eddev 2.0.0-beta.143 → 2.0.0-beta.145

package/dist/app/server/utils/content-security.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"content-security.d.ts","sourceRoot":"","sources":["../../../../src/app/server/utils/content-security.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAA;AAC5D,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAG7D,QAAA,MAAM,QAAQ,kXAyBJ,CAAA;AAEV,MAAM,MAAM,MAAM,GAAG,CAAC,OAAO,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAA;AAE9C,MAAM,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;AAEnD,MAAM,MAAM,mCAAmC,GAAG;IAChD,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,YAAY,EAAE,CAAA;CACrB,CAAA;AAED,qBAAa,mBAAmB;IAC9B,SAAS,CAAC,GAAG,EAAE,SAAS,CAAA;IACxB,SAAS,CAAC,OAAO,EAAE,OAAO,CAAgB;IAE1C,OAAO,CAAC,UAAU,CAAQ;IAC1B,OAAO,CAAC,oBAAoB,CAAO;IACnC,OAAO,CAAC,QAAQ,CAAQ;IACxB,OAAO,CAAC,gBAAgB,CAAe;IAEvC,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,CAAA;gBAEtB,MAAM,EAAE,QAAQ;IA0B5B,eAAe,CAAC,IAAI,EAAE,WAAW,GAAG,WAAW;IAmB/C,WAAW,CAAC,IAAI,EAAE,YAAY,EAAE;IAkBhC,UAAU,IAAI,OAAO;IAWrB,iBAAiB,IAAI,MAAM,GAAG,SAAS;CAgBxC"}
+{"version":3,"file":"content-security.d.ts","sourceRoot":"","sources":["../../../../src/app/server/utils/content-security.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAA;AAC5D,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAG7D,QAAA,MAAM,QAAQ,kXAyBJ,CAAA;AAEV,MAAM,MAAM,MAAM,GAAG,CAAC,OAAO,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAA;AAE9C,MAAM,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;AAEnD,MAAM,MAAM,mCAAmC,GAAG;IAChD,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,YAAY,EAAE,CAAA;CACrB,CAAA;AAED,qBAAa,mBAAmB;IAC9B,SAAS,CAAC,GAAG,EAAE,SAAS,CAAA;IACxB,SAAS,CAAC,OAAO,EAAE,OAAO,CAAgB;IAE1C,OAAO,CAAC,UAAU,CAAQ;IAC1B,OAAO,CAAC,oBAAoB,CAAO;IACnC,OAAO,CAAC,QAAQ,CAAQ;IACxB,OAAO,CAAC,gBAAgB,CAAe;IAEvC,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,CAAA;gBAEtB,MAAM,EAAE,QAAQ;IAgC5B,eAAe,CAAC,IAAI,EAAE,WAAW,GAAG,WAAW;IAmB/C,WAAW,CAAC,IAAI,EAAE,YAAY,EAAE;IAkBhC,UAAU,IAAI,OAAO;IAWrB,iBAAiB,IAAI,MAAM,GAAG,SAAS;CAgBxC"}

package/dist/app/server/utils/content-security.js

@@ -53,6 +53,12 @@ export class SecureHeaderBuilder {
                 if (this.useNonce) {
                     defaults.push(`'nonce-${this.nonce}'`);
                 }
+                if (config.serverless.csp.values) {
+                    const value = config.serverless.csp.values[key];
+                    if (value) {
+                        defaults.push(...value);
+                    }
+                }
             }
             this.csp[key] = new Set(defaults);
         }

package/dist/node/cli/version.d.ts

@@ -1,2 +1,2 @@
-export declare const VERSION = "2.0.0-beta.138";
+export declare const VERSION = "2.0.0-beta.144";
 //# sourceMappingURL=version.d.ts.map

package/dist/node/cli/version.js

@@ -1 +1 @@
-export const VERSION = "2.0.0-beta.138";
+export const VERSION = "2.0.0-beta.144";

package/dist/node/project/config.d.ts

@@ -50,13 +50,16 @@ export declare const EDConfigSchema: z.ZodObject<{
             autoDetect: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
             nonce: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
             commonOrigins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+            values: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString, "many">>>;
         }, "strip", z.ZodTypeAny, {
             enabled: boolean;
             autoDetect: boolean;
             nonce: boolean;
+            values?: Record<string, string[]> | undefined;
             commonOrigins?: string[] | undefined;
         }, {
             enabled: boolean;
+            values?: Record<string, string[]> | undefined;
             autoDetect?: boolean | undefined;
             nonce?: boolean | undefined;
             commonOrigins?: string[] | undefined;
@@ -75,6 +78,7 @@ export declare const EDConfigSchema: z.ZodObject<{
             enabled: boolean;
             autoDetect: boolean;
             nonce: boolean;
+            values?: Record<string, string[]> | undefined;
             commonOrigins?: string[] | undefined;
         };
         cors?: {
@@ -95,6 +99,7 @@ export declare const EDConfigSchema: z.ZodObject<{
         } | undefined;
         csp?: {
             enabled: boolean;
+            values?: Record<string, string[]> | undefined;
             autoDetect?: boolean | undefined;
             nonce?: boolean | undefined;
             commonOrigins?: string[] | undefined;
@@ -173,6 +178,7 @@ export declare const EDConfigSchema: z.ZodObject<{
             enabled: boolean;
             autoDetect: boolean;
             nonce: boolean;
+            values?: Record<string, string[]> | undefined;
             commonOrigins?: string[] | undefined;
         };
         cors?: {
@@ -219,6 +225,7 @@ export declare const EDConfigSchema: z.ZodObject<{
         } | undefined;
         csp?: {
             enabled: boolean;
+            values?: Record<string, string[]> | undefined;
             autoDetect?: boolean | undefined;
             nonce?: boolean | undefined;
             commonOrigins?: string[] | undefined;

