new C();
     case h.WebApp:
     case h.MicroFrontend:
-      return new x(t?.webapp);
+      return new B(t?.webapp);
     case h.SalesforceACC:
       return {};
     case h.MCPApps:

package/dist/webapp/csrf/header.interceptor.d.ts

@@ -1,7 +1,13 @@
 import { RequestInterceptor } from '@conduit-client/service-fetch-network/v1';
 import { CsrfTokenManager } from './token-manager';
 export interface HeaderInterceptorConfig {
+    /** URLs that require CSRF tokens on mutating methods (POST, PUT, PATCH, DELETE). */
     protectedUrls?: string[];
+    /**
+     * URLs that require CSRF tokens on all methods including GET.
+     * Use for endpoints that are sensitive regardless of HTTP method (e.g. Apex REST).
+     */
+    alwaysProtectedUrls?: string[];
 }
 /**
  * Builds a configured interceptor for applying CSRF header to requests

package/dist/webapp/csrf/header.interceptor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"header.interceptor.d.ts","sourceRoot":"","sources":["../../../src/webapp/csrf/header.interceptor.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAGN,KAAK,kBAAkB,EACvB,MAAM,0CAA0C,CAAC;AAElD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAIxD,MAAM,WAAW,uBAAuB;IACvC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAC/B,gBAAgB,EAAE,gBAAgB,EAClC,MAAM,GAAE,uBAA4B,GAClC,kBAAkB,CAmBpB"}
+{"version":3,"file":"header.interceptor.d.ts","sourceRoot":"","sources":["../../../src/webapp/csrf/header.interceptor.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAGN,KAAK,kBAAkB,EACvB,MAAM,0CAA0C,CAAC;AAElD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAIxD,MAAM,WAAW,uBAAuB;IACvC,oFAAoF;IACpF,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB;;;OAGG;IACH,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC/B;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAC/B,gBAAgB,EAAE,gBAAgB,EAClC,MAAM,GAAE,uBAA4B,GAClC,kBAAkB,CAmBpB"}

package/dist/webapp/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/webapp/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACrE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AASrD,eAAO,MAAM,WAAW,QAA0E,CAAC;AAKnG;;GAEG;AACH,qBAAa,aAAc,YAAW,OAAO;IAC5C,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;IAC9B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAe;IAC3C,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAgC;IACvD,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAgC;gBAE3C,OAAO,CAAC,EAAE,oBAAoB;IAcpC,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAaxE,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,GAAG,GAAG,OAAO,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IAiBjF;;;OAGG;IACH,OAAO,CAAC,mBAAmB;CAY3B"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/webapp/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACrE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AASrD,eAAO,MAAM,WAAW,QAA0E,CAAC;AAKnG;;GAEG;AACH,qBAAa,aAAc,YAAW,OAAO;IAC5C,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;IAC9B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAe;IAC3C,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAgC;IACvD,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAgC;gBAE3C,OAAO,CAAC,EAAE,oBAAoB;IAepC,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAaxE,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,GAAG,GAAG,OAAO,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IAiBjF;;;OAGG;IACH,OAAO,CAAC,mBAAmB;CAY3B"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@salesforce/sdk-data",
-  "version": "1.90.4",
+  "version": "1.92.0",
   "license": "SEE LICENSE IN LICENSE.txt",
   "type": "module",
   "main": "./dist/index.js",
@@ -28,7 +28,7 @@
   "dependencies": {
     "@conduit-client/service-fetch-network": "3.17.0",
     "@conduit-client/utils": "3.17.0",
-    "@salesforce/sdk-core": "^1.90.4"
+    "@salesforce/sdk-core": "^1.92.0"
   },
   "devDependencies": {
     "vite": "^7.3.1",