@sitecore-content-sdk/nextjs 2.0.0-canary.3 → 2.0.0-canary.4

package/dist/cjs/editing/editing-render-middleware.js

@@ -34,7 +34,7 @@ class EditingRenderMiddleware extends render_middleware_1.RenderMiddlewareBase {
         super();
         this.config = config;
         this.handler = (req, res) => __awaiter(this, void 0, void 0, function* () {
-            var _a, _b, _c, _d, _e;
+            var _a, _b, _c, _d, _e, _f;
             const { body, method, headers, query } = req;
             debug_1.default.editing('editing render middleware start: %o', {
                 method,
@@ -81,15 +81,22 @@ class EditingRenderMiddleware extends render_middleware_1.RenderMiddlewareBase {
             const mode = query.mode;
             const requiredQueryParams = (0, utils_2.getRequiredEditingParamsList)(mode);
             const missingQueryParams = requiredQueryParams.filter((param) => !query[param]);
+            const { allowedQueryParams, missingAllowedParams } = (0, utils_2.getAllowedQueryParams)(query, (_b = this.config) === null || _b === void 0 ? void 0 : _b.allowedQueryParams);
             // Validate query parameters
-            if (missingQueryParams.length) {
-                debug_1.default.editing('missing required query parameters: %o', missingQueryParams);
+            if (missingQueryParams.length || missingAllowedParams.length) {
+                debug_1.default.editing('missing required query parameters: %o', [
+                    ...missingQueryParams,
+                    ...missingAllowedParams,
+                ]);
                 return res.status(400).json({
-                    html: `<html><body>Missing required query parameters: ${missingQueryParams.join(', ')}</body></html>`,
+                    html: `<html><body>Missing required query parameters: ${[
+                        ...missingQueryParams,
+                        ...missingAllowedParams,
+                    ].join(', ')}</body></html>`,
                 });
             }
             const previewDataParams = (0, utils_2.mapEditingParams)(query);
-            res.setPreviewData(Object.assign(Object.assign({}, previewDataParams), { variantIds: (_b = previewDataParams.variantIds) === null || _b === void 0 ? void 0 : _b.split(',') }), {
+            res.setPreviewData(Object.assign(Object.assign(Object.assign({}, previewDataParams), allowedQueryParams), { variantIds: (_c = previewDataParams.variantIds) === null || _c === void 0 ? void 0 : _c.split(',') }), {
                 maxAge: 3,
             });
             // Set Preview mode identifier cookie, if the page is rendered in Sitecore Preview mode
@@ -101,8 +108,8 @@ class EditingRenderMiddleware extends render_middleware_1.RenderMiddlewareBase {
             // Restrict the page to be rendered only within the allowed origins
             res.setHeader('Content-Security-Policy', (0, utils_2.getCSPHeader)());
             const encodedRoute = encodeURI(query.route);
-            const route = ((_d = (_c = this.config) === null || _c === void 0 ? void 0 : _c.resolvePageUrl) === null || _d === void 0 ? void 0 : _d.call(_c, encodedRoute)) || encodedRoute;
-            const base = ((_e = this.config) === null || _e === void 0 ? void 0 : _e.sitecoreInternalEditingHostUrl) || (0, utils_2.resolveServerUrl)(req);
+            const route = ((_e = (_d = this.config) === null || _d === void 0 ? void 0 : _d.resolvePageUrl) === null || _e === void 0 ? void 0 : _e.call(_d, encodedRoute)) || encodedRoute;
+            const base = ((_f = this.config) === null || _f === void 0 ? void 0 : _f.sitecoreInternalEditingHostUrl) || (0, utils_2.resolveServerUrl)(req);
             const requestUrl = new URL(route, base);
             const cookies = res.getHeader('Set-Cookie');
             // Make actual render request for page route, passing on preview cookies as well as any approved query string parameters.

package/dist/cjs/editing/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/cjs/editing/utils.js

