deckide 3.5.1 → 3.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/middleware/security.js +1 -1
  2. package/dist/routes/files.js +0 -7
  3. package/package.json +1 -1
package/dist/middleware/security.js CHANGED
@@ -11,6 +11,6 @@ export const securityHeaders = async (c, next) => {
11
11
  c.header('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
12
12
  c.header('Permissions-Policy', 'camera=(), microphone=(), geolocation=()');
13
13
  // Allow Monaco Editor from CDN, Google Fonts, and blob: for workers
14
- c.header('Content-Security-Policy', "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net blob:; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com data:; img-src 'self' data: blob:; connect-src 'self' ws: wss:; worker-src 'self' blob:;");
14
+ c.header('Content-Security-Policy', "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://static.cloudflareinsights.com blob:; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com data:; img-src 'self' data: blob:; connect-src 'self' ws: wss:; worker-src 'self' blob:;");
15
15
  await next();
16
16
  };
package/dist/routes/files.js CHANGED
@@ -44,13 +44,6 @@ export function createFileRouter(workspaces) {
44
44
  const rootInput = c.req.query('path') || DEFAULT_ROOT;
45
45
  const requestedPath = c.req.query('subpath') || '';
46
46
  const rootPath = normalizeWorkspacePath(rootInput);
47
- // When workspaces exist, restrict browsing to registered workspace paths
48
- if (workspaces.size > 0) {
49
- const isAllowed = [...workspaces.values()].some(ws => rootPath === ws.path || rootPath.startsWith(ws.path + path.sep));
50
- if (!isAllowed) {
51
- throw createHttpError('Path outside registered workspaces', 403);
52
- }
53
- }
54
47
  const target = await resolveSafePath(rootPath, requestedPath);
55
48
  const stats = await fs.stat(target);
56
49
  if (!stats.isDirectory()) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "deckide",
3
- "version": "3.5.1",
3
+ "version": "3.5.3",
4
4
  "description": "Deck IDE - Browser-based IDE with terminal, file explorer, and git integration",
5
5
  "type": "module",
6
6
  "bin": {