contentful 11.12.3 → 11.12.5

package/dist/contentful.browser.js

@@ -1447,10 +1447,10 @@ var contentful = (function (exports) {
    * @returns {Object} The JSON-compatible object.
    */
   var toJSONObject = function toJSONObject(obj) {
-    var stack = new Array(10);
-    var _visit = function visit(source, i) {
+    var visited = new WeakSet();
+    var _visit = function visit(source) {
       if (isObject(source)) {
-        if (stack.indexOf(source) >= 0) {
+        if (visited.has(source)) {
           return;
         }
 
@@ -1459,19 +1459,20 @@ var contentful = (function (exports) {
           return source;
         }
         if (!('toJSON' in source)) {
-          stack[i] = source;
+          // add-on descent / delete-on-ascent: preserves path semantics, so DAG nodes serialise at every occurrence (see #7230).
+          visited.add(source);
           var target = isArray$7(source) ? [] : {};
           forEach(source, function (value, key) {
-            var reducedValue = _visit(value, i + 1);
+            var reducedValue = _visit(value);
             !isUndefined(reducedValue) && (target[key] = reducedValue);
           });
-          stack[i] = undefined;
+          visited.delete(source);
           return target;
         }
       }
       return source;
     };
-    return _visit(obj, 0);
+    return _visit(obj);
   };
 
   /**
@@ -1642,8 +1643,6 @@ var contentful = (function (exports) {
     });
     return parsed;
   };
-  var $internals = Symbol('internals');
-  var INVALID_HEADER_VALUE_CHARS_RE = /[^\x09\x20-\x7E\x80-\xFF]/g;
   function trimSPorHTAB(str) {
     var start = 0;
     var end = str.length;
@@ -1663,12 +1662,37 @@ var contentful = (function (exports) {
     }
     return start === 0 && end === str.length ? str : str.slice(start, end);
   }
+
+  // The control-code ranges are intentional: header sanitization strips C0/DEL bytes.
+  // eslint-disable-next-line no-control-regex
+  var INVALID_UNICODE_HEADER_VALUE_CHARS = new RegExp("[\\u0000-\\u0008\\u000a-\\u001f\\u007f]+", 'g');
+  // eslint-disable-next-line no-control-regex
+  var INVALID_BYTE_STRING_HEADER_VALUE_CHARS = new RegExp("[^\\u0009\\u0020-\\u007e\\u0080-\\u00ff]+", 'g');
+  function sanitizeValue(value, invalidChars) {
+    if (utils$1$1.isArray(value)) {
+      return value.map(function (item) {
+        return sanitizeValue(item, invalidChars);
+      });
+    }
+    return trimSPorHTAB(String(value).replace(invalidChars, ''));
+  }
+  var sanitizeHeaderValue = function sanitizeHeaderValue(value) {
+    return sanitizeValue(value, INVALID_UNICODE_HEADER_VALUE_CHARS);
+  };
+  var sanitizeByteStringHeaderValue = function sanitizeByteStringHeaderValue(value) {
+    return sanitizeValue(value, INVALID_BYTE_STRING_HEADER_VALUE_CHARS);
+  };
+  function toByteStringHeaderObject(headers) {
+    var byteStringHeaders = Object.create(null);
+    utils$1$1.forEach(headers.toJSON(), function (value, header) {
+      byteStringHeaders[header] = sanitizeByteStringHeaderValue(value);
+    });
+    return byteStringHeaders;
+  }
+  var $internals = Symbol('internals');
   function normalizeHeader(header) {
     return header && String(header).trim().toLowerCase();
   }
-  function sanitizeHeaderValue(str) {
-    return trimSPorHTAB(str.replace(INVALID_HEADER_VALUE_CHARS_RE, ''));
-  }
   function normalizeValue(value) {
     if (value === false || value == null) {
       return value;
@@ -2621,7 +2645,7 @@ var contentful = (function (exports) {
         }
         return !isNumericKey;
       }
-      if (!target[name] || !utils$1$1.isObject(target[name])) {
+      if (!utils$1$1.hasOwnProp(target, name) || !utils$1$1.isObject(target[name])) {
         target[name] = [];
       }
       var result = buildPath(path, value, target[name], index);
@@ -2915,6 +2939,9 @@ var contentful = (function (exports) {
     var bytesNotified = 0;
     var _speedometer = speedometer(50, 250);
     return throttle(function (e) {
+      if (!e || typeof e.loaded !== 'number') {
+        return;
+      }
       var rawLoaded = e.loaded;
       var total = e.lengthComputable ? e.total : undefined;
       var loaded = total != null ? Math.min(rawLoaded, total) : rawLoaded;
@@ -3382,7 +3409,7 @@ var contentful = (function (exports) {
 