@@ -9,7 +9,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getCSPHeader = exports.resolveServerUrl = exports.isDesignLibraryPreviewData = exports.getEditingRequestHtml = exports.getHeadersForPropagation = exports.getQueryParamsForPropagation = exports.getRequiredEditingParamsList = exports.getPreviewCookies = exports.cleanupNextPreviewCookies = exports.mapEditingParams = exports.getEditingSecretFromRequest = void 0;
+exports.getCSPHeader = exports.resolveServerUrl = exports.isDesignLibraryPreviewData = exports.getEditingRequestHtml = exports.getHeadersForPropagation = exports.getQueryParamsForPropagation = exports.getRequiredEditingParamsList = exports.getPreviewCookies = exports.cleanupNextPreviewCookies = exports.getAllowedQueryParams = exports.mapEditingParams = exports.getEditingSecretFromRequest = void 0;
 const editing_1 = require("@sitecore-content-sdk/content/editing");
 const personalize_1 = require("@sitecore-content-sdk/content/personalize");
 const site_1 = require("@sitecore-content-sdk/content/site");
@@ -69,6 +69,35 @@ const mapEditingParams = (query) => {
     return params;
 };
 exports.mapEditingParams = mapEditingParams;
+/**
+ * Parses the query parameters based on the provided allowed parameters or a resolver function, to extract additional parameters that should be allowed.
+ * @param {{ [key: string]: string | undefined }} queryParams Object of query parameters from incoming URL.
+ * @param {AllowedQueryParams} allowedParams Allowed parameters to map.
+ * @returns Object containing the list of missing required parameters and the allowed query parameters that were extracted.
+ * @internal
+ */
+const getAllowedQueryParams = (queryParams, allowedParams) => {
+    const allowedQueryParamsList = typeof allowedParams === 'function'
+        ? allowedParams(Object.keys(queryParams))
+        : Array.isArray(allowedParams)
+            ? allowedParams
+            : [];
+    if (!allowedQueryParamsList.length)
+        return { missingAllowedParams: [], allowedQueryParams: {} };
+    return allowedQueryParamsList.reduce((acc, param) => {
+        const name = typeof param === 'string' ? param : param.name;
+        const required = typeof param === 'string' ? false : param.required;
+        const value = queryParams[name];
+        if (value !== undefined) {
+            acc.allowedQueryParams[name] = value;
+            return acc;
+        }
+        if (required)
+            acc.missingAllowedParams.push(name);
+        return acc;
+    }, { missingAllowedParams: [], allowedQueryParams: {} });
+};
+exports.getAllowedQueryParams = getAllowedQueryParams;
 /**
  * Filters out Next.js preview cookies from a cookie string or array
  * @param {string | string[] | null} cookies cookie header value

package/dist/cjs/route-handler/editing-render-route-handler.js

@@ -116,11 +116,18 @@ const createEditingRenderRouteHandlers = (options) => {
         const mode = query.mode;
         const requiredQueryParams = (0, utils_2.getRequiredEditingParamsList)(mode);
         const missingQueryParams = requiredQueryParams.filter((param) => !query[param]);
+        const { allowedQueryParams, missingAllowedParams } = (0, utils_2.getAllowedQueryParams)(query, options.allowedQueryParams);
         // Validate query parameters
-        if (missingQueryParams.length) {
-            debug_1.default.editing('missing required query parameters: %o', missingQueryParams);
+        if (missingQueryParams.length || missingAllowedParams.length) {
+            debug_1.default.editing('missing required query parameters: %o', [
+                ...missingQueryParams,
+                ...missingAllowedParams,
+            ]);
             return Response.json({
-                html: `<html><body>Missing required query parameters: ${missingQueryParams.join(', ')}</body></html>`,
+                html: `<html><body>Missing required query parameters: ${[
+                    ...missingQueryParams,
+                    ...missingAllowedParams,
+                ].join(', ')}</body></html>`,
             }, { status: 400, headers: responseHeaders });
         }
         const encodedRoute = encodeURI(query.route);
@@ -156,7 +163,7 @@ const createEditingRenderRouteHandlers = (options) => {
             debug_1.default.editing('fetching page route for %s', query.route);
             // Get query string parameters to propagate on subsequent requests (e.g. for deployment protection bypass)
             // Additionally ,in app router preview data is passed through query string instead of preview data cookie
-            const propagatedQsParams = Object.assign(Object.assign({}, (0, utils_2.getQueryParamsForPropagation)(query)), (0, utils_2.mapEditingParams)(query));
+            const propagatedQsParams = Object.assign(Object.assign(Object.assign({}, (0, utils_2.getQueryParamsForPropagation)(query)), (0, utils_2.mapEditingParams)(query)), allowedQueryParams);
             // Get headers to propagate on subsequent requests
             const propagatedHeaders = (0, utils_2.getHeadersForPropagation)(headers);
             const html = yield (0, utils_2.getEditingRequestHtml)(requestUrl, propagatedQsParams, propagatedHeaders, convertedCookies, dataFetcher);
@@ -215,7 +222,7 @@ const createEditingRenderRouteHandlers = (options) => {
         req.nextUrl.searchParams.forEach((value, key) => {
             query[key] = value;
         });
-        const propagatedQsParams = Object.assign(Object.assign({}, (0, utils_2.getQueryParamsForPropagation)(query)), (0, utils_2.mapEditingParams)(query));
+        const propagatedQsParams = Object.assign(Object.assign(Object.assign({}, (0, utils_2.getQueryParamsForPropagation)(query)), (0, utils_2.mapEditingParams)(query)), (0, utils_2.getAllowedQueryParams)(query, options.allowedQueryParams).allowedQueryParams);
         const base = (0, utils_2.resolveServerUrl)(req);
         const targetUrl = new URL('/', base);
         for (const key in propagatedQsParams) {

