bosia 0.5.0 → 0.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "bosia",
|
|
3
|
-
"version": "0.5.
|
|
3
|
+
"version": "0.5.1",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "A fast, batteries-included fullstack framework — SSR · Svelte 5 Runes · Bun · ElysiaJS. File-based routing inspired by SvelteKit. No Node.js, no Vite, no adapters.",
|
|
6
6
|
"keywords": [
|
package/src/core/server.ts
CHANGED
|
@@ -563,12 +563,21 @@ async function resolve(event: RequestEvent): Promise<Response> {
|
|
|
563
563
|
|
|
564
564
|
// ─── Request Entry ────────────────────────────────────────
|
|
565
565
|
|
|
566
|
+
// Set DISABLE_X_FRAME_OPTIONS=true to omit `X-Frame-Options: SAMEORIGIN`.
|
|
567
|
+
// Useful when the app is intentionally embedded as an iframe by a different origin
|
|
568
|
+
// (preview/proxy hubs, design tools, etc.). Other security headers stay on.
|
|
569
|
+
const _xfoDisabled = process.env.DISABLE_X_FRAME_OPTIONS === "true";
|
|
570
|
+
|
|
566
571
|
const SECURITY_HEADERS: Record<string, string> = {
|
|
567
572
|
"X-Content-Type-Options": "nosniff",
|
|
568
|
-
"X-Frame-Options": "SAMEORIGIN",
|
|
573
|
+
...(_xfoDisabled ? {} : { "X-Frame-Options": "SAMEORIGIN" }),
|
|
569
574
|
"Referrer-Policy": "strict-origin-when-cross-origin",
|
|
570
575
|
};
|
|
571
576
|
|
|
577
|
+
if (_xfoDisabled) {
|
|
578
|
+
console.log("🪟 X-Frame-Options disabled (DISABLE_X_FRAME_OPTIONS=true)");
|
|
579
|
+
}
|
|
580
|
+
|
|
572
581
|
async function handleRequest(request: Request, url: URL): Promise<Response> {
|
|
573
582
|
// Reject new non-health requests during shutdown
|
|
574
583
|
if (shuttingDown && url.pathname !== "/_health") {
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { defineConfig } from "bosia";
|
|
2
|
+
import { inspector } from "bosia/plugins/inspector";
|
|
3
|
+
|
|
4
|
+
export default defineConfig({
|
|
5
|
+
plugins: [
|
|
6
|
+
// Dev-only: Alt+click any element on the page to open its source in your editor.
|
|
7
|
+
// Change `editor` to "cursor" or "zed" if you don't use VS Code.
|
|
8
|
+
inspector({ editor: "code" }),
|
|
9
|
+
],
|
|
10
|
+
});
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { defineConfig } from "bosia";
|
|
2
|
+
import { inspector } from "bosia/plugins/inspector";
|
|
3
|
+
|
|
4
|
+
export default defineConfig({
|
|
5
|
+
plugins: [
|
|
6
|
+
// Dev-only: Alt+click any element on the page to open its source in your editor.
|
|
7
|
+
// Change `editor` to "cursor" or "zed" if you don't use VS Code.
|
|
8
|
+
inspector({ editor: "code" }),
|
|
9
|
+
],
|
|
10
|
+
});
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { defineConfig } from "bosia";
|
|
2
|
+
import { inspector } from "bosia/plugins/inspector";
|
|
3
|
+
|
|
4
|
+
export default defineConfig({
|
|
5
|
+
plugins: [
|
|
6
|
+
// Dev-only: Alt+click any element on the page to open its source in your editor.
|
|
7
|
+
// Change `editor` to "cursor" or "zed" if you don't use VS Code.
|
|
8
|
+
inspector({ editor: "code" }),
|
|
9
|
+
],
|
|
10
|
+
});
|