@sitecore-content-sdk/core 1.2.0-canary.13 → 1.2.0-canary.14

package/dist/cjs/client/sitecore-client.js

@@ -150,7 +150,10 @@ class SitecoreClient {
             return null;
         }
         // If we're in Pages preview (editing) mode, prefetch the editing data
-        const { site, itemId, language, version, variantIds, layoutKind, mode } = previewData;
+        const { site, itemId, language, version, layoutKind, mode } = previewData;
+        const variantIds = Array.isArray(previewData.variantIds)
+            ? previewData.variantIds
+            : previewData.variantIds.split(',');
         const data = await this.editingService.fetchEditingData({
             itemId,
             language,

package/dist/cjs/utils/index.js

@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.tryParseEnvValue = exports.mergeURLSearchParams = exports.escapeNonSpecialQuestionMarks = exports.areURLSearchParamsEqual = exports.isRegexOrUrl = exports.getAllowedOriginsFromEnv = exports.enforceCors = exports.isTimeoutError = exports.isAbsoluteUrl = exports.resolveUrl = exports.isServer = void 0;
+exports.tryParseEnvValue = exports.mergeURLSearchParams = exports.escapeNonSpecialQuestionMarks = exports.areURLSearchParamsEqual = exports.isRegexOrUrl = exports.getAllowedOriginsFromEnv = exports.getEnforcedCorsHeaders = exports.enforceCors = exports.isTimeoutError = exports.isAbsoluteUrl = exports.resolveUrl = exports.isServer = void 0;
 var is_server_1 = require("./is-server");
 Object.defineProperty(exports, "isServer", { enumerable: true, get: function () { return __importDefault(is_server_1).default; } });
 var utils_1 = require("./utils");
@@ -11,6 +11,7 @@ Object.defineProperty(exports, "resolveUrl", { enumerable: true, get: function (
 Object.defineProperty(exports, "isAbsoluteUrl", { enumerable: true, get: function () { return utils_1.isAbsoluteUrl; } });
 Object.defineProperty(exports, "isTimeoutError", { enumerable: true, get: function () { return utils_1.isTimeoutError; } });
 Object.defineProperty(exports, "enforceCors", { enumerable: true, get: function () { return utils_1.enforceCors; } });
+Object.defineProperty(exports, "getEnforcedCorsHeaders", { enumerable: true, get: function () { return utils_1.getEnforcedCorsHeaders; } });
 Object.defineProperty(exports, "getAllowedOriginsFromEnv", { enumerable: true, get: function () { return utils_1.getAllowedOriginsFromEnv; } });
 Object.defineProperty(exports, "isRegexOrUrl", { enumerable: true, get: function () { return utils_1.isRegexOrUrl; } });
 Object.defineProperty(exports, "areURLSearchParamsEqual", { enumerable: true, get: function () { return utils_1.areURLSearchParamsEqual; } });

