@solidstarters/solid-core 1.2.154 → 1.2.155

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/helpers/cors.helper.js +1 -1
  2. package/dist/helpers/cors.helper.js.map +1 -1
  3. package/dist/tsconfig.tsbuildinfo +1 -1
  4. package/package.json +1 -1
  5. package/src/helpers/cors.helper.ts +1 -1
package/dist/helpers/cors.helper.js CHANGED
@@ -2,7 +2,7 @@
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.buildDefaultCorsOptions = buildDefaultCorsOptions;
4
4
  function buildDefaultCorsOptions(configService) {
5
- const rawOrigins = configService.get('CORS_ORIGINS') ?? '';
5
+ const rawOrigins = configService.get('SECURITY_CORS_ORIGINS') ?? '*';
6
6
  const allowed = rawOrigins.split(',').map(s => s.trim()).filter(Boolean);
7
7
  const escapeRx = (s) => s.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
8
8
  const patternToRegex = (pattern) => {
package/dist/helpers/cors.helper.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cors.helper.js","sourceRoot":"","sources":["../../src/helpers/cors.helper.ts"],"names":[],"mappings":";;AAIA,0DA6BC;AA7BD,SAAgB,uBAAuB,CAAC,aAA4B;IAClE,MAAM,UAAU,GAAG,aAAa,CAAC,GAAG,CAAS,cAAc,CAAC,IAAI,EAAE,CAAC;IACnE,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAEzE,MAAM,QAAQ,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;IACzE,MAAM,cAAc,GAAG,CAAC,OAAe,EAAU,EAAE;QACjD,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAChD,MAAM,UAAU,GAAG,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC;QACpD,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,IAAI;YAAE,OAAO,OAAO,CAAC;QACxD,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC;aAC9B,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC;aAC5B,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC3B,OAAO,IAAI,MAAM,CAAC,IAAI,UAAU,GAAG,OAAO,aAAa,EAAE,GAAG,CAAC,CAAC;IAChE,CAAC,CAAC;IAEF,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAC7C,MAAM,SAAS,GAAG,CAAC,MAAc,EAAE,EAAE,CACnC,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;IAE9D,OAAO;QACL,MAAM,EAAE,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE;YACrB,IAAI,CAAC,MAAM;gBAAE,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YACnC,IAAI,SAAS,CAAC,MAAM,CAAC;gBAAE,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YAC7C,OAAO,EAAE,CAAC,IAAI,KAAK,CAAC,UAAU,MAAM,sBAAsB,CAAC,EAAE,KAAK,CAAC,CAAC;QACtE,CAAC;QACD,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,CAAC;QAC7D,cAAc,EAAE,CAAC,cAAc,EAAE,eAAe,CAAC;QACjD,WAAW,EAAE,IAAI;KAClB,CAAC;AACJ,CAAC","sourcesContent":["import { CorsOptions } from 'cors';\nimport { ConfigService } from '@nestjs/config';\n\n/** Build CorsOptions from env; supports wildcards like https://*.example.com */\nexport function buildDefaultCorsOptions(configService: ConfigService): CorsOptions {\n const rawOrigins = configService.get<string>('CORS_ORIGINS') ?? '';\n const allowed = rawOrigins.split(',').map(s => s.trim()).filter(Boolean);\n\n const escapeRx = (s: string) => s.replace(/[.*+?^${}()|[\\]\\\\]/g, '\\\\$&');\n const patternToRegex = (pattern: string): RegExp => {\n const hasScheme = /^https?:\\/\\//i.test(pattern);\n const schemePart = hasScheme ? '' : 'https?:\\\\/\\\\/';\n if (pattern === '*' || pattern === '.*') return /^.*$/i;\n const escaped = escapeRx(pattern)\n .replace(/^https?:\\/\\//i, '') // strip scheme if present\n .replace(/\\*/g, '[^.]+'); // * => one subdomain segment\n return new RegExp(`^${schemePart}${escaped}(?::\\\\d+)?$`, 'i');\n };\n\n const matchers = allowed.map(patternToRegex);\n const isAllowed = (origin: string) =>\n matchers.length > 0 && matchers.some(rx => rx.test(origin));\n\n return {\n origin: (origin, cb) => {\n if (!origin) return cb(null, true); // allow no-origin (CLI/mobile/internal)\n if (isAllowed(origin)) return cb(null, true);\n return cb(new Error(`Origin ${origin} not allowed by CORS`), false);\n },\n methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],\n allowedHeaders: ['Content-Type', 'Authorization'],\n credentials: true,\n };\n}"]}
