@strapi/content-type-builder 5.28.0 → 5.30.0

package/dist/server/register.js

@@ -1,97 +1,38 @@
 'use strict';
 
-/**
- * This file ensures that the Strapi security middleware's Content Security Policy (CSP)
- * allows images and media from both the default sources ("'self'", 'data:', 'blob:')
- * and the required S3 domains for AI features. It checks for existing 'img-src' and 'media-src'
- * directives and adds the S3 domains if not present. If no directives exist but useDefaults is true,
- * it adds the defaults plus the S3 domains. This guarantees that all required sources are allowed
- * without overwriting user configuration.
- */ var register = (async ()=>{
-    const s3Domains = [
-        'strapi-ai-staging.s3.us-east-1.amazonaws.com',
-        'strapi-ai-production.s3.us-east-1.amazonaws.com'
-    ];
-    const defaults = [
-        "'self'",
-        'data:',
-        'blob:'
-    ];
-    const middlewares = strapi.config.get('middlewares');
-    const configuredMiddlewares = middlewares.map((m)=>{
-        // Handle case where middleware is a string 'strapi::security'
-        if (typeof m === 'string' && m === 'strapi::security') {
-            return {
-                name: 'strapi::security',
-                config: {
-                    contentSecurityPolicy: {
-                        useDefaults: true,
-                        directives: {
-                            'img-src': Array.from(new Set([
-                                ...defaults,
-                                ...s3Domains
-                            ])),
-                            'media-src': Array.from(new Set([
-                                ...defaults,
-                                ...s3Domains
-                            ]))
-                        }
+var utils = require('@strapi/utils');
+
+var register = (async ({ strapi })=>{
+    const aiEnabledConfig = strapi.config.get('admin.ai.enabled') !== false;
+    const isAIEnabled = aiEnabledConfig && strapi.ee.features.isEnabled('cms-ai');
+    if (isAIEnabled) {
+        const s3Domains = [
+            'strapi-ai-staging.s3.us-east-1.amazonaws.com',
+            'strapi-ai-production.s3.us-east-1.amazonaws.com'
+        ];
+        const defaultImgSrc = utils.CSP_DEFAULTS['img-src'];
+        const defaultMediaSrc = utils.CSP_DEFAULTS['media-src'];
+        // Extend the security middleware configuration to include S3 domains + defaults
+        const middlewares = strapi.config.get('middlewares');
+        const configuredMiddlewares = utils.extendMiddlewareConfiguration(middlewares, {
+            name: 'strapi::security',
+            config: {
+                contentSecurityPolicy: {
+                    directives: {
+                        'img-src': [
+                            ...defaultImgSrc,
+                            ...s3Domains
+                        ],
+                        'media-src': [
+                            ...defaultMediaSrc,
+                            ...s3Domains
+                        ]
                     }
                 }
-            };
-        }
-        // Handle case where middleware is an object with name 'strapi::security'
-        if (typeof m === 'object' && m.name === 'strapi::security') {
-            const config = m.config || {};
-            const csp = config.contentSecurityPolicy || {};
-            const directives = csp.directives || {};
-            // img-src
-            let imgSrc = directives['img-src'];
-            if (!imgSrc && csp.useDefaults) {
-                imgSrc = [
-                    ...defaults
-                ];
-            }
-            if (!imgSrc) {
-                imgSrc = [];
-            }
-            imgSrc = Array.from(new Set([
-                ...imgSrc,
-                ...s3Domains
-            ]));
-            // media-src
-            let mediaSrc = directives['media-src'];
-            if (!mediaSrc && csp.useDefaults) {
-                mediaSrc = [
-                    ...defaults
-                ];
             }
-            if (!mediaSrc) {
-                mediaSrc = [];
-            }
-            mediaSrc = Array.from(new Set([
-                ...mediaSrc,
-                ...s3Domains
-            ]));
-            // Set back
-            return {
-                ...m,
-                config: {
-                    ...config,
-                    contentSecurityPolicy: {
-                        ...csp,
-                        directives: {
-                            ...directives,
-                            'img-src': imgSrc,
-                            'media-src': mediaSrc
-                        }
-                    }
-                }
-            };
-        }
-        return m;
-    });
-    strapi.config.set('middlewares', configuredMiddlewares);
+        });
+        strapi.config.set('middlewares', configuredMiddlewares);
+    }
 });
 
 module.exports = register;