package/dist/cjs/utils/utils.js

@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.mergeURLSearchParams = exports.escapeNonSpecialQuestionMarks = exports.areURLSearchParamsEqual = exports.isRegexOrUrl = exports.enforceCors = exports.getAllowedOriginsFromEnv = exports.isTimeoutError = exports.isAbsoluteUrl = void 0;
+exports.mergeURLSearchParams = exports.escapeNonSpecialQuestionMarks = exports.areURLSearchParamsEqual = exports.isRegexOrUrl = exports.getEnforcedCorsHeaders = exports.enforceCors = exports.getAllowedOriginsFromEnv = exports.isTimeoutError = exports.isAbsoluteUrl = void 0;
 exports.resolveUrl = resolveUrl;
 const is_server_1 = __importDefault(require("./is-server"));
 /**
@@ -94,6 +94,7 @@ exports.getAllowedOriginsFromEnv = getAllowedOriginsFromEnv;
  * @param {OutgoingMessage} res response to set CORS headers for
  * @param {string[]} [allowedOrigins] additional list of origins to test against
  * @returns true if incoming origin matches the allowed lists, false when it does not
+ * @deprecated use getEnforcedCorsHeaders instead
  */
 const enforceCors = (req, res, allowedOrigins) => {
     // origin in not present for non-CORS requests (e.g. server-side) - so we skip the checks
@@ -124,6 +125,38 @@ const enforceCors = (req, res, allowedOrigins) => {
     return false;
 };
 exports.enforceCors = enforceCors;
+const getEnforcedCorsHeaders = ({ requestMethod, headers, presetCorsHeader, allowedOrigins = [], }) => {
+    // ugly but gotta satisfy both node.js and web fetch Headers interface somehow
+    const origin = headers.get
+        ? headers.get('origin')
+        : headers.origin;
+    if (!origin) {
+        return {};
+    }
+    // 3 sources of allowed origins are considered:
+    // the env value
+    const defaultAllowedOrigins = (0, exports.getAllowedOriginsFromEnv)();
+    // the allowedOrigins prop
+    allowedOrigins = defaultAllowedOrigins.concat(allowedOrigins || []);
+    // and the existing CORS header, if provided (i.e. from nextjs config)
+    if (presetCorsHeader) {
+        allowedOrigins.push(presetCorsHeader);
+    }
+    if (origin &&
+        allowedOrigins.some((allowedOrigin) => origin === allowedOrigin || new RegExp(convertToWildcardRegex(allowedOrigin)).test(origin))) {
+        const corsHeaders = {
+            'Access-Control-Allow-Origin': origin,
+            'Access-Control-Allow-Methods': 'GET, POST, OPTIONS, DELETE, PUT, PATCH',
+        };
+        // set the allowed headers for preflight requests
+        if (requestMethod === 'OPTIONS') {
+            corsHeaders['Access-Control-Allow-Headers'] = 'Content-Type, Authorization';
+        }
+        return corsHeaders;
+    }
+    return null;
+};
+exports.getEnforcedCorsHeaders = getEnforcedCorsHeaders;
 /**
  * Determines whether the given input is a regular expression or resembles a URL.
  * @param {string} input - The input string to evaluate.

package/dist/esm/client/sitecore-client.js

@@ -147,7 +147,10 @@ export class SitecoreClient {
             return null;
         }
         // If we're in Pages preview (editing) mode, prefetch the editing data
-        const { site, itemId, language, version, variantIds, layoutKind, mode } = previewData;
+        const { site, itemId, language, version, layoutKind, mode } = previewData;
+        const variantIds = Array.isArray(previewData.variantIds)
+            ? previewData.variantIds
+            : previewData.variantIds.split(',');
         const data = await this.editingService.fetchEditingData({
             itemId,
             language,

package/dist/esm/utils/index.js

@@ -1,3 +1,3 @@
 export { default as isServer } from './is-server';
-export { resolveUrl, isAbsoluteUrl, isTimeoutError, enforceCors, getAllowedOriginsFromEnv, isRegexOrUrl, areURLSearchParamsEqual, escapeNonSpecialQuestionMarks, mergeURLSearchParams, } from './utils';
+export { resolveUrl, isAbsoluteUrl, isTimeoutError, enforceCors, getEnforcedCorsHeaders, getAllowedOriginsFromEnv, isRegexOrUrl, areURLSearchParamsEqual, escapeNonSpecialQuestionMarks, mergeURLSearchParams, } from './utils';
 export { tryParseEnvValue } from './env';