1
+ {"version":3,"file":"cors.helper.js","sourceRoot":"","sources":["../../src/helpers/cors.helper.ts"],"names":[],"mappings":";;AAIA,0DA6BC;AA7BD,SAAgB,uBAAuB,CAAC,aAA4B;IAClE,MAAM,UAAU,GAAG,aAAa,CAAC,GAAG,CAAS,uBAAuB,CAAC,IAAI,GAAG,CAAC;IAC7E,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAEzE,MAAM,QAAQ,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;IACzE,MAAM,cAAc,GAAG,CAAC,OAAe,EAAU,EAAE;QACjD,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAChD,MAAM,UAAU,GAAG,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC;QACpD,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,IAAI;YAAE,OAAO,OAAO,CAAC;QACxD,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC;aAC9B,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC;aAC5B,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC3B,OAAO,IAAI,MAAM,CAAC,IAAI,UAAU,GAAG,OAAO,aAAa,EAAE,GAAG,CAAC,CAAC;IAChE,CAAC,CAAC;IAEF,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAC7C,MAAM,SAAS,GAAG,CAAC,MAAc,EAAE,EAAE,CACnC,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;IAE9D,OAAO;QACL,MAAM,EAAE,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE;YACrB,IAAI,CAAC,MAAM;gBAAE,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YACnC,IAAI,SAAS,CAAC,MAAM,CAAC;gBAAE,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YAC7C,OAAO,EAAE,CAAC,IAAI,KAAK,CAAC,UAAU,MAAM,sBAAsB,CAAC,EAAE,KAAK,CAAC,CAAC;QACtE,CAAC;QACD,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,CAAC;QAC7D,cAAc,EAAE,CAAC,cAAc,EAAE,eAAe,CAAC;QACjD,WAAW,EAAE,IAAI;KAClB,CAAC;AACJ,CAAC","sourcesContent":["import { CorsOptions } from 'cors';\nimport { ConfigService } from '@nestjs/config';\n\n/** Build CorsOptions from env; supports wildcards like https://*.example.com */\nexport function buildDefaultCorsOptions(configService: ConfigService): CorsOptions {\n const rawOrigins = configService.get<string>('SECURITY_CORS_ORIGINS') ?? '*';\n const allowed = rawOrigins.split(',').map(s => s.trim()).filter(Boolean);\n\n const escapeRx = (s: string) => s.replace(/[.*+?^${}()|[\\]\\\\]/g, '\\\\$&');\n const patternToRegex = (pattern: string): RegExp => {\n const hasScheme = /^https?:\\/\\//i.test(pattern);\n const schemePart = hasScheme ? '' : 'https?:\\\\/\\\\/';\n if (pattern === '*' || pattern === '.*') return /^.*$/i;\n const escaped = escapeRx(pattern)\n .replace(/^https?:\\/\\//i, '') // strip scheme if present\n .replace(/\\*/g, '[^.]+'); // * => one subdomain segment\n return new RegExp(`^${schemePart}${escaped}(?::\\\\d+)?$`, 'i');\n };\n\n const matchers = allowed.map(patternToRegex);\n const isAllowed = (origin: string) =>\n matchers.length > 0 && matchers.some(rx => rx.test(origin));\n\n return {\n origin: (origin, cb) => {\n if (!origin) return cb(null, true); // allow no-origin (CLI/mobile/internal)\n if (isAllowed(origin)) return cb(null, true);\n return cb(new Error(`Origin ${origin} not allowed by CORS`), false);\n },\n methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],\n allowedHeaders: ['Content-Type', 'Authorization'],\n credentials: true,\n };\n}"]}