package/dist/esm/editing/editing-render-middleware.js

@@ -14,7 +14,7 @@ import { getEditingSecret } from '../utils/utils';
 import { RenderMiddlewareBase } from './render-middleware';
 import { getEnforcedCorsHeaders } from '@sitecore-content-sdk/core/tools';
 import debug from '../debug';
-import { getPreviewCookies, getRequiredEditingParamsList, mapEditingParams, cleanupNextPreviewCookies, getQueryParamsForPropagation, getHeadersForPropagation, getEditingRequestHtml, getCSPHeader, resolveServerUrl, } from './utils';
+import { getPreviewCookies, getRequiredEditingParamsList, mapEditingParams, cleanupNextPreviewCookies, getQueryParamsForPropagation, getHeadersForPropagation, getEditingRequestHtml, getCSPHeader, resolveServerUrl, getAllowedQueryParams, } from './utils';
 /**
  * Middleware / handler for use in the editing render Next.js API route (e.g. '/api/editing/render')
  * which is required for Sitecore editing support.
@@ -28,7 +28,7 @@ export class EditingRenderMiddleware extends RenderMiddlewareBase {
         super();
         this.config = config;
         this.handler = (req, res) => __awaiter(this, void 0, void 0, function* () {
-            var _a, _b, _c, _d, _e;
+            var _a, _b, _c, _d, _e, _f;
             const { body, method, headers, query } = req;
             debug.editing('editing render middleware start: %o', {
                 method,
@@ -75,15 +75,22 @@ export class EditingRenderMiddleware extends RenderMiddlewareBase {
             const mode = query.mode;
             const requiredQueryParams = getRequiredEditingParamsList(mode);
             const missingQueryParams = requiredQueryParams.filter((param) => !query[param]);
+            const { allowedQueryParams, missingAllowedParams } = getAllowedQueryParams(query, (_b = this.config) === null || _b === void 0 ? void 0 : _b.allowedQueryParams);
             // Validate query parameters
-            if (missingQueryParams.length) {
-                debug.editing('missing required query parameters: %o', missingQueryParams);
+            if (missingQueryParams.length || missingAllowedParams.length) {
+                debug.editing('missing required query parameters: %o', [
+                    ...missingQueryParams,
+                    ...missingAllowedParams,
+                ]);
                 return res.status(400).json({
-                    html: `<html><body>Missing required query parameters: ${missingQueryParams.join(', ')}</body></html>`,
+                    html: `<html><body>Missing required query parameters: ${[
+                        ...missingQueryParams,
+                        ...missingAllowedParams,
+                    ].join(', ')}</body></html>`,
                 });
             }
             const previewDataParams = mapEditingParams(query);
-            res.setPreviewData(Object.assign(Object.assign({}, previewDataParams), { variantIds: (_b = previewDataParams.variantIds) === null || _b === void 0 ? void 0 : _b.split(',') }), {
+            res.setPreviewData(Object.assign(Object.assign(Object.assign({}, previewDataParams), allowedQueryParams), { variantIds: (_c = previewDataParams.variantIds) === null || _c === void 0 ? void 0 : _c.split(',') }), {
                 maxAge: 3,
             });
             // Set Preview mode identifier cookie, if the page is rendered in Sitecore Preview mode
@@ -95,8 +102,8 @@ export class EditingRenderMiddleware extends RenderMiddlewareBase {
             // Restrict the page to be rendered only within the allowed origins
             res.setHeader('Content-Security-Policy', getCSPHeader());
             const encodedRoute = encodeURI(query.route);
-            const route = ((_d = (_c = this.config) === null || _c === void 0 ? void 0 : _c.resolvePageUrl) === null || _d === void 0 ? void 0 : _d.call(_c, encodedRoute)) || encodedRoute;
-            const base = ((_e = this.config) === null || _e === void 0 ? void 0 : _e.sitecoreInternalEditingHostUrl) || resolveServerUrl(req);
+            const route = ((_e = (_d = this.config) === null || _d === void 0 ? void 0 : _d.resolvePageUrl) === null || _e === void 0 ? void 0 : _e.call(_d, encodedRoute)) || encodedRoute;
+            const base = ((_f = this.config) === null || _f === void 0 ? void 0 : _f.sitecoreInternalEditingHostUrl) || resolveServerUrl(req);
             const requestUrl = new URL(route, base);
             const cookies = res.getHeader('Set-Cookie');
             // Make actual render request for page route, passing on preview cookies as well as any approved query string parameters.