package/dist/server/register.js.map

@@ -1 +1 @@
-{"version":3,"file":"register.js","sources":["../../server/src/register.ts"],"sourcesContent":["/**\n * This file ensures that the Strapi security middleware's Content Security Policy (CSP)\n * allows images and media from both the default sources (\"'self'\", 'data:', 'blob:')\n * and the required S3 domains for AI features. It checks for existing 'img-src' and 'media-src'\n * directives and adds the S3 domains if not present. If no directives exist but useDefaults is true,\n * it adds the defaults plus the S3 domains. This guarantees that all required sources are allowed\n * without overwriting user configuration.\n */\nexport default async () => {\n  const s3Domains = [\n    'strapi-ai-staging.s3.us-east-1.amazonaws.com',\n    'strapi-ai-production.s3.us-east-1.amazonaws.com',\n  ];\n  const defaults = [\"'self'\", 'data:', 'blob:'];\n  const middlewares = strapi.config.get('middlewares') as (\n    | string\n    | { name?: string; config?: any }\n  )[];\n\n  const configuredMiddlewares = middlewares.map((m) => {\n    // Handle case where middleware is a string 'strapi::security'\n    if (typeof m === 'string' && m === 'strapi::security') {\n      return {\n        name: 'strapi::security',\n        config: {\n          contentSecurityPolicy: {\n            useDefaults: true,\n            directives: {\n              'img-src': Array.from(new Set([...defaults, ...s3Domains])),\n              'media-src': Array.from(new Set([...defaults, ...s3Domains])),\n            },\n          },\n        },\n      };\n    }\n    // Handle case where middleware is an object with name 'strapi::security'\n    if (typeof m === 'object' && m.name === 'strapi::security') {\n      const config = m.config || {};\n      const csp = config.contentSecurityPolicy || {};\n      const directives = csp.directives || {};\n      // img-src\n      let imgSrc = directives['img-src'];\n      if (!imgSrc && csp.useDefaults) {\n        imgSrc = [...defaults];\n      }\n      if (!imgSrc) {\n        imgSrc = [];\n      }\n      imgSrc = Array.from(new Set([...imgSrc, ...s3Domains]));\n      // media-src\n      let mediaSrc = directives['media-src'];\n      if (!mediaSrc && csp.useDefaults) {\n        mediaSrc = [...defaults];\n      }\n      if (!mediaSrc) {\n        mediaSrc = [];\n      }\n      mediaSrc = Array.from(new Set([...mediaSrc, ...s3Domains]));\n      // Set back\n      return {\n        ...m,\n        config: {\n          ...config,\n          contentSecurityPolicy: {\n            ...csp,\n            directives: {\n              ...directives,\n              'img-src': imgSrc,\n              'media-src': mediaSrc,\n            },\n          },\n        },\n      };\n    }\n    return m;\n  });\n\n  strapi.config.set('middlewares', configuredMiddlewares);\n};\n"],"names":["s3Domains","defaults","middlewares","strapi","config","get","configuredMiddlewares","map","m","name","contentSecurityPolicy","useDefaults","directives","Array","from","Set","csp","imgSrc","mediaSrc","set"],"mappings":";;AAAA;;;;;;;AAOC,IACD,eAAe,CAAA,UAAA;AACb,IAAA,MAAMA,SAAY,GAAA;AAChB,QAAA,8CAAA;AACA,QAAA;AACD,KAAA;AACD,IAAA,MAAMC,QAAW,GAAA;AAAC,QAAA,QAAA;AAAU,QAAA,OAAA;AAAS,QAAA;AAAQ,KAAA;AAC7C,IAAA,MAAMC,WAAcC,GAAAA,MAAAA,CAAOC,MAAM,CAACC,GAAG,CAAC,aAAA,CAAA;AAKtC,IAAA,MAAMC,qBAAwBJ,GAAAA,WAAAA,CAAYK,GAAG,CAAC,CAACC,CAAAA,GAAAA;;AAE7C,QAAA,IAAI,OAAOA,CAAAA,KAAM,QAAYA,IAAAA,CAAAA,KAAM,kBAAoB,EAAA;YACrD,OAAO;gBACLC,IAAM,EAAA,kBAAA;gBACNL,MAAQ,EAAA;oBACNM,qBAAuB,EAAA;wBACrBC,WAAa,EAAA,IAAA;wBACbC,UAAY,EAAA;AACV,4BAAA,SAAA,EAAWC,KAAMC,CAAAA,IAAI,CAAC,IAAIC,GAAI,CAAA;AAAId,gCAAAA,GAAAA,QAAAA;AAAaD,gCAAAA,GAAAA;AAAU,6BAAA,CAAA,CAAA;AACzD,4BAAA,WAAA,EAAaa,KAAMC,CAAAA,IAAI,CAAC,IAAIC,GAAI,CAAA;AAAId,gCAAAA,GAAAA,QAAAA;AAAaD,gCAAAA,GAAAA;AAAU,6BAAA,CAAA;AAC7D;AACF;AACF;AACF,aAAA;AACF;;AAEA,QAAA,IAAI,OAAOQ,CAAM,KAAA,QAAA,IAAYA,CAAEC,CAAAA,IAAI,KAAK,kBAAoB,EAAA;AAC1D,YAAA,MAAML,MAASI,GAAAA,CAAAA,CAAEJ,MAAM,IAAI,EAAC;AAC5B,YAAA,MAAMY,GAAMZ,GAAAA,MAAAA,CAAOM,qBAAqB,IAAI,EAAC;AAC7C,YAAA,MAAME,UAAaI,GAAAA,GAAAA,CAAIJ,UAAU,IAAI,EAAC;;YAEtC,IAAIK,MAAAA,GAASL,UAAU,CAAC,SAAU,CAAA;AAClC,YAAA,IAAI,CAACK,MAAAA,IAAUD,GAAIL,CAAAA,WAAW,EAAE;gBAC9BM,MAAS,GAAA;AAAIhB,oBAAAA,GAAAA;AAAS,iBAAA;AACxB;AACA,YAAA,IAAI,CAACgB,MAAQ,EAAA;AACXA,gBAAAA,MAAAA,GAAS,EAAE;AACb;AACAA,YAAAA,MAAAA,GAASJ,KAAMC,CAAAA,IAAI,CAAC,IAAIC,GAAI,CAAA;AAAIE,gBAAAA,GAAAA,MAAAA;AAAWjB,gBAAAA,GAAAA;AAAU,aAAA,CAAA,CAAA;;YAErD,IAAIkB,QAAAA,GAAWN,UAAU,CAAC,WAAY,CAAA;AACtC,YAAA,IAAI,CAACM,QAAAA,IAAYF,GAAIL,CAAAA,WAAW,EAAE;gBAChCO,QAAW,GAAA;AAAIjB,oBAAAA,GAAAA;AAAS,iBAAA;AAC1B;AACA,YAAA,IAAI,CAACiB,QAAU,EAAA;AACbA,gBAAAA,QAAAA,GAAW,EAAE;AACf;AACAA,YAAAA,QAAAA,GAAWL,KAAMC,CAAAA,IAAI,CAAC,IAAIC,GAAI,CAAA;AAAIG,gBAAAA,GAAAA,QAAAA;AAAalB,gBAAAA,GAAAA;AAAU,aAAA,CAAA,CAAA;;YAEzD,OAAO;AACL,gBAAA,GAAGQ,CAAC;gBACJJ,MAAQ,EAAA;AACN,oBAAA,GAAGA,MAAM;oBACTM,qBAAuB,EAAA;AACrB,wBAAA,GAAGM,GAAG;wBACNJ,UAAY,EAAA;AACV,4BAAA,GAAGA,UAAU;4BACb,SAAWK,EAAAA,MAAAA;4BACX,WAAaC,EAAAA;AACf;AACF;AACF;AACF,aAAA;AACF;QACA,OAAOV,CAAAA;AACT,KAAA,CAAA;AAEAL,IAAAA,MAAAA,CAAOC,MAAM,CAACe,GAAG,CAAC,aAAeb,EAAAA,qBAAAA,CAAAA;AACnC,CAAA;;;;"}
