npm - dinou - Versions diffs - 4.0.2 → 4.0.3 - Mend

dinou 4.0.2 → 4.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/).
+## [4.0.3]
+### Fixed
+- Add missing headers (e.g. authorization) to headers whitelist.
 ## [4.0.2]
 ### Fixed

package/dinou/core/server.js CHANGED Viewed

@@ -54,11 +54,11 @@ if (isDevelopment) {
     process.cwd(),
     isWebpack
       ? `${outputFolder}/react-client-manifest.json`
-      : `react_client_manifest/react-client-manifest.json`
+      : `react_client_manifest/react-client-manifest.json`,
   );
   const manifestFolderPath = path.resolve(
     process.cwd(),
-    isWebpack ? outputFolder : "react_client_manifest"
+    isWebpack ? outputFolder : "react_client_manifest",
   );
   let manifestWatcher = null;
@@ -139,7 +139,7 @@ if (isDevelopment) {
         }
       } catch (err) {
         console.warn(
-          `[Server HMR] Could not resolve or clear ${modulePath}: ${err.message}`
+          `[Server HMR] Could not resolve or clear ${modulePath}: ${err.message}`,
         );
       }
     }
@@ -234,7 +234,7 @@ if (!isDevelopment) {
     process.cwd(),
     isWebpack
       ? `${outputFolder}/server-functions-manifest.json`
-      : `server_functions_manifest/server-functions-manifest.json`
+      : `server_functions_manifest/server-functions-manifest.json`,
   ); // Adjust 'dist/' to your outdir
   if (existsSync(manifestPath)) {
     serverFunctionsManifest = JSON.parse(readFileSync(manifestPath, "utf8"));
@@ -258,7 +258,7 @@ function getContext(req, res) {
   const safeResCall = (methodName, ...args) => {
     if (res.headersSent) {
       console.log(
-        `[Dinou] res.${methodName} called but headers already sent. Ignoring.`
+        `[Dinou] res.${methodName} called but headers already sent. Ignoring.`,
       );
       // console.warn(
       //   `[Dinou Warning] RSC Stream active. Ignoring res.${methodName}() to avoid crash.`
@@ -301,6 +301,12 @@ function getContext(req, res) {
         cookie: req.headers["cookie"],
         referer: req.headers["referer"],
         host: req.headers["host"],
+        authorization: req.headers["authorization"],
+        "accept-language": req.headers["accept-language"],
+        "x-forwarded-for": req.headers["x-forwarded-for"],
+        forwarded: req.headers["forwarded"],
+        "content-type": req.headers["content-type"],
+        origin: req.headers["origin"],
       },
       query: { ...req.query },
       path: req.path,
@@ -344,6 +350,12 @@ function getContextForServerFunctionEndpoint(req, res) {
         cookie: req.headers["cookie"],
         referer: req.headers["referer"],
         host: req.headers["host"],
+        authorization: req.headers["authorization"],
+        "accept-language": req.headers["accept-language"],
+        "x-forwarded-for": req.headers["x-forwarded-for"],
+        forwarded: req.headers["forwarded"],
+        "content-type": req.headers["content-type"],
+        origin: req.headers["origin"],
       },
       query: { ...req.query },
       path: req.path,
@@ -385,7 +397,7 @@ function getContextForServerFunctionEndpoint(req, res) {
         // 🛑 Security: JS cannot write HttpOnly cookies
         if (options && options.httpOnly) {
           console.error(
-            `[Dinou Error] Cannot set HttpOnly cookie '${name}' in Server Function endpoint because streaming has started.`
+            `[Dinou Error] Cannot set HttpOnly cookie '${name}' in Server Function endpoint because streaming has started.`,
           );
           return;
         }
@@ -426,7 +438,7 @@ function getContextForServerFunctionEndpoint(req, res) {
         const safePath = JSON.stringify(path);
         res.write(
-          `<script>document.cookie = ${safeName} + "=; Max-Age=0; path=" + ${safePath} + ";";</script>`
+          `<script>document.cookie = ${safeName} + "=; Max-Age=0; path=" + ${safePath} + ";";</script>`,
         );
       },
     },
@@ -465,10 +477,10 @@ if (!isDevelopment) {
         process.cwd(),
         isWebpack
           ? `${outputFolder}/react-client-manifest.json`
-          : `react_client_manifest/react-client-manifest.json`
+          : `react_client_manifest/react-client-manifest.json`,
       ),
-      "utf8"
-    )
+      "utf8",
+    ),
   );
 }
@@ -484,9 +496,9 @@ async function serveRSCPayload(req, res, isOld = false, isStatic = false) {
           ? "/____rsc_payload_old_static____"
           : "/____rsc_payload_old____"
         : isStatic
-        ? "/____rsc_payload_static____"
-        : "/____rsc_payload____",
-      ""
+          ? "/____rsc_payload_static____"
+          : "/____rsc_payload____",
+      "",
     );
     // 1. Correct Map initialization
     if (!isDynamic.has(reqPath)) {
@@ -512,7 +524,7 @@ async function serveRSCPayload(req, res, isOld = false, isStatic = false) {
