authhero 0.229.0 → 0.231.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authhero.cjs +2 -2
- package/dist/authhero.mjs +10 -12
- package/package.json +1 -1
package/dist/authhero.mjs
CHANGED
|
@@ -22661,11 +22661,7 @@ function wf(t, e = [], n = {}) {
|
|
|
22661
22661
|
const r = new URL(t);
|
|
22662
22662
|
return e.some((i) => {
|
|
22663
22663
|
try {
|
|
22664
|
-
return a5(
|
|
22665
|
-
r,
|
|
22666
|
-
new URL(i),
|
|
22667
|
-
n.allowPathWildcards
|
|
22668
|
-
);
|
|
22664
|
+
return a5(r, new URL(i), n);
|
|
22669
22665
|
} catch {
|
|
22670
22666
|
return !1;
|
|
22671
22667
|
}
|
|
@@ -22674,18 +22670,18 @@ function wf(t, e = [], n = {}) {
|
|
|
22674
22670
|
return !1;
|
|
22675
22671
|
}
|
|
22676
22672
|
}
|
|
22677
|
-
function a5(t, e, n) {
|
|
22673
|
+
function a5(t, e, n = {}) {
|
|
22678
22674
|
if (t.protocol !== e.protocol)
|
|
22679
22675
|
return !1;
|
|
22680
|
-
if (n && e.pathname.includes("*")) {
|
|
22676
|
+
if (n.allowPathWildcards && e.pathname.includes("*")) {
|
|
22681
22677
|
const r = e.pathname.replace(/\*/g, ".*").replace(/\//g, "\\/");
|
|
22682
22678
|
if (!new RegExp(`^${r}$`).test(t.pathname))
|
|
22683
22679
|
return !1;
|
|
22684
22680
|
} else if (t.pathname !== e.pathname)
|
|
22685
22681
|
return !1;
|
|
22686
|
-
if (e.hostname.startsWith("*.") && e.hostname.split(".").length > 2 && ["http:", "https:"].includes(e.protocol)) {
|
|
22682
|
+
if (n.allowSubDomainWildcards && e.hostname.startsWith("*.") && e.hostname.split(".").length > 2 && ["http:", "https:"].includes(e.protocol)) {
|
|
22687
22683
|
const r = e.hostname.split(".").slice(1).join(".");
|
|
22688
|
-
return t.hostname.endsWith(r);
|
|
22684
|
+
return t.hostname === r || t.hostname.endsWith("." + r);
|
|
22689
22685
|
}
|
|
22690
22686
|
return t.hostname === e.hostname;
|
|
22691
22687
|
}
|
|
@@ -22724,7 +22720,7 @@ const c5 = new be().openapi(
|
|
|
22724
22720
|
...r.allowed_logout_urls || [],
|
|
22725
22721
|
...(i == null ? void 0 : i.allowed_logout_urls) || []
|
|
22726
22722
|
],
|
|
22727
|
-
{ allowPathWildcards: !0 }
|
|
22723
|
+
{ allowPathWildcards: !0, allowSubDomainWildcards: !0 }
|
|
22728
22724
|
))
|
|
22729
22725
|
throw new E(400, {
|
|
22730
22726
|
message: "Invalid redirect uri"
|
|
@@ -26370,7 +26366,8 @@ const BE = ["email", "sms", "Username-Password-Authentication"], LE = new be().o
|
|
|
26370
26366
|
if (K.redirect_uri) {
|
|
26371
26367
|
const F = M.callbacks || [];
|
|
26372
26368
|
if (t.var.host && (F.push(`${pl(t.env)}/*`), F.push(`${ft(t.env)}/*`)), !wf(K.redirect_uri, F, {
|
|
26373
|
-
allowPathWildcards: !0
|
|
26369
|
+
allowPathWildcards: !0,
|
|
26370
|
+
allowSubDomainWildcards: !0
|
|
26374
26371
|
}))
|
|
26375
26372
|
throw new E(400, {
|
|
26376
26373
|
message: `Invalid redirect URI - ${K.redirect_uri}`
|
|
@@ -26484,7 +26481,8 @@ const BE = ["email", "sms", "Username-Password-Authentication"], LE = new be().o
|
|
|
26484
26481
|
if (l.redirect_uri) {
|
|
26485
26482
|
const A = a.callbacks || [];
|
|
26486
26483
|
if (t.var.host && (A.push(`${pl(t.env)}/*`), A.push(`${ft(t.env)}/*`)), !wf(l.redirect_uri, A, {
|
|
26487
|
-
allowPathWildcards: !0
|
|
26484
|
+
allowPathWildcards: !0,
|
|
26485
|
+
allowSubDomainWildcards: !0
|
|
26488
26486
|
}))
|
|
26489
26487
|
throw new E(400, {
|
|
26490
26488
|
message: `Invalid redirect URI - ${l.redirect_uri}`
|