+{"version":3,"file":"register.js","sources":["../../server/src/register.ts"],"sourcesContent":["import type { Core } from '@strapi/types';\nimport { CSP_DEFAULTS, extendMiddlewareConfiguration } from '@strapi/utils';\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n  const aiEnabledConfig = strapi.config.get('admin.ai.enabled') !== false;\n  const isAIEnabled = aiEnabledConfig && strapi.ee.features.isEnabled('cms-ai');\n\n  if (isAIEnabled) {\n    const s3Domains = [\n      'strapi-ai-staging.s3.us-east-1.amazonaws.com',\n      'strapi-ai-production.s3.us-east-1.amazonaws.com',\n    ];\n\n    const defaultImgSrc = CSP_DEFAULTS['img-src'];\n    const defaultMediaSrc = CSP_DEFAULTS['media-src'];\n\n    // Extend the security middleware configuration to include S3 domains + defaults\n    const middlewares = strapi.config.get('middlewares') as (\n      | string\n      | { name?: string; config?: any }\n    )[];\n\n    const configuredMiddlewares = extendMiddlewareConfiguration(middlewares, {\n      name: 'strapi::security',\n      config: {\n        contentSecurityPolicy: {\n          directives: {\n            'img-src': [...defaultImgSrc, ...s3Domains],\n            'media-src': [...defaultMediaSrc, ...s3Domains],\n          },\n        },\n      },\n    });\n\n    strapi.config.set('middlewares', configuredMiddlewares);\n  }\n};\n"],"names":["strapi","aiEnabledConfig","config","get","isAIEnabled","ee","features","isEnabled","s3Domains","defaultImgSrc","CSP_DEFAULTS","defaultMediaSrc","middlewares","configuredMiddlewares","extendMiddlewareConfiguration","name","contentSecurityPolicy","directives","set"],"mappings":";;;;AAGA,eAAe,CAAA,OAAO,EAAEA,MAAM,EAA2B,GAAA;AACvD,IAAA,MAAMC,kBAAkBD,MAAOE,CAAAA,MAAM,CAACC,GAAG,CAAC,kBAAwB,CAAA,KAAA,KAAA;IAClE,MAAMC,WAAAA,GAAcH,mBAAmBD,MAAOK,CAAAA,EAAE,CAACC,QAAQ,CAACC,SAAS,CAAC,QAAA,CAAA;AAEpE,IAAA,IAAIH,WAAa,EAAA;AACf,QAAA,MAAMI,SAAY,GAAA;AAChB,YAAA,8CAAA;AACA,YAAA;AACD,SAAA;QAED,MAAMC,aAAAA,GAAgBC,kBAAY,CAAC,SAAU,CAAA;QAC7C,MAAMC,eAAAA,GAAkBD,kBAAY,CAAC,WAAY,CAAA;;AAGjD,QAAA,MAAME,WAAcZ,GAAAA,MAAAA,CAAOE,MAAM,CAACC,GAAG,CAAC,aAAA,CAAA;QAKtC,MAAMU,qBAAAA,GAAwBC,oCAA8BF,WAAa,EAAA;YACvEG,IAAM,EAAA,kBAAA;YACNb,MAAQ,EAAA;gBACNc,qBAAuB,EAAA;oBACrBC,UAAY,EAAA;wBACV,SAAW,EAAA;AAAIR,4BAAAA,GAAAA,aAAAA;AAAkBD,4BAAAA,GAAAA;AAAU,yBAAA;wBAC3C,WAAa,EAAA;AAAIG,4BAAAA,GAAAA,eAAAA;AAAoBH,4BAAAA,GAAAA;AAAU;AACjD;AACF;AACF;AACF,SAAA,CAAA;AAEAR,QAAAA,MAAAA,CAAOE,MAAM,CAACgB,GAAG,CAAC,aAAeL,EAAAA,qBAAAA,CAAAA;AACnC;AACF,CAAA;;;;"}

