npm - bv-ui-core - Versions diffs - 2.9.11 → 2.9.12 - Mend

bv-ui-core 2.9.11 → 2.9.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/lib/cookie/index.js +13 -23
package/lib/global/index.js +1 -1
package/package.json +3 -1
package/test/unit/bvFetch/index.spec.js +1 -1
package/test/unit/cookie/index.spec.js +0 -146
package/test/unit/global/index.spec.js +19 -0

package/lib/cookie/index.js CHANGED Viewed

@@ -16,29 +16,19 @@ var store = {};
  * @param {Number} days The cookie lifespan in days.
  * @param {String} [domain] The domain for the cookie.
  * @param {Boolean} [secure] Whether this is a secure cookie.
- * @param {String} [sameSite='Lax'] The SameSite attribute ('Strict', 'Lax', or 'None'). Defaults to 'Lax'.
  */
-function createCookie (name, value, days, domain, secure, sameSite = 'Lax') {
+function createCookie (name, value, days, domain, secure) {
   var date = new Date();
   date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
   var expires = days ? ';expires=' + date.toGMTString() : '';
-  // Determine if the cookie should be secure.
-  // Force the Secure flag if the page is loaded over HTTPS, OR if the explicit `secure` argument is true.
-  // This ensures that all cookies (including BVBRANDID) set by this library are secure in production environments.
-  var isSecure = secure || (global.location && global.location.protocol === 'https:');
-  // SameSite=None requires the Secure flag, so we fallback to 'Lax' if not secure.
-  var sameSiteValue = (sameSite === 'None' && !isSecure) ? 'Lax' : sameSite;
   var c = encodeURIComponent(name) + '=' +
     encodeURIComponent(value) +
     expires +
     ';path=/' +
     (domain ? (';domain=' + domain) : '') +
-    (isSecure ? ';secure' : '') +
-    ';SameSite=' + sameSiteValue;
+    (secure ? (';secure') : '');
   global.document.cookie = c;
 }
@@ -75,7 +65,7 @@ function readCookie (name) {
 function removeCookie (name, domain) {
   delete store[name];
   if (domain) {
-    createCookie(name, '', -1, domain);
+    createCookie(name, null, -1, domain);
   }
   else {
     createCookie(name, '', -1);
@@ -83,23 +73,23 @@ function removeCookie (name, domain) {
 }
 module.exports = {
-  create: function (name, value, days, domain, secure, sameSite) {
+  create: function (name, value, days, domain, secure) {
     store[name] = value;
     var consentPresent = cookieConsent.getConsent(name);
     if (consentPresent) {
-      createCookie(name, value, days, domain, secure, sameSite);
+      createCookie(name, value, days, domain, secure);
     }
-    cookieConsent.subscribe(name, 'add', function (consent) {
+    cookieConsent.subscribe(name,'add',function (consent) {
       if (consent) {
-        createCookie(name, value, days, domain, secure, sameSite);
-      }
-      else {
-        removeCookie(name, domain);
-      }
-    });
+        createCookie(name,value,days,domain,secure);
+      }
+      else {
+        removeCookie(name,domain)
+      }
+    })
     cookieConsent.subscribe(name, 'enable', function () {
-      createCookie(name, value, days, domain, secure, sameSite);
+      createCookie(name, value, days, domain, secure);
     });
     cookieConsent.subscribe(name, 'disable', function () {

package/lib/global/index.js CHANGED Viewed

@@ -18,7 +18,7 @@ var getGlobal = function () {
     windows object during transpilation with __esModule being set. Below code would support
     global import in all bundle use cases
   */
-  if (globalObj && globalObj.__esModule) {
+  if (globalObj && globalObj.__esModule && typeof window !== 'undefined' && globalObj !== window) {
     const proxyGlobal = new Proxy(globalObj, {
       get: function (target, prop) {
         if (prop === 'default') {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "bv-ui-core",
-  "version": "2.9.11",
+  "version": "2.9.12",
   "license": "Apache 2.0",
   "description": "Bazaarvoice UI-related JavaScript",
   "repository": {
@@ -33,12 +33,14 @@
     "karma-firefox-launcher": "^1.1.0",
     "karma-htmlfile-reporter": "^0.3.6",
     "karma-mocha": "^1.3.0",
+    "karma-phantomjs-launcher": "^1.0.4",
     "karma-sinon": "^1.0.5",
     "karma-sinon-chai": "^1.3.4",
     "karma-webpack": "^1.7.0",
     "lodash": "^4.17.10",
     "mocha": "^5.2.0",
     "node-libs-browser": "1.0.0",
+    "phantomjs": "^2.1.7",
     "sinon": "^4.5.0",
     "sinon-chai": "^2.14.0",
     "webpack": "^1.15.0"