package/dist/esm/editing/types.js

@@ -0,0 +1 @@
+export {};

package/dist/esm/editing/utils.js

@@ -64,6 +64,34 @@ export const mapEditingParams = (query) => {
         };
     return params;
 };
+/**
+ * Parses the query parameters based on the provided allowed parameters or a resolver function, to extract additional parameters that should be allowed.
+ * @param {{ [key: string]: string | undefined }} queryParams Object of query parameters from incoming URL.
+ * @param {AllowedQueryParams} allowedParams Allowed parameters to map.
+ * @returns Object containing the list of missing required parameters and the allowed query parameters that were extracted.
+ * @internal
+ */
+export const getAllowedQueryParams = (queryParams, allowedParams) => {
+    const allowedQueryParamsList = typeof allowedParams === 'function'
+        ? allowedParams(Object.keys(queryParams))
+        : Array.isArray(allowedParams)
+            ? allowedParams
+            : [];
+    if (!allowedQueryParamsList.length)
+        return { missingAllowedParams: [], allowedQueryParams: {} };
+    return allowedQueryParamsList.reduce((acc, param) => {
+        const name = typeof param === 'string' ? param : param.name;
+        const required = typeof param === 'string' ? false : param.required;
+        const value = queryParams[name];
+        if (value !== undefined) {
+            acc.allowedQueryParams[name] = value;
+            return acc;
+        }
+        if (required)
+            acc.missingAllowedParams.push(name);
+        return acc;
+    }, { missingAllowedParams: [], allowedQueryParams: {} });
+};
 /**
  * Filters out Next.js preview cookies from a cookie string or array
  * @param {string | string[] | null} cookies cookie header value