package/dist/server/register.mjs

@@ -1,95 +1,36 @@
-/**
- * This file ensures that the Strapi security middleware's Content Security Policy (CSP)
- * allows images and media from both the default sources ("'self'", 'data:', 'blob:')
- * and the required S3 domains for AI features. It checks for existing 'img-src' and 'media-src'
- * directives and adds the S3 domains if not present. If no directives exist but useDefaults is true,
- * it adds the defaults plus the S3 domains. This guarantees that all required sources are allowed
- * without overwriting user configuration.
- */ var register = (async ()=>{
-    const s3Domains = [
-        'strapi-ai-staging.s3.us-east-1.amazonaws.com',
-        'strapi-ai-production.s3.us-east-1.amazonaws.com'
-    ];
-    const defaults = [
-        "'self'",
-        'data:',
-        'blob:'
-    ];
-    const middlewares = strapi.config.get('middlewares');
-    const configuredMiddlewares = middlewares.map((m)=>{
-        // Handle case where middleware is a string 'strapi::security'
-        if (typeof m === 'string' && m === 'strapi::security') {
-            return {
-                name: 'strapi::security',
-                config: {
-                    contentSecurityPolicy: {
-                        useDefaults: true,
-                        directives: {
-                            'img-src': Array.from(new Set([
-                                ...defaults,
-                                ...s3Domains
-                            ])),
-                            'media-src': Array.from(new Set([
-                                ...defaults,
-                                ...s3Domains
-                            ]))
-                        }
+import { CSP_DEFAULTS, extendMiddlewareConfiguration } from '@strapi/utils';
+
+var register = (async ({ strapi })=>{
+    const aiEnabledConfig = strapi.config.get('admin.ai.enabled') !== false;
+    const isAIEnabled = aiEnabledConfig && strapi.ee.features.isEnabled('cms-ai');
+    if (isAIEnabled) {
+        const s3Domains = [
+            'strapi-ai-staging.s3.us-east-1.amazonaws.com',
+            'strapi-ai-production.s3.us-east-1.amazonaws.com'
+        ];
+        const defaultImgSrc = CSP_DEFAULTS['img-src'];
+        const defaultMediaSrc = CSP_DEFAULTS['media-src'];
+        // Extend the security middleware configuration to include S3 domains + defaults
+        const middlewares = strapi.config.get('middlewares');
+        const configuredMiddlewares = extendMiddlewareConfiguration(middlewares, {
+            name: 'strapi::security',
+            config: {
+                contentSecurityPolicy: {
+                    directives: {
+                        'img-src': [
+                            ...defaultImgSrc,
+                            ...s3Domains
+                        ],
+                        'media-src': [
+                            ...defaultMediaSrc,
+                            ...s3Domains
+                        ]
                     }
                 }
-            };
-        }
-        // Handle case where middleware is an object with name 'strapi::security'
-        if (typeof m === 'object' && m.name === 'strapi::security') {
-            const config = m.config || {};
-            const csp = config.contentSecurityPolicy || {};
-            const directives = csp.directives || {};
-            // img-src
-            let imgSrc = directives['img-src'];
-            if (!imgSrc && csp.useDefaults) {
-                imgSrc = [
-                    ...defaults
-                ];
-            }
-            if (!imgSrc) {
-                imgSrc = [];
-            }
-            imgSrc = Array.from(new Set([
-                ...imgSrc,
-                ...s3Domains
-            ]));
-            // media-src
-            let mediaSrc = directives['media-src'];
-            if (!mediaSrc && csp.useDefaults) {
-                mediaSrc = [
-                    ...defaults
-                ];
             }
-            if (!mediaSrc) {
-                mediaSrc = [];
-            }
-            mediaSrc = Array.from(new Set([
-                ...mediaSrc,
-                ...s3Domains
-            ]));
-            // Set back
-            return {
-                ...m,
-                config: {
-                    ...config,
-                    contentSecurityPolicy: {
-                        ...csp,
-                        directives: {
-                            ...directives,
-                            'img-src': imgSrc,
-                            'media-src': mediaSrc
-                        }
-                    }
-                }
-            };
-        }
-        return m;
-    });
-    strapi.config.set('middlewares', configuredMiddlewares);
+        });
+        strapi.config.set('middlewares', configuredMiddlewares);
+    }
 });
 
 export { register as default };

