create-brainerce-store 1.28.8 → 1.28.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/index.js +1 -1
  2. package/package.json +1 -1
  3. package/templates/nextjs/base/next.config.ts +5 -1
  4. package/templates/nextjs/base/src/app/products/[slug]/page.tsx +11 -2
  5. package/templates/nextjs/base/src/middleware.ts.ejs +8 -2
package/dist/index.js CHANGED
@@ -31,7 +31,7 @@ var require_package = __commonJS({
31
31
  "package.json"(exports2, module2) {
32
32
  module2.exports = {
33
33
  name: "create-brainerce-store",
34
- version: "1.28.8",
34
+ version: "1.28.10",
35
35
  description: "Scaffold a production-ready e-commerce storefront connected to Brainerce",
36
36
  bin: {
37
37
  "create-brainerce-store": "dist/index.js"
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "create-brainerce-store",
3
- "version": "1.28.8",
3
+ "version": "1.28.10",
4
4
  "description": "Scaffold a production-ready e-commerce storefront connected to Brainerce",
5
5
  "bin": {
6
6
  "create-brainerce-store": "dist/index.js"
package/templates/nextjs/base/next.config.ts CHANGED
@@ -24,7 +24,11 @@ const nextConfig: NextConfig = {
24
24
  value: 'max-age=63072000; includeSubDomains; preload',
25
25
  },
26
26
  { key: 'X-Content-Type-Options', value: 'nosniff' },
27
- { key: 'X-Frame-Options', value: 'DENY' },
27
+ // SAMEORIGIN (not DENY) so iframe-based payment providers (e.g. Cardcom)
28
+ // can redirect the iframe back to /payment-complete on the storefront
29
+ // itself after a successful charge — the postMessage relay needs the
30
+ // parent frame to be able to render our own same-origin page.
31
+ { key: 'X-Frame-Options', value: 'SAMEORIGIN' },
28
32
  { key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin' },
29
33
  {
30
34
  key: 'Permissions-Policy',
package/templates/nextjs/base/src/app/products/[slug]/page.tsx CHANGED
@@ -1,4 +1,5 @@
1
1
  import type { Metadata } from 'next';
2
+ import { headers } from 'next/headers';
2
3
  import { notFound } from 'next/navigation';
3
4
  import { getServerClient } from '@/lib/brainerce';
4
5
  import { ProductJsonLd } from '@/components/seo/product-json-ld';
@@ -8,12 +9,19 @@ type Props = {
8
9
  params: Promise<{ slug: string }>;
9
10
  };
10
11
 
12
+ // Read the locale the middleware set on this request so the SDK can resolve
13
+ // translated slugs (translations[locale].slug) in addition to the base slug.
14
+ async function getRequestLocale(): Promise<string | undefined> {
15
+ return (await headers()).get('x-locale') ?? undefined;
16
+ }
17
+
11
18
  export async function generateMetadata({ params }: Props): Promise<Metadata> {
12
19
  const { slug } = await params;
20
+ const locale = await getRequestLocale();
13
21
 
14
22
  try {
15
23
  const client = getServerClient();
16
- const product = await client.getProductBySlug(slug);
24
+ const product = await client.getProductBySlug(slug, { locale });
17
25
  const imageUrl = product.images?.[0]?.url;
18
26
  const description = product.description?.substring(0, 160) || product.name;
19
27
 
@@ -45,11 +53,12 @@ export async function generateMetadata({ params }: Props): Promise<Metadata> {
45
53
 
46
54
  export default async function ProductDetailPage({ params }: Props) {
47
55
  const { slug } = await params;
56
+ const locale = await getRequestLocale();
48
57
 
49
58
  let product;
50
59
  try {
51
60
  const client = getServerClient();
52
- product = await client.getProductBySlug(slug);
61
+ product = await client.getProductBySlug(slug, { locale });
53
62
  } catch {
54
63
  notFound();
55
64
  }
package/templates/nextjs/base/src/middleware.ts.ejs CHANGED
@@ -35,7 +35,10 @@ function buildCsp(nonce: string): string {
35
35
  "frame-src 'self' https://meshulam.co.il https://*.meshulam.co.il https://grow.link https://*.grow.link https://grow.security https://*.grow.security https://creditguard.co.il https://*.creditguard.co.il https://js.stripe.com https://hooks.stripe.com https://pay.google.com https://secure.cardcom.solutions https://checkout.stripe.com https://www.paypal.com https://www.sandbox.paypal.com",
36
36
  "connect-src 'self' https://*.meshulam.co.il https://grow.link https://*.grow.link https://*.grow.security https://pay.google.com https://*.stripe.com https://*.creditguard.co.il",
37
37
  "worker-src 'self' blob:",
38
- "frame-ancestors 'none'",
38
+ // 'self' (not 'none') so iframe-based payment providers (e.g. Cardcom)
39
+ // can redirect the iframe back to /payment-complete on the storefront
40
+ // itself after a successful charge.
41
+ "frame-ancestors 'self'",
39
42
  "base-uri 'self'",
40
43
  "form-action 'self'",
41
44
  "object-src 'none'",
@@ -149,7 +152,10 @@ function buildCsp(nonce: string): string {
149
152
  "frame-src 'self' https://meshulam.co.il https://*.meshulam.co.il https://grow.link https://*.grow.link https://grow.security https://*.grow.security https://creditguard.co.il https://*.creditguard.co.il https://js.stripe.com https://hooks.stripe.com https://pay.google.com https://secure.cardcom.solutions https://checkout.stripe.com https://www.paypal.com https://www.sandbox.paypal.com",
150
153
  "connect-src 'self' https://*.meshulam.co.il https://grow.link https://*.grow.link https://*.grow.security https://pay.google.com https://*.stripe.com https://*.creditguard.co.il",
151
154
  "worker-src 'self' blob:",
152
- "frame-ancestors 'none'",
155
+ // 'self' (not 'none') so iframe-based payment providers (e.g. Cardcom)
156
+ // can redirect the iframe back to /payment-complete on the storefront
157
+ // itself after a successful charge.
158
+ "frame-ancestors 'self'",
153
159
  "base-uri 'self'",
154
160
  "form-action 'self'",
155
161
  "object-src 'none'",