package/dist/esm/route-handler/editing-render-route-handler.js

@@ -13,7 +13,7 @@ import { getEnforcedCorsHeaders } from '@sitecore-content-sdk/core/tools';
 import { LayoutServicePageState } from '@sitecore-content-sdk/content/layout';
 import { getEditingSecret } from '../utils/utils';
 import { draftMode, cookies as nextCokies } from 'next/headers';
-import { mapEditingParams, getEditingRequestHtml, cleanupNextPreviewCookies, getHeadersForPropagation, getQueryParamsForPropagation, getRequiredEditingParamsList, getCSPHeader, resolveServerUrl, } from '../editing/utils';
+import { mapEditingParams, getEditingRequestHtml, cleanupNextPreviewCookies, getHeadersForPropagation, getQueryParamsForPropagation, getRequiredEditingParamsList, getCSPHeader, resolveServerUrl, getAllowedQueryParams, } from '../editing/utils';
 import { SITE_KEY } from '@sitecore-content-sdk/content/site';
 import debug from '../debug';
 /**
@@ -109,11 +109,18 @@ export const createEditingRenderRouteHandlers = (options) => {
         const mode = query.mode;
         const requiredQueryParams = getRequiredEditingParamsList(mode);
         const missingQueryParams = requiredQueryParams.filter((param) => !query[param]);
+        const { allowedQueryParams, missingAllowedParams } = getAllowedQueryParams(query, options.allowedQueryParams);
         // Validate query parameters
-        if (missingQueryParams.length) {
-            debug.editing('missing required query parameters: %o', missingQueryParams);
+        if (missingQueryParams.length || missingAllowedParams.length) {
+            debug.editing('missing required query parameters: %o', [
+                ...missingQueryParams,
+                ...missingAllowedParams,
+            ]);
             return Response.json({
-                html: `<html><body>Missing required query parameters: ${missingQueryParams.join(', ')}</body></html>`,
+                html: `<html><body>Missing required query parameters: ${[
+                    ...missingQueryParams,
+                    ...missingAllowedParams,
+                ].join(', ')}</body></html>`,
             }, { status: 400, headers: responseHeaders });
         }
         const encodedRoute = encodeURI(query.route);
@@ -149,7 +156,7 @@ export const createEditingRenderRouteHandlers = (options) => {
             debug.editing('fetching page route for %s', query.route);
             // Get query string parameters to propagate on subsequent requests (e.g. for deployment protection bypass)
             // Additionally ,in app router preview data is passed through query string instead of preview data cookie
-            const propagatedQsParams = Object.assign(Object.assign({}, getQueryParamsForPropagation(query)), mapEditingParams(query));
+            const propagatedQsParams = Object.assign(Object.assign(Object.assign({}, getQueryParamsForPropagation(query)), mapEditingParams(query)), allowedQueryParams);
             // Get headers to propagate on subsequent requests
             const propagatedHeaders = getHeadersForPropagation(headers);
             const html = yield getEditingRequestHtml(requestUrl, propagatedQsParams, propagatedHeaders, convertedCookies, dataFetcher);
@@ -208,7 +215,7 @@ export const createEditingRenderRouteHandlers = (options) => {
         req.nextUrl.searchParams.forEach((value, key) => {
             query[key] = value;
         });
-        const propagatedQsParams = Object.assign(Object.assign({}, getQueryParamsForPropagation(query)), mapEditingParams(query));
+        const propagatedQsParams = Object.assign(Object.assign(Object.assign({}, getQueryParamsForPropagation(query)), mapEditingParams(query)), getAllowedQueryParams(query, options.allowedQueryParams).allowedQueryParams);
         const base = resolveServerUrl(req);
         const targetUrl = new URL('/', base);
         for (const key in propagatedQsParams) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sitecore-content-sdk/nextjs",
-  "version": "2.0.0-canary.3",
+  "version": "2.0.0-canary.4",
   "main": "dist/cjs/index.js",
   "module": "dist/esm/index.js",
   "sideEffects": false,
@@ -91,9 +91,9 @@
   },
   "dependencies": {
     "@babel/parser": "^7.27.2",
-    "@sitecore-content-sdk/content": "2.0.0-canary.3",
-    "@sitecore-content-sdk/core": "2.0.0-canary.3",
-    "@sitecore-content-sdk/react": "2.0.0-canary.3",
+    "@sitecore-content-sdk/content": "2.0.0-canary.4",
+    "@sitecore-content-sdk/core": "2.0.0-canary.4",
+    "@sitecore-content-sdk/react": "2.0.0-canary.4",
     "recast": "^0.23.11",
     "regex-parser": "^2.3.1",
     "sync-disk-cache": "^2.1.0"
@@ -177,7 +177,7 @@
   },
   "description": "",
   "types": "types/index.d.ts",
-  "gitHead": "fad1cab28e642daa4055a27064c5295e85f9deca",
+  "gitHead": "5c49b45ca02bc2f418f6018a2221ca69199e21be",
   "files": [
     "dist",
     "types",

package/types/editing/editing-render-middleware.d.ts

@@ -1,6 +1,7 @@
 import { NextApiRequest, NextApiResponse } from 'next';
 import { EditingRenderQueryParams } from '@sitecore-content-sdk/content/editing';
 import { RenderMiddlewareBase } from './render-middleware';
+import type { AllowedQueryParams } from './types';
 /**
  * Configuration for the Editing Render Middleware.
  * @public
@@ -18,6 +19,12 @@ export type EditingRenderMiddlewareConfig = {
      * The internal host URL for the Next.js application, used for server-side requests for page rendering during editing.
      */
     sitecoreInternalEditingHostUrl?: string;
+    /**
+     * Query string parameters to allow and include in the preview data.
+     * - Array: each item is a parameter name (string) or an object `{ name, required? }`.
+     * - Function: receives the request's query parameter names and returns the list of allowed parameters.
+     */
+    allowedQueryParams?: AllowedQueryParams;
 };
 /**
  * Next.js API request with editing request query parameters.