package/dist/server/register.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"register.mjs","sources":["../../server/src/register.ts"],"sourcesContent":["/**\n * This file ensures that the Strapi security middleware's Content Security Policy (CSP)\n * allows images and media from both the default sources (\"'self'\", 'data:', 'blob:')\n * and the required S3 domains for AI features. It checks for existing 'img-src' and 'media-src'\n * directives and adds the S3 domains if not present. If no directives exist but useDefaults is true,\n * it adds the defaults plus the S3 domains. This guarantees that all required sources are allowed\n * without overwriting user configuration.\n */\nexport default async () => {\n  const s3Domains = [\n    'strapi-ai-staging.s3.us-east-1.amazonaws.com',\n    'strapi-ai-production.s3.us-east-1.amazonaws.com',\n  ];\n  const defaults = [\"'self'\", 'data:', 'blob:'];\n  const middlewares = strapi.config.get('middlewares') as (\n    | string\n    | { name?: string; config?: any }\n  )[];\n\n  const configuredMiddlewares = middlewares.map((m) => {\n    // Handle case where middleware is a string 'strapi::security'\n    if (typeof m === 'string' && m === 'strapi::security') {\n      return {\n        name: 'strapi::security',\n        config: {\n          contentSecurityPolicy: {\n            useDefaults: true,\n            directives: {\n              'img-src': Array.from(new Set([...defaults, ...s3Domains])),\n              'media-src': Array.from(new Set([...defaults, ...s3Domains])),\n            },\n          },\n        },\n      };\n    }\n    // Handle case where middleware is an object with name 'strapi::security'\n    if (typeof m === 'object' && m.name === 'strapi::security') {\n      const config = m.config || {};\n      const csp = config.contentSecurityPolicy || {};\n      const directives = csp.directives || {};\n      // img-src\n      let imgSrc = directives['img-src'];\n      if (!imgSrc && csp.useDefaults) {\n        imgSrc = [...defaults];\n      }\n      if (!imgSrc) {\n        imgSrc = [];\n      }\n      imgSrc = Array.from(new Set([...imgSrc, ...s3Domains]));\n      // media-src\n      let mediaSrc = directives['media-src'];\n      if (!mediaSrc && csp.useDefaults) {\n        mediaSrc = [...defaults];\n      }\n      if (!mediaSrc) {\n        mediaSrc = [];\n      }\n      mediaSrc = Array.from(new Set([...mediaSrc, ...s3Domains]));\n      // Set back\n      return {\n        ...m,\n        config: {\n          ...config,\n          contentSecurityPolicy: {\n            ...csp,\n            directives: {\n              ...directives,\n              'img-src': imgSrc,\n              'media-src': mediaSrc,\n            },\n          },\n        },\n      };\n    }\n    return m;\n  });\n\n  strapi.config.set('middlewares', configuredMiddlewares);\n};\n"],"names":["s3Domains","defaults","middlewares","strapi","config","get","configuredMiddlewares","map","m","name","contentSecurityPolicy","useDefaults","directives","Array","from","Set","csp","imgSrc","mediaSrc","set"],"mappings":"AAAA;;;;;;;AAOC,IACD,eAAe,CAAA,UAAA;AACb,IAAA,MAAMA,SAAY,GAAA;AAChB,QAAA,8CAAA;AACA,QAAA;AACD,KAAA;AACD,IAAA,MAAMC,QAAW,GAAA;AAAC,QAAA,QAAA;AAAU,QAAA,OAAA;AAAS,QAAA;AAAQ,KAAA;AAC7C,IAAA,MAAMC,WAAcC,GAAAA,MAAAA,CAAOC,MAAM,CAACC,GAAG,CAAC,aAAA,CAAA;AAKtC,IAAA,MAAMC,qBAAwBJ,GAAAA,WAAAA,CAAYK,GAAG,CAAC,CAACC,CAAAA,GAAAA;;AAE7C,QAAA,IAAI,OAAOA,CAAAA,KAAM,QAAYA,IAAAA,CAAAA,KAAM,kBAAoB,EAAA;YACrD,OAAO;gBACLC,IAAM,EAAA,kBAAA;gBACNL,MAAQ,EAAA;oBACNM,qBAAuB,EAAA;wBACrBC,WAAa,EAAA,IAAA;wBACbC,UAAY,EAAA;AACV,4BAAA,SAAA,EAAWC,KAAMC,CAAAA,IAAI,CAAC,IAAIC,GAAI,CAAA;AAAId,gCAAAA,GAAAA,QAAAA;AAAaD,gCAAAA,GAAAA;AAAU,6BAAA,CAAA,CAAA;AACzD,4BAAA,WAAA,EAAaa,KAAMC,CAAAA,IAAI,CAAC,IAAIC,GAAI,CAAA;AAAId,gCAAAA,GAAAA,QAAAA;AAAaD,gCAAAA,GAAAA;AAAU,6BAAA