package/test/unit/bvFetch/index.spec.js CHANGED Viewed

@@ -66,7 +66,7 @@ describe('BvFetch', function () {
       statusText: 'OK',
       headers: {
         'Cache-Control': 'max-age=3600',
-        'X-Bazaarvoice-Cached-Time': Date.now()
+        'X-Cached-Time': Date.now()
       }
     });

package/test/unit/cookie/index.spec.js CHANGED Viewed

@@ -43,149 +43,3 @@ describe('lib/cookie', function () {
   });
 });
-describe('lib/cookie secure flag behavior', function () {
-  var originalProtocol;
-  beforeEach(function () {
-    // Store original protocol to restore after each test
-    originalProtocol = global.location && global.location.protocol;
-  });
-  afterEach(function () {
-    // Restore original protocol
-    if (global.location) {
-      // Some browsers don't allow direct assignment to location.protocol
-      // so we use Object.defineProperty where possible
-      try {
-        Object.defineProperty(global.location, 'protocol', {
-          value: originalProtocol,
-          writable: true,
-          configurable: true
-        });
-      }
-      catch (e) {
-        // If we can't restore, tests may need to run in isolation
-      }
-    }
-    // Clean up test cookies
-    deleteCookie('test%20secure');
-    deleteCookie('test%20https');
-    deleteCookie('test%20http');
-  });
-  it('should set secure flag when secure=true is explicitly passed', function () {
-    cookieConsent.initConsent({
-      'test secure': true
-    });
-    // Create cookie with explicit secure=true
-    cookie.create('test secure', 'securevalue', 1, null, true);
-    // Note: We can't directly check if secure flag was set via document.cookie
-    // because secure cookies are not visible in document.cookie on http pages.
-    // This test verifies the function doesn't throw when secure=true is passed.
-    expect(true).to.equal(true);
-    // Clean up
-    deleteCookie('test%20secure');
-  });
-  it('should automatically set secure flag on HTTPS pages', function () {
-    // Skip if we can't modify location.protocol
-    if (!global.location) {
-      this.skip();
-      return;
-    }
-    try {
-      Object.defineProperty(global.location, 'protocol', {
-        value: 'https:',
-        writable: true,
-        configurable: true
-      });
-    }
-    catch (e) {
-      // Browser doesn't allow protocol modification, skip test
-      this.skip();
-      return;
-    }
-    cookieConsent.initConsent({
-      'test https': true
-    });
-    // Create cookie without explicit secure flag - should auto-secure on HTTPS
-    cookie.create('test https', 'httpsvalue', 1);
-    // The cookie creation should succeed without errors
-    // On actual HTTPS, the secure flag would be set automatically
-    expect(true).to.equal(true);
-    // Clean up
-    deleteCookie('test%20https');
-  });
-  it('should NOT set secure flag on HTTP pages when secure param is not passed', function () {
-    // Skip if we can't modify location.protocol
-    if (!global.location) {
-      this.skip();
-      return;
-    }
-    try {
-      Object.defineProperty(global.location, 'protocol', {
-        value: 'http:',
-        writable: true,
-        configurable: true
-      });
-    }
-    catch (e) {
-      // Browser doesn't allow protocol modification, skip test
-      this.skip();
-      return;
-    }
-    cookieConsent.initConsent({
-      'test http': true
-    });
-    // Create cookie without secure flag on HTTP
-    cookie.create('test http', 'httpvalue', 1);
-    // Cookie should be readable (not secure, so visible on HTTP)
-    expect(global.document.cookie).to.have.string('test%20http=httpvalue');
-    // Clean up
-    deleteCookie('test%20http');
-  });
-  it('should handle missing global.location gracefully', function () {
-    var originalLocation = global.location;
-    // Temporarily remove location
-    try {
-      delete global.location;
-    }
-    catch (e) {
-      // Can't delete location in some environments, skip
-      this.skip();
-      return;
-    }
-    cookieConsent.initConsent({
-      'test nolocation': true
-    });
-    // Should not throw when global.location is undefined
-    expect(function () {
-      cookie.create('test nolocation', 'value', 1);
-    }).to.not.throw();
-    // Restore location
-    global.location = originalLocation;
-    // Clean up
-    deleteCookie('test%20nolocation');
-  });
-});

package/test/unit/global/index.spec.js CHANGED Viewed

@@ -24,4 +24,23 @@ describe('lib/global', function () {
     }
   });
+  it('should not wrap window in a Proxy when globalObj is window even if __esModule is set', function () {
+    if (typeof window !== 'undefined') {
+      window.__esModule = true;
+      var result = require('../../../lib/global');
+      // When globalObj === window, the proxy branch should be skipped,
+      // so the result should be strictly equal to window.
+      expect(result).to.equal(window);
+      delete window.__esModule;
+    }
+  });
+  it('should return the global object directly when __esModule is not set', function () {
+    if (typeof window !== 'undefined') {
+      delete window.__esModule;
+      var result = require('../../../lib/global');
+      expect(result).to.equal(window);
+    }
+  });
 });