package/types/editing/editing-render-middleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"editing-render-middleware.d.ts","sourceRoot":"","sources":["../../src/editing/editing-render-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,MAAM,CAAC;AAEvD,OAAO,EAIL,wBAAwB,EACzB,MAAM,uCAAuC,CAAC;AAG/C,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAe3D;;;GAGG;AACH,MAAM,MAAM,6BAA6B,GAAG;IAC1C;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,MAAM,CAAC;IAC9C;;OAEG;IACH,8BAA8B,CAAC,EAAE,MAAM,CAAC;CACzC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG,cAAc,GAAG;IACnD,KAAK,EAAE,wBAAwB,CAAC;CACjC,CAAC;AAEF;;;;GAIG;AACH,qBAAa,uBAAwB,SAAQ,oBAAoB;IAK5C,MAAM,CAAC,EAAE,6BAA6B;IAJzD,OAAO,CAAC,WAAW,CAAoB;IACvC;;OAEG;gBACgB,MAAM,CAAC,EAAE,6BAA6B,YAAA;IAKzD;;;OAGG;IACI,UAAU,IAAI,CAAC,GAAG,EAAE,qBAAqB,EAAE,GAAG,EAAE,eAAe,KAAK,OAAO,CAAC,IAAI,CAAC;IAIxF,OAAO,CAAC,OAAO,CAoJb;CACH"}
+{"version":3,"file":"editing-render-middleware.d.ts","sourceRoot":"","sources":["../../src/editing/editing-render-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,MAAM,CAAC;AAEvD,OAAO,EAIL,wBAAwB,EACzB,MAAM,uCAAuC,CAAC;AAG/C,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAe3D,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAElD;;;GAGG;AACH,MAAM,MAAM,6BAA6B,GAAG;IAC1C;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,MAAM,CAAC;IAC9C;;OAEG;IACH,8BAA8B,CAAC,EAAE,MAAM,CAAC;IACxC;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;CACzC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG,cAAc,GAAG;IACnD,KAAK,EAAE,wBAAwB,CAAC;CACjC,CAAC;AAEF;;;;GAIG;AACH,qBAAa,uBAAwB,SAAQ,oBAAoB;IAK5C,MAAM,CAAC,EAAE,6BAA6B;IAJzD,OAAO,CAAC,WAAW,CAAoB;IACvC;;OAEG;gBACgB,MAAM,CAAC,EAAE,6BAA6B,YAAA;IAKzD;;;OAGG;IACI,UAAU,IAAI,CAAC,GAAG,EAAE,qBAAqB,EAAE,GAAG,EAAE,eAAe,KAAK,OAAO,CAAC,IAAI,CAAC;IAIxF,OAAO,CAAC,OAAO,CA6Jb;CACH"}

package/types/editing/index.d.ts

@@ -4,4 +4,5 @@ export { isDesignLibraryPreviewData, getQueryParamsForPropagation, getHeadersFor
 export { FEAASRenderMiddleware, FEAASRenderMiddlewareConfig } from './feaas-render-middleware';
 export { EditingConfigMiddleware, EditingConfigMiddlewareConfig, } from './editing-config-middleware';
 export { RenderingType, EDITING_COMPONENT_PLACEHOLDER, EDITING_COMPONENT_ID, } from '@sitecore-content-sdk/content/layout';
+export type { AllowedQueryParam, AllowedQueryParamsResolver, AllowedQueryParams } from './types';
 //# sourceMappingURL=index.d.ts.map

package/types/editing/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/editing/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,uCAAuC,CAAC;AACvE,OAAO,EACL,uBAAuB,EACvB,6BAA6B,GAC9B,MAAM,6BAA6B,CAAC;AACrC,OAAO,EACL,0BAA0B,EAC1B,4BAA4B,EAC5B,wBAAwB,GACzB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,qBAAqB,EAAE,2BAA2B,EAAE,MAAM,2BAA2B,CAAC;AAC/F,OAAO,EACL,uBAAuB,EACvB,6BAA6B,GAC9B,MAAM,6BAA6B,CAAC;AACrC,OAAO,EACL,aAAa,EACb,6BAA6B,EAC7B,oBAAoB,GACrB,MAAM,sCAAsC,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/editing/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,uCAAuC,CAAC;AACvE,OAAO,EACL,uBAAuB,EACvB,6BAA6B,GAC9B,MAAM,6BAA6B,CAAC;AACrC,OAAO,EACL,0BAA0B,EAC1B,4BAA4B,EAC5B,wBAAwB,GACzB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,qBAAqB,EAAE,2BAA2B,EAAE,MAAM,2BAA2B,CAAC;AAC/F,OAAO,EACL,uBAAuB,EACvB,6BAA6B,GAC9B,MAAM,6BAA6B,CAAC;AACrC,OAAO,EACL,aAAa,EACb,6BAA6B,EAC7B,oBAAoB,GACrB,MAAM,sCAAsC,CAAC;AAC9C,YAAY,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC"}