,CAAA;AAC7D;AACF;AACF;AACF,aAAA;AACF;;AAEA,QAAA,IAAI,OAAOQ,CAAM,KAAA,QAAA,IAAYA,CAAEC,CAAAA,IAAI,KAAK,kBAAoB,EAAA;AAC1D,YAAA,MAAML,MAASI,GAAAA,CAAAA,CAAEJ,MAAM,IAAI,EAAC;AAC5B,YAAA,MAAMY,GAAMZ,GAAAA,MAAAA,CAAOM,qBAAqB,IAAI,EAAC;AAC7C,YAAA,MAAME,UAAaI,GAAAA,GAAAA,CAAIJ,UAAU,IAAI,EAAC;;YAEtC,IAAIK,MAAAA,GAASL,UAAU,CAAC,SAAU,CAAA;AAClC,YAAA,IAAI,CAACK,MAAAA,IAAUD,GAAIL,CAAAA,WAAW,EAAE;gBAC9BM,MAAS,GAAA;AAAIhB,oBAAAA,GAAAA;AAAS,iBAAA;AACxB;AACA,YAAA,IAAI,CAACgB,MAAQ,EAAA;AACXA,gBAAAA,MAAAA,GAAS,EAAE;AACb;AACAA,YAAAA,MAAAA,GAASJ,KAAMC,CAAAA,IAAI,CAAC,IAAIC,GAAI,CAAA;AAAIE,gBAAAA,GAAAA,MAAAA;AAAWjB,gBAAAA,GAAAA;AAAU,aAAA,CAAA,CAAA;;YAErD,IAAIkB,QAAAA,GAAWN,UAAU,CAAC,WAAY,CAAA;AACtC,YAAA,IAAI,CAACM,QAAAA,IAAYF,GAAIL,CAAAA,WAAW,EAAE;gBAChCO,QAAW,GAAA;AAAIjB,oBAAAA,GAAAA;AAAS,iBAAA;AAC1B;AACA,YAAA,IAAI,CAACiB,QAAU,EAAA;AACbA,gBAAAA,QAAAA,GAAW,EAAE;AACf;AACAA,YAAAA,QAAAA,GAAWL,KAAMC,CAAAA,IAAI,CAAC,IAAIC,GAAI,CAAA;AAAIG,gBAAAA,GAAAA,QAAAA;AAAalB,gBAAAA,GAAAA;AAAU,aAAA,CAAA,CAAA;;YAEzD,OAAO;AACL,gBAAA,GAAGQ,CAAC;gBACJJ,MAAQ,EAAA;AACN,oBAAA,GAAGA,MAAM;oBACTM,qBAAuB,EAAA;AACrB,wBAAA,GAAGM,GAAG;wBACNJ,UAAY,EAAA;AACV,4BAAA,GAAGA,UAAU;4BACb,SAAWK,EAAAA,MAAAA;4BACX,WAAaC,EAAAA;AACf;AACF;AACF;AACF,aAAA;AACF;QACA,OAAOV,CAAAA;AACT,KAAA,CAAA;AAEAL,IAAAA,MAAAA,CAAOC,MAAM,CAACe,GAAG,CAAC,aAAeb,EAAAA,qBAAAA,CAAAA;AACnC,CAAA;;;;"}
+{"version":3,"file":"register.mjs","sources":["../../server/src/register.ts"],"sourcesContent":["import type { Core } from '@strapi/types';\nimport { CSP_DEFAULTS, extendMiddlewareConfiguration } from '@strapi/utils';\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n  const aiEnabledConfig = strapi.config.get('admin.ai.enabled') !== false;\n  const isAIEnabled = aiEnabledConfig && strapi.ee.features.isEnabled('cms-ai');\n\n  if (isAIEnabled) {\n    const s3Domains = [\n      'strapi-ai-staging.s3.us-east-1.amazonaws.com',\n      'strapi-ai-production.s3.us-east-1.amazonaws.com',\n    ];\n\n    const defaultImgSrc = CSP_DEFAULTS['img-src'];\n    const defaultMediaSrc = CSP_DEFAULTS['media-src'];\n\n    // Extend the security middleware configuration to include S3 domains + defaults\n    const middlewares = strapi.config.get('middlewares') as (\n      | string\n      | { name?: string; config?: any }\n    )[];\n\n    const configuredMiddlewares = extendMiddlewareConfiguration(middlewares, {\n      name: 'strapi::security',\n      config: {\n        contentSecurityPolicy: {\n          directives: {\n            'img-src': [...defaultImgSrc, ...s3Domains],\n            'media-src': [...defaultMediaSrc, ...s3Domains],\n          },\n        },\n      },\n    });\n\n    strapi.config.set('middlewares', configuredMiddlewares);\n  }\n};\n"],"names":["strapi","aiEnabledConfig","config","get","isAIEnabled","ee","features","isEnabled","s3Domains","defaultImgSrc","CSP_DEFAULTS","defaultMediaSrc","middlewares","configuredMiddlewares","extendMiddlewareConfiguration","name","contentSecurityPolicy","directives","set"],"mappings":";;AAGA,eAAe,CAAA,OAAO,EAAEA,MAAM,EAA2B,GAAA;AACvD,IAAA,MAAMC,kBAAkBD,MAAOE,CAAAA,MAAM,CAACC,GAAG,CAAC,kBAAwB,CAAA,KAAA,KAAA;IAClE,MAAMC,WAAAA,GAAcH,mBAAmBD,MAAOK,CAAAA,EAAE,CAACC,QAAQ,CAACC,SAAS,CAAC,QAAA,CAAA;AAEpE,IAAA,IAAIH,WAAa,EAAA;AACf,QAAA,MAAMI,SAAY,GAAA;AAChB,YAAA,8CAAA;AACA,YAAA;AACD,SAAA;QAED,MAAMC,aAAAA,GAAgBC,YAAY,CAAC,SAAU,CAAA;QAC7C,MAAMC,eAAAA,GAAkBD,YAAY,CAAC,WAAY,CAAA;;AAGjD,QAAA,MAAME,WAAcZ,GAAAA,MAAAA,CAAOE,MAAM,CAACC,GAAG,CAAC,aAAA,CAAA;QAKtC,MAAMU,qBAAAA,GAAwBC,8BAA8BF,WAAa,EAAA;YACvEG,IAAM,EAAA,kBAAA;YACNb,MAAQ,EAAA;gBACNc,qBAAuB,EAAA;oBACrBC,UAAY,EAAA;wBACV,SAAW,EAAA;AAAIR,4BAAAA,GAAAA,aAAAA;AAAkBD,4BAAAA,GAAAA;AAAU,yBAAA;wBAC3C,WAAa,EAAA;AAAIG,4BAAAA,GAAAA,eAAAA;AAAoBH,4BAAAA,GAAAA;AAAU;AACjD;AACF;AACF;AACF,SAAA,CAAA;AAEAR,QAAAA,MAAAA,CAAOE,MAAM,CAACgB,GAAG,CAAC,aAAeL,EAAAA,qBAAAA,CAAAA;AACnC;AACF,CAAA;;;;"}

