astro 5.2.6 → 5.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -153,7 +153,7 @@ ${contentConfig.error.message}`);
153
153
  logger.info("Content config changed");
154
154
  shouldClear = true;
155
155
  }
156
- if (previousAstroVersion && previousAstroVersion !== "5.2.6") {
156
+ if (previousAstroVersion && previousAstroVersion !== "5.3.0") {
157
157
  logger.info("Astro version changed");
158
158
  shouldClear = true;
159
159
  }
@@ -161,8 +161,8 @@ ${contentConfig.error.message}`);
161
161
  logger.info("Clearing content store");
162
162
  this.#store.clearAll();
163
163
  }
164
- if ("5.2.6") {
165
- await this.#store.metaStore().set("astro-version", "5.2.6");
164
+ if ("5.3.0") {
165
+ await this.#store.metaStore().set("astro-version", "5.3.0");
166
166
  }
167
167
  if (currentConfigDigest) {
168
168
  await this.#store.metaStore().set("content-config-digest", currentConfigDigest);
@@ -4,26 +4,27 @@ const FORM_CONTENT_TYPES = [
4
4
  "multipart/form-data",
5
5
  "text/plain"
6
6
  ];
7
+ const SAFE_METHODS = ["GET", "HEAD", "OPTIONS"];
7
8
  function createOriginCheckMiddleware() {
8
9
  return defineMiddleware((context, next) => {
9
10
  const { request, url, isPrerendered } = context;
10
11
  if (isPrerendered) {
11
12
  return next();
12
13
  }
13
- if (request.method === "GET") {
14
+ if (SAFE_METHODS.includes(request.method)) {
14
15
  return next();
15
16
  }
16
- const sameOrigin = (request.method === "POST" || request.method === "PUT" || request.method === "PATCH" || request.method === "DELETE") && request.headers.get("origin") === url.origin;
17
+ const isSameOrigin = request.headers.get("origin") === url.origin;
17
18
  const hasContentType = request.headers.has("content-type");
18
19
  if (hasContentType) {
19
20
  const formLikeHeader = hasFormLikeHeader(request.headers.get("content-type"));
20
- if (formLikeHeader && !sameOrigin) {
21
+ if (formLikeHeader && !isSameOrigin) {
21
22
  return new Response(`Cross-site ${request.method} form submissions are forbidden`, {
22
23
  status: 403
23
24
  });
24
25
  }
25
26
  } else {
26
- if (!sameOrigin) {
27
+ if (!isSameOrigin) {
27
28
  return new Response(`Cross-site ${request.method} form submissions are forbidden`, {
28
29
  status: 403
29
30
  });
@@ -41,9 +41,7 @@ function vitePluginManifest(options, internals) {
41
41
  `import { deserializeManifest as _deserializeManifest } from 'astro/app'`,
42
42
  `import { _privateSetManifestDontUseThis } from 'astro:ssr-manifest'`
43
43
  ];
44
- const resolvedDriver = await resolveSessionDriver(
45
- options.settings.config.experimental?.session?.driver
46
- );
44
+ const resolvedDriver = await resolveSessionDriver(options.settings.config.session?.driver);
47
45
  const contents = [
48
46
  `const manifest = _deserializeManifest('${manifestReplace}');`,
49
47
  `if (manifest.sessionConfig) manifest.sessionConfig.driverModule = ${resolvedDriver ? `() => import(${JSON.stringify(resolvedDriver)})` : "null"};`,
@@ -232,7 +230,7 @@ function buildManifest(opts, internals, staticFiles, encodedKey) {
232
230
  checkOrigin: (settings.config.security?.checkOrigin && settings.buildOutput === "server") ?? false,
233
231
  serverIslandNameMap: Array.from(settings.serverIslandNameMap),
234
232
  key: encodedKey,
235
- sessionConfig: settings.config.experimental.session
233
+ sessionConfig: settings.config.session
236
234
  };
237
235
  }
238
236
  export {