package/types/editing/types.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Represents an allowed query parameter.
+ * @public
+ */
+export interface AllowedQueryParam {
+    /**
+     * The name of the query parameter to allow.
+     */
+    name: string;
+    /**
+     * Whether the query parameter is required.
+     */
+    required?: boolean;
+}
+/**
+ * Resolver function for allowed query parameters, which can be used to extract additional parameters from the query string beyond the required editing parameters.
+ * @param {string[]} queryParams Array of query parameters from incoming URL.
+ * @returns {Array<AllowedQueryParam | string>} Allowed query editing parameters.
+ * @public
+ */
+export type AllowedQueryParamsResolver = (queryParams: string[]) => Array<AllowedQueryParam | string>;
+/**
+ * Allowed query parameters which can be defined as an array of parameter names or objects, or a resolver function which can be used to extract additional parameters from the query string beyond the required editing parameters.
+ * @public
+ */
+export type AllowedQueryParams = Array<AllowedQueryParam | string> | AllowedQueryParamsResolver;
+/**
+ * Result of processing allowed query parameters, including any missing required parameters and the set of allowed parameters that were extracted from the query string.
+ * @internal
+ */
+export interface GetAllowedQueryParamsResult {
+    missingAllowedParams: string[];
+    allowedQueryParams: {
+        [key: string]: unknown;
+    };
+}
+//# sourceMappingURL=types.d.ts.map

package/types/editing/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/editing/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IACb;;OAEG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED;;;;;GAKG;AACH,MAAM,MAAM,0BAA0B,GAAG,CACvC,WAAW,EAAE,MAAM,EAAE,KAClB,KAAK,CAAC,iBAAiB,GAAG,MAAM,CAAC,CAAC;AAEvC;;;GAGG;AACH,MAAM,MAAM,kBAAkB,GAAG,KAAK,CAAC,iBAAiB,GAAG,MAAM,CAAC,GAAG,0BAA0B,CAAC;AAEhG;;;GAGG;AACH,MAAM,WAAW,2BAA2B;IAC1C,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,kBAAkB,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAAC;CAChD"}

package/types/editing/utils.d.ts

@@ -3,6 +3,7 @@ import { NextApiRequest } from 'next';
 import { NextRequest } from 'next/server';
 import { IncomingHttpHeaders } from 'http';
 import { NativeDataFetcher } from '@sitecore-content-sdk/core';
+import { AllowedQueryParams, GetAllowedQueryParamsResult } from './types';
 /**
  * Gets editing secret value from request
  * @param {NextApiRequest | NextRequest} req incoming request
@@ -19,6 +20,16 @@ export declare const mapEditingParams: (query: {
 }) => {
     [key: string]: string | undefined;
 };
+/**
+ * Parses the query parameters based on the provided allowed parameters or a resolver function, to extract additional parameters that should be allowed.
+ * @param {{ [key: string]: string | undefined }} queryParams Object of query parameters from incoming URL.
+ * @param {AllowedQueryParams} allowedParams Allowed parameters to map.
+ * @returns Object containing the list of missing required parameters and the allowed query parameters that were extracted.
+ * @internal
+ */
+export declare const getAllowedQueryParams: (queryParams: {
+    [key: string]: unknown;
+}, allowedParams?: AllowedQueryParams) => GetAllowedQueryParamsResult;
 /**
  * Next.js preview cookies enum
  */