package/dist/server/src/index.d.ts

@@ -7,7 +7,9 @@ declare const _default: () => {
     bootstrap: ({ strapi }: {
         strapi: import("@strapi/types/dist/core").Strapi;
     }) => Promise<void>;
-    register: () => Promise<void>;
+    register: ({ strapi }: {
+        strapi: import("@strapi/types/dist/core").Strapi;
+    }) => Promise<void>;
     services: {
         'content-types': typeof import("./services/content-types");
         components: typeof import("./services/components");

package/dist/server/src/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../server/src/index.ts"],"names":[],"mappings":"AACA,OAAO,eAAe,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AASvB,wBAOG"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../server/src/index.ts"],"names":[],"mappings":"AACA,OAAO,eAAe,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AASvB,wBAOG"}

package/dist/server/src/register.d.ts

@@ -1,11 +1,6 @@
-/**
- * This file ensures that the Strapi security middleware's Content Security Policy (CSP)
- * allows images and media from both the default sources ("'self'", 'data:', 'blob:')
- * and the required S3 domains for AI features. It checks for existing 'img-src' and 'media-src'
- * directives and adds the S3 domains if not present. If no directives exist but useDefaults is true,
- * it adds the defaults plus the S3 domains. This guarantees that all required sources are allowed
- * without overwriting user configuration.
- */
-declare const _default: () => Promise<void>;
+import type { Core } from '@strapi/types';
+declare const _default: ({ strapi }: {
+    strapi: Core.Strapi;
+}) => Promise<void>;
 export default _default;
 //# sourceMappingURL=register.d.ts.map

package/dist/server/src/register.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../../../server/src/register.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;;AACH,wBAsEE"}
+{"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../../../server/src/register.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;qCAGR;IAAE,MAAM,EAAE,KAAK,MAAM,CAAA;CAAE;AAAzD,wBAiCE"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/content-type-builder",
-  "version": "5.28.0",
+  "version": "5.30.0",
   "description": "Create and manage content types",
   "repository": {
     "type": "git",
@@ -68,9 +68,9 @@
     "@reduxjs/toolkit": "1.9.7",
     "@sindresorhus/slugify": "1.1.0",
     "@strapi/design-system": "2.0.0-rc.30",
-    "@strapi/generators": "5.28.0",
+    "@strapi/generators": "5.30.0",
     "@strapi/icons": "2.0.0-rc.30",
-    "@strapi/utils": "5.28.0",
+    "@strapi/utils": "5.30.0",
     "ai": "5.0.26",
     "date-fns": "2.30.0",
     "fs-extra": "11.2.0",
@@ -88,8 +88,8 @@
     "zod": "3.25.67"
   },
   "devDependencies": {
-    "@strapi/admin": "5.28.0",
-    "@strapi/types": "5.28.0",
+    "@strapi/admin": "5.30.0",
+    "@strapi/types": "5.30.0",
     "@testing-library/dom": "10.1.0",
     "@testing-library/react": "15.0.7",
     "@testing-library/user-event": "14.5.2",