       // Add headers to the request
       if ('setRequestHeader' in request) {
-        utils$1$1.forEach(requestHeaders.toJSON(), function setRequestHeader(val, key) {
+        utils$1$1.forEach(toByteStringHeaderObject(requestHeaders), function setRequestHeader(val, key) {
           request.setRequestHeader(key, val);
         });
       }
@@ -3443,42 +3470,43 @@ var contentful = (function (exports) {
     });
   };
   var composeSignals = function composeSignals(signals, timeout) {
-    var _signals = signals = signals ? signals.filter(Boolean) : [],
-      length = _signals.length;
-    if (timeout || length) {
-      var controller = new AbortController();
-      var aborted;
-      var onabort = function onabort(reason) {
-        if (!aborted) {
-          aborted = true;
-          unsubscribe();
-          var err = reason instanceof Error ? reason : this.reason;
-          controller.abort(err instanceof AxiosError ? err : new CanceledError(err instanceof Error ? err.message : err));
-        }
-      };
-      var timer = timeout && setTimeout(function () {
-        timer = null;
-        onabort(new AxiosError("timeout of ".concat(timeout, "ms exceeded"), AxiosError.ETIMEDOUT));
-      }, timeout);
-      var unsubscribe = function unsubscribe() {
-        if (signals) {
-          timer && clearTimeout(timer);
-          timer = null;
-          signals.forEach(function (signal) {
-            signal.unsubscribe ? signal.unsubscribe(onabort) : signal.removeEventListener('abort', onabort);
-          });
-          signals = null;
-        }
-      };
+    signals = signals ? signals.filter(Boolean) : [];
+    if (!timeout && !signals.length) {
+      return;
+    }
+    var controller = new AbortController();
+    var aborted = false;
+    var onabort = function onabort(reason) {
+      if (!aborted) {
+        aborted = true;
+        unsubscribe();
+        var err = reason instanceof Error ? reason : this.reason;
+        controller.abort(err instanceof AxiosError ? err : new CanceledError(err instanceof Error ? err.message : err));
+      }
+    };
+    var timer = timeout && setTimeout(function () {
+      timer = null;
+      onabort(new AxiosError("timeout of ".concat(timeout, "ms exceeded"), AxiosError.ETIMEDOUT));
+    }, timeout);
+    var unsubscribe = function unsubscribe() {
+      if (!signals) {
+        return;
+      }
+      timer && clearTimeout(timer);
+      timer = null;
       signals.forEach(function (signal) {
-        return signal.addEventListener('abort', onabort);
+        signal.unsubscribe ? signal.unsubscribe(onabort) : signal.removeEventListener('abort', onabort);
       });
-      var signal = controller.signal;
-      signal.unsubscribe = function () {
-        return utils$1$1.asap(unsubscribe);
-      };
-      return signal;
-    }
+      signals = null;
+    };
+    signals.forEach(function (signal) {
+      return signal.addEventListener('abort', onabort);
+    });
+    var signal = controller.signal;
+    signal.unsubscribe = function () {
+      return utils$1$1.asap(unsubscribe);
+    };
+    return signal;
   };
   var streamChunk = /*#__PURE__*/_regeneratorRuntime.mark(function streamChunk(chunk, chunkSize) {
     var len, pos, end;
@@ -3778,7 +3806,7 @@ var contentful = (function (exports) {
     }
     return bytes;
   }
-  var VERSION = "1.16.0";
+  var VERSION = "1.16.1";
   var DEFAULT_CHUNK_SIZE = 64 * 1024;
   var isFunction = utils$1$1.isFunction;
   var test = function test(fn) {
@@ -3792,8 +3820,7 @@ var contentful = (function (exports) {
     }
   };
   var factory = function factory(env) {
-    var _utils$1$global;
-    var globalObject = (_utils$1$global = utils$1$1.global) !== null && _utils$1$global !== void 0 ? _utils$1$global : globalThis;
+    var globalObject = utils$1$1.global !== undefined && utils$1$1.global !== null ? utils$1$1.global : globalThis;
     var ReadableStream = globalObject.ReadableStream,
       TextEncoder = globalObject.TextEncoder;
     env = utils$1$1.merge.call({
@@ -4039,7 +4066,7 @@ var contentful = (function (exports) {
               resolvedOptions = _objectSpread$2(_objectSpread$2({}, fetchOptions), {}, {
                 signal: composedSignal,
                 method: method.toUpperCase(),
-                headers: headers.normalize().toJSON(),
+                headers: toByteStringHeaderObject(headers.normalize()),
                 body: data,
                 duplex: 'half',
                 credentials: isCredentialsSupported ? withCredentials : undefined
@@ -10087,8 +10114,13 @@ var contentful = (function (exports) {
     }
     var isValidConfig = isValidTimelinePreviewConfig(timelinePreview);
     // Show error if used outside of CPA.
-    // Opt-out of the error if a custom domain is used and CPA could not be idenfified
-    var isValidHost = typeof host === 'string' && (!host.includes('contentful') || host.startsWith('preview'));
+    // Opt-out of the error if a custom domain is used and CPA could not be identified.
+    // Use an exact domain match to avoid false-positives on proxy hostnames that contain
+    // "contentful" as a substring (e.g. api-contentful-proxy.example.com).
+    var PREVIEW_HOST_REGEX = /^preview(\.eu)?\.contentful\.com$/;
+    var isContentfulHost = typeof host === 'string' && PREVIEW_HOST_REGEX.test(host);
+    var isCustomHost = typeof host !== 'string' || !host.endsWith('.contentful.com');
+    var isValidHost = isContentfulHost || isCustomHost;
     if (isValidConfig && !isValidHost) {
       throw new ValidationError('timelinePreview', "The 'timelinePreview' parameter can only be used with the CPA. Please set host to 'preview.contentful.com' or 'preview.eu.contentful.com' to enable Timeline Preview.\n      ");
     }