package/dist/esm/utils/utils.js

@@ -84,6 +84,7 @@ export const getAllowedOriginsFromEnv = () => process.env.JSS_ALLOWED_ORIGINS
  * @param {OutgoingMessage} res response to set CORS headers for
  * @param {string[]} [allowedOrigins] additional list of origins to test against
  * @returns true if incoming origin matches the allowed lists, false when it does not
+ * @deprecated use getEnforcedCorsHeaders instead
  */
 export const enforceCors = (req, res, allowedOrigins) => {
     // origin in not present for non-CORS requests (e.g. server-side) - so we skip the checks
@@ -113,6 +114,37 @@ export const enforceCors = (req, res, allowedOrigins) => {
     }
     return false;
 };
+export const getEnforcedCorsHeaders = ({ requestMethod, headers, presetCorsHeader, allowedOrigins = [], }) => {
+    // ugly but gotta satisfy both node.js and web fetch Headers interface somehow
+    const origin = headers.get
+        ? headers.get('origin')
+        : headers.origin;
+    if (!origin) {
+        return {};
+    }
+    // 3 sources of allowed origins are considered:
+    // the env value
+    const defaultAllowedOrigins = getAllowedOriginsFromEnv();
+    // the allowedOrigins prop
+    allowedOrigins = defaultAllowedOrigins.concat(allowedOrigins || []);
+    // and the existing CORS header, if provided (i.e. from nextjs config)
+    if (presetCorsHeader) {
+        allowedOrigins.push(presetCorsHeader);
+    }
+    if (origin &&
+        allowedOrigins.some((allowedOrigin) => origin === allowedOrigin || new RegExp(convertToWildcardRegex(allowedOrigin)).test(origin))) {
+        const corsHeaders = {
+            'Access-Control-Allow-Origin': origin,
+            'Access-Control-Allow-Methods': 'GET, POST, OPTIONS, DELETE, PUT, PATCH',
+        };
+        // set the allowed headers for preflight requests
+        if (requestMethod === 'OPTIONS') {
+            corsHeaders['Access-Control-Allow-Headers'] = 'Content-Type, Authorization';
+        }
+        return corsHeaders;
+    }
+    return null;
+};
 /**
  * Determines whether the given input is a regular expression or resembles a URL.
  * @param {string} input - The input string to evaluate.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sitecore-content-sdk/core",
-  "version": "1.2.0-canary.13",
+  "version": "1.2.0-canary.14",
   "main": "dist/cjs/index.js",
   "module": "dist/esm/index.js",
   "sideEffects": false,
@@ -85,7 +85,7 @@
   },
   "description": "",
   "types": "types/index.d.ts",
-  "gitHead": "2a13a10bb66e3d17858479c0889aa6a7fdfdd5bf",
+  "gitHead": "87baa0af30c41a696ab78363b2ff0fefd723b6f9",
   "files": [
     "dist",
     "types",

package/types/editing/models.d.ts

@@ -58,7 +58,7 @@ export type EditingPreviewData = {
     itemId: string;
     language: string;
     mode: Exclude<LayoutServicePageState, 'Normal'>;
-    variantIds: string[];
+    variantIds: string[] | string;
     version?: string;
     layoutKind?: LayoutKind;
 };

package/types/utils/index.d.ts

@@ -1,3 +1,3 @@
 export { default as isServer } from './is-server';
-export { resolveUrl, isAbsoluteUrl, isTimeoutError, enforceCors, EnhancedOmit, getAllowedOriginsFromEnv, isRegexOrUrl, areURLSearchParamsEqual, escapeNonSpecialQuestionMarks, mergeURLSearchParams, } from './utils';
+export { resolveUrl, isAbsoluteUrl, isTimeoutError, enforceCors, getEnforcedCorsHeaders, EnhancedOmit, getAllowedOriginsFromEnv, isRegexOrUrl, areURLSearchParamsEqual, escapeNonSpecialQuestionMarks, mergeURLSearchParams, } from './utils';
 export { tryParseEnvValue } from './env';

package/types/utils/utils.d.ts

@@ -1,4 +1,4 @@
-import { IncomingMessage, OutgoingMessage } from 'http';
+import { IncomingHttpHeaders, IncomingMessage, OutgoingMessage } from 'http';
 import { ParsedUrlQueryInput } from 'querystring';
 /**
  * Omit properties from T that are in K. This is a simplified version of TypeScript's built-in `Omit` utility type.
@@ -38,8 +38,17 @@ export declare const getAllowedOriginsFromEnv: () => string[];
  * @param {OutgoingMessage} res response to set CORS headers for
  * @param {string[]} [allowedOrigins] additional list of origins to test against
  * @returns true if incoming origin matches the allowed lists, false when it does not
+ * @deprecated use getEnforcedCorsHeaders instead
  */
 export declare const enforceCors: (req: IncomingMessage, res: OutgoingMessage, allowedOrigins?: string[]) => boolean;
+export declare const getEnforcedCorsHeaders: ({ requestMethod, headers, presetCorsHeader, allowedOrigins, }: {
+    requestMethod: string | undefined;
+    headers: IncomingHttpHeaders | Headers;
+    presetCorsHeader?: string | string[];
+    allowedOrigins?: string[];
+}) => {
+    [key: string]: string;
+} | null;
 /**
  * Determines whether the given input is a regular expression or resembles a URL.
  * @param {string} input - The input string to evaluate.