package/types/editing/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/editing/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,8BAA8B,EAE9B,wBAAwB,EAIzB,MAAM,uCAAuC,CAAC;AAG/C,OAAO,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AACtC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAM1C,OAAO,EAAE,mBAAmB,EAAE,MAAM,MAAM,CAAC;AAE3C,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAG/D;;;;GAIG;AACH,eAAO,MAAM,2BAA2B,GAAI,KAAK,cAAc,GAAG,WAAW,yCAgB5E,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,GAAI,OAAO;IACtC,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CACnC,KAAG;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAA;CAyBtC,CAAC;AAEF;;GAEG;AACH,0BAAkB,cAAc;IAC9B,YAAY,wBAAwB;IACpC,gBAAgB,uBAAuB;CACxC;AAED;;;;GAIG;AACH,eAAO,MAAM,yBAAyB,GAAI,SAAS,MAAM,GAAG,MAAM,EAAE,GAAG,IAAI,oBAc1E,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,iBAAiB,GAAI,MAAM,MAAM,aAI7C,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,4BAA4B,GAAI,MAAM,wBAAwB,CAAC,MAAM,CAAC,aAYlF,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,4BAA4B,GACvC,OAAO,OAAO,CAAC;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,EAAE,CAAA;CAAE,CAAC,KACnD;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAazB,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,GACnC,SAAS,mBAAmB,GAAG,OAAO,KACrC;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAazB,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,qBAAqB,GAChC,YAAY,GAAG,EACf,oBAAoB;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAA;CAAE,EACzD,mBAAmB;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,EAC5C,SAAS,MAAM,EAAE,EACjB,aAAa,iBAAiB,KAC7B,OAAO,CAAC,MAAM,CAgDhB,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,GACrC,MAAM,OAAO,KACZ,IAAI,IAAI,8BAOV,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,gBAAgB,GAAI,KAAK,cAAc,GAAG,WAAW,WAmBjE,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,YAAY,cAIxB,CAAC"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/editing/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,8BAA8B,EAE9B,wBAAwB,EAIzB,MAAM,uCAAuC,CAAC;AAG/C,OAAO,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AACtC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAM1C,OAAO,EAAE,mBAAmB,EAAE,MAAM,MAAM,CAAC;AAE3C,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAE/D,OAAO,EAAE,kBAAkB,EAAE,2BAA2B,EAAE,MAAM,SAAS,CAAC;AAE1E;;;;GAIG;AACH,eAAO,MAAM,2BAA2B,GAAI,KAAK,cAAc,GAAG,WAAW,yCAgB5E,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,GAAI,OAAO;IACtC,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CACnC,KAAG;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAA;CAyBtC,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,qBAAqB,GAChC,aAAa;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CAAE,EACvC,gBAAgB,kBAAkB,KACjC,2BA4BF,CAAC;AAEF;;GAEG;AACH,0BAAkB,cAAc;IAC9B,YAAY,wBAAwB;IACpC,gBAAgB,uBAAuB;CACxC;AAED;;;;GAIG;AACH,eAAO,MAAM,yBAAyB,GAAI,SAAS,MAAM,GAAG,MAAM,EAAE,GAAG,IAAI,oBAc1E,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,iBAAiB,GAAI,MAAM,MAAM,aAI7C,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,4BAA4B,GAAI,MAAM,wBAAwB,CAAC,MAAM,CAAC,aAYlF,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,4BAA4B,GACvC,OAAO,OAAO,CAAC;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,EAAE,CAAA;CAAE,CAAC,KACnD;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAazB,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,GACnC,SAAS,mBAAmB,GAAG,OAAO,KACrC;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAazB,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,qBAAqB,GAChC,YAAY,GAAG,EACf,oBAAoB;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAA;CAAE,EACzD,mBAAmB;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,EAC5C,SAAS,MAAM,EAAE,EACjB,aAAa,iBAAiB,KAC7B,OAAO,CAAC,MAAM,CAgDhB,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,GACrC,MAAM,OAAO,KACZ,IAAI,IAAI,8BAOV,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,gBAAgB,GAAI,KAAK,cAAc,GAAG,WAAW,WAmBjE,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,YAAY,cAIxB,CAAC"}

package/types/route-handler/editing-render-route-handler.d.ts

@@ -1,4 +1,5 @@
 import { NextRequest } from 'next/server';
+import type { AllowedQueryParams } from '../editing/types';
 /**
  * Helper function to handle cookie operations - can be mocked for testing
  * @returns {Promise<NextCookies>} Next cookies
@@ -17,6 +18,12 @@ type EditingHandlerOptions = {
      * The internal host URL for the Next.js application, used for server-side requests for page rendering during editing.
      */
     sitecoreInternalEditingHostUrl?: string;
+    /**
+     * Query string parameters to allow and include in the search params.
+     * - Array: each item is a parameter name (string) or an object `{ name, required? }`.
+     * - Function: receives the request's query parameter names and returns the list of allowed parameters.
+     */
+    allowedQueryParams?: AllowedQueryParams;
 };
 /**
  * Creates a route handler for the editing render API route (e.g. '/api/editing/render')

package/types/route-handler/editing-render-route-handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"editing-render-route-handler.d.ts","sourceRoot":"","sources":["../../src/route-handler/editing-render-route-handler.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAiB1C;;;GAGG;AACH,wBAAsB,cAAc,iBAMnC;AAED,KAAK,qBAAqB,GAAG;IAC3B;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,MAAM,CAAC;IAC9C;;OAEG;IACH,8BAA8B,CAAC,EAAE,MAAM,CAAC;CACzC,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,gCAAgC,GAAI,SAAS,qBAAqB;eAwDrD,WAAW;gBAyJV,WAAW;mBA3Kd,WAAW;CAqRlC,CAAC"}
+{"version":3,"file":"editing-render-route-handler.d.ts","sourceRoot":"","sources":["../../src/route-handler/editing-render-route-handler.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAiB1C,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAE3D;;;GAGG;AACH,wBAAsB,cAAc,iBAMnC;AAED,KAAK,qBAAqB,GAAG;IAC3B;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,MAAM,CAAC;IAC9C;;OAEG;IACH,8BAA8B,CAAC,EAAE,MAAM,CAAC;IACxC;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;CACzC,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,gCAAgC,GAAI,SAAS,qBAAqB;eAwDrD,WAAW;gBAiKV,WAAW;mBAnLd,WAAW;CAgSlC,CAAC"}