       const payloadPath = path.resolve(
         "dist2",
         reqPath.replace(/^\//, ""),
-        isOld || regenerating.has(reqPath) ? "rsc._old.rsc" : "rsc.rsc"
+        isOld || regenerating.has(reqPath) ? "rsc._old.rsc" : "rsc.rsc",
       );
       const distDir = path.resolve("dist2");
@@ -546,7 +558,7 @@ async function serveRSCPayload(req, res, isOld = false, isStatic = false) {
         reqPath,
         { ...req.query },
         isNotFound,
-        isDevelopment
+        isDevelopment,
       );
       const manifest = isDevelopment
         ? JSON.parse(
@@ -555,10 +567,10 @@ async function serveRSCPayload(req, res, isOld = false, isStatic = false) {
                 process.cwd(),
                 isWebpack
                   ? `${outputFolder}/react-client-manifest.json`
-                  : `react_client_manifest/react-client-manifest.json`
+                  : `react_client_manifest/react-client-manifest.json`,
               ),
-              "utf8"
-            )
+              "utf8",
+            ),
           )
         : cachedClientManifest;
@@ -596,7 +608,7 @@ app.post(/^\/____rsc_payload_error____\/.*\/?$/, async (req, res) => {
       reqPath,
       { ...req.query },
       req.body.error,
-      isDevelopment
+      isDevelopment,
     );
     const manifest = isDevelopment
       ? JSON.parse(
@@ -605,10 +617,10 @@ app.post(/^\/____rsc_payload_error____\/.*\/?$/, async (req, res) => {
               process.cwd(),
               isWebpack
                 ? `${outputFolder}/react-client-manifest.json`
-                : `react_client_manifest/react-client-manifest.json`
+                : `react_client_manifest/react-client-manifest.json`,
             ),
-            "utf8"
-          )
+            "utf8",
+          ),
         )
       : cachedClientManifest;
     const { pipe } = renderToPipeableStream(jsx, manifest);
@@ -702,6 +714,12 @@ app.get(/^\/.*\/?$/, (req, res) => {
           cookie: req.headers["cookie"],
           referer: req.headers["referer"],
           host: req.headers["host"],
+          authorization: req.headers["authorization"],
+          "accept-language": req.headers["accept-language"],
+          "x-forwarded-for": req.headers["x-forwarded-for"],
+          forwarded: req.headers["forwarded"],
+          "content-type": req.headers["content-type"],
+          origin: req.headers["origin"],
         },
         path: req.path,
         method: req.method,
@@ -718,7 +736,7 @@ app.get(/^\/.*\/?$/, (req, res) => {
           contextForChild,
           res,
           capturedStatus,
-          isDynamic
+          isDynamic,
         );
         res.setHeader("Content-Type", "text/html");
@@ -805,7 +823,7 @@ app.post("/____server_function____", async (req, res) => {
     // 2. Origin Check (NEW)
     if (!isDevelopment && !isOriginAllowed(req)) {
       console.error(
-        `[Security] Blocked request from origin: ${req.headers.origin}`
+        `[Security] Blocked request from origin: ${req.headers.origin}`,
       );
       return res.status(403).json({ error: "Origin not allowed" });
     }
@@ -932,7 +950,7 @@ app.post("/____server_function____", async (req, res) => {
         process.cwd(),
         isWebpack
           ? `${outputFolder}/react-client-manifest.json`
-          : `react_client_manifest/react-client-manifest.json`
+          : `react_client_manifest/react-client-manifest.json`,
       );
       // Verify that the manifest exists to avoid errors
       if (!existsSync(manifestPath)) {
@@ -976,10 +994,10 @@ const http = require("http");
     await new Promise((resolve) => {
       server.listen(port, () => {
         console.log(
-          `\n🚀 Dinou Server is ready and listening on http://localhost:${port}`
+          `\n🚀 Dinou Server is ready and listening on http://localhost:${port}`,
         );
         console.log(
-          `   Environment: ${isDevelopment ? "Development" : "Production"}`
+          `   Environment: ${isDevelopment ? "Development" : "Production"}`,
         );
         resolve();
       });
@@ -996,7 +1014,7 @@ const http = require("http");
         .catch((err) => {
           console.error(
             "❌ [Background] Static generation failed (App continues in Dynamic Mode):",
-            err
+            err,
           );
           isReady = true;
         });

package/dinou/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "dinou",
-  "version": "4.0.1",
+  "version": "4.0.3",
   "main": "index.js",
   "private": true,
   "exports": {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "dinou",
-  "version": "4.0.2",
+  "version": "4.0.3",
   "description": "Modern Full-Stack React 19 framework with React Server Components, Server Functions, and Streaming SSR.",
   "main": "index.js",
   "bin": {