@uniformdev/canvas-next-rsc 20.67.1-alpha.22 → 20.67.1-alpha.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/handler.js +11 -2
  2. package/dist/handler.mjs +11 -2
  3. package/package.json +11 -11
package/dist/handler.js CHANGED
@@ -127,8 +127,17 @@ var createPreviewGETRouteHandler = (options) => {
127
127
  };
128
128
  };
129
129
  function validateLocalRedirectUrl(pathToRedirectTo) {
130
- if (pathToRedirectTo == null ? void 0 : pathToRedirectTo.match(/^[a-z]+:\/\//g)) {
131
- throw new Error("Tried to redirect to absolute URL with protocol. Disallowing open redirect.");
130
+ if (!pathToRedirectTo) {
131
+ return;
132
+ }
133
+ let resolved;
134
+ try {
135
+ resolved = new URL(pathToRedirectTo, BASE_URL_EXAMPLE);
136
+ } catch (e) {
137
+ throw new Error("Invalid redirect path. Disallowing open redirect.");
138
+ }
139
+ if (resolved.origin !== BASE_URL_EXAMPLE) {
140
+ throw new Error("Tried to redirect off-origin. Disallowing open redirect.");
132
141
  }
133
142
  }
134
143
  var resolveFullPathDefault = ({ slug, path }) => {
package/dist/handler.mjs CHANGED
@@ -94,8 +94,17 @@ var createPreviewGETRouteHandler = (options) => {
94
94
  };
95
95
  };
96
96
  function validateLocalRedirectUrl(pathToRedirectTo) {
97
- if (pathToRedirectTo == null ? void 0 : pathToRedirectTo.match(/^[a-z]+:\/\//g)) {
98
- throw new Error("Tried to redirect to absolute URL with protocol. Disallowing open redirect.");
97
+ if (!pathToRedirectTo) {
98
+ return;
99
+ }
100
+ let resolved;
101
+ try {
102
+ resolved = new URL(pathToRedirectTo, BASE_URL_EXAMPLE);
103
+ } catch (e) {
104
+ throw new Error("Invalid redirect path. Disallowing open redirect.");
105
+ }
106
+ if (resolved.origin !== BASE_URL_EXAMPLE) {
107
+ throw new Error("Tried to redirect off-origin. Disallowing open redirect.");
99
108
  }
100
109
  }
101
110
  var resolveFullPathDefault = ({ slug, path }) => {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@uniformdev/canvas-next-rsc",
3
- "version": "20.67.1-alpha.22+329be3528c",
3
+ "version": "20.67.1-alpha.27+003af30589",
4
4
  "license": "SEE LICENSE IN LICENSE.txt",
5
5
  "scripts": {
6
6
  "build": "tsup",
@@ -60,15 +60,15 @@
60
60
  "react-dom": "19.2.1"
61
61
  },
62
62
  "dependencies": {
63
- "@uniformdev/canvas": "20.67.1-alpha.22+329be3528c",
64
- "@uniformdev/canvas-next-rsc-client": "^20.67.1-alpha.22+329be3528c",
65
- "@uniformdev/canvas-next-rsc-shared": "^20.67.1-alpha.22+329be3528c",
66
- "@uniformdev/canvas-react": "20.67.1-alpha.22+329be3528c",
67
- "@uniformdev/context": "20.67.1-alpha.22+329be3528c",
68
- "@uniformdev/project-map": "20.67.1-alpha.22+329be3528c",
69
- "@uniformdev/redirect": "20.67.1-alpha.22+329be3528c",
70
- "@uniformdev/richtext": "20.67.1-alpha.22+329be3528c",
71
- "@uniformdev/webhooks": "20.67.1-alpha.22+329be3528c",
63
+ "@uniformdev/canvas": "20.67.1-alpha.27+003af30589",
64
+ "@uniformdev/canvas-next-rsc-client": "^20.67.1-alpha.27+003af30589",
65
+ "@uniformdev/canvas-next-rsc-shared": "^20.67.1-alpha.27+003af30589",
66
+ "@uniformdev/canvas-react": "20.67.1-alpha.27+003af30589",
67
+ "@uniformdev/context": "20.67.1-alpha.27+003af30589",
68
+ "@uniformdev/project-map": "20.67.1-alpha.27+003af30589",
69
+ "@uniformdev/redirect": "20.67.1-alpha.27+003af30589",
70
+ "@uniformdev/richtext": "20.67.1-alpha.27+003af30589",
71
+ "@uniformdev/webhooks": "20.67.1-alpha.27+003af30589",
72
72
  "@vercel/edge-config": "^0.4.0",
73
73
  "encoding": "^0.1.13",
74
74
  "server-only": "^0.0.1",
@@ -85,5 +85,5 @@
85
85
  "publishConfig": {
86
86
  "access": "public"
87
87
  },
88
- "gitHead": "329be3528c6e4e6d01316386d18059ec0ffcd172"
88
+ "gitHead": "003af30589ea6dc98fb59f0dba35d82d4ee939d2"
89
89
  }