package/dist/node/project/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/node/project/config.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAKvB,OAAO,EAAE,OAAO,EAAyB,MAAM,cAAc,CAAA;AAE7D,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6IzB,CAAA;AAEF,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAA;AAErD,qBAAa,YAAY;IAGI,OAAO,EAAE,OAAO;IAF3C,MAAM,CAAC,EAAE,QAAQ,CAAA;IAEjB,OAAO;WAEM,MAAM,CAAC,OAAO,EAAE,OAAO;IAM9B,IAAI;YAQI,kBAAkB;YAYlB,UAAU;IAiCxB,OAAO,CAAC,WAAW;IAOnB,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO;CAUzD"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/node/project/config.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAKvB,OAAO,EAAE,OAAO,EAAyB,MAAM,cAAc,CAAA;AAE7D,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAiJzB,CAAA;AAEF,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAA;AAErD,qBAAa,YAAY;IAGI,OAAO,EAAE,OAAO;IAF3C,MAAM,CAAC,EAAE,QAAQ,CAAA;IAEjB,OAAO;WAEM,MAAM,CAAC,OAAO,EAAE,OAAO;IAM9B,IAAI;YAQI,kBAAkB;YAYlB,UAAU;IAiCxB,OAAO,CAAC,WAAW;IAOnB,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO;CAUzD"}

package/dist/node/project/config.js

@@ -84,6 +84,10 @@ export const EDConfigSchema = z.object({
                 .array()
                 .describe("A list of common origins, to be shared amoungst all directives. Items should be things like 'hubspot.com' or '*.hubspot.com'")
                 .optional(),
+            values: z
+                .record(z.string().array())
+                .optional()
+                .describe("A map of CSP directives to their values. Keys should be camelCase."),
         })
             .default({ enabled: true })
             .describe("Content Security Policy settings"),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "eddev",
-  "version": "2.0.0-beta.143",
+  "version": "2.0.0-beta.145",
   "description": "",
   "main": "index.js",
   "type": "module",

package/dist/app/server/define-server-config.d.ts

@@ -1 +0,0 @@
-//# sourceMappingURL=define-server-config.d.ts.map

package/dist/app/server/define-server-config.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"define-server-config.d.ts","sourceRoot":"","sources":["../../../src/app/server/define-server-config.ts"],"names":[],"mappings":""}

package/dist/app/server/define-server-config.js

@@ -1 +0,0 @@
-"use strict";

package/dist/app/server/server-config.d.ts

@@ -1 +0,0 @@
-//# sourceMappingURL=server-config.d.ts.map

package/dist/app/server/server-config.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"server-config.d.ts","sourceRoot":"","sources":["../../../src/app/server/server-config.ts"],"names":[],"mappings":""}

package/dist/app/server/server-config.js

@@ -1 +0,0 @@
-"use strict";

package/dist/app/server/utils/content-security-policy.d.ts

@@ -1,17 +0,0 @@
-import { RouteMetaTag, TrackerTags } from "../../lib/routing";
-declare const CSP_KEYS: string[];
-export type CSPKey = (typeof CSP_KEYS)[number];
-export type CSPHeaderBuilderParams = Record<CSPKey, Set<string>>;
-export type ContentSecurityPolicyRequestContext = {
-    url: string;
-    type: "page";
-    tags: RouteMetaTag[];
-};
-export declare class SecureHeaderBuilder {
-    protected values: CSPHeaderBuilderParams;
-    addNonce(): void;
-    addTrackingTags(tags: TrackerTags): void;
-    addMetaTags(tags: RouteMetaTag[]): void;
-}
-export {};
-//# sourceMappingURL=content-security-policy.d.ts.map

package/dist/app/server/utils/content-security-policy.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"content-security-policy.d.ts","sourceRoot":"","sources":["../../../../src/app/server/utils/content-security-policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAE7D,QAAA,MAAM,QAAQ,UAyBb,CAAA;AAED,MAAM,MAAM,MAAM,GAAG,CAAC,OAAO,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAA;AAE9C,MAAM,MAAM,sBAAsB,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;AAEhE,MAAM,MAAM,mCAAmC,GAAG;IAChD,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,YAAY,EAAE,CAAA;CACrB,CAAA;AAED,qBAAa,mBAAmB;IAC9B,SAAS,CAAC,MAAM,EAAE,sBAAsB,CAAK;IAE7C,QAAQ;IAER,eAAe,CAAC,IAAI,EAAE,WAAW;IAEjC,WAAW,CAAC,IAAI,EAAE,YAAY,EAAE;CACjC"}

package/dist/app/server/utils/content-security-policy.js

@@ -1,41 +0,0 @@
-const CSP_KEYS = [
-    "childSrc",
-    "connectSrc",
-    "defaultSrc",
-    "fencedFrameSrc",
-    "fontSrc",
-    "frameSrc",
-    "imgSrc",
-    "manifestSrc",
-    "mediaSrc",
-    "objectSrc",
-    "scriptSrc",
-    "scriptSrcElem",
-    "scriptSrcAttr",
-    "styleSrc",
-    "styleSrcElem",
-    "styleSrcAttr",
-    "workerSrc",
-    "baseUri",
-    "formAction",
-    "frameAncestors",
-    "reportTo",
-    "requireTrustedTypesFor",
-    "trustedTypes",
-    "upgradeInsecureRequests",
-];
-export class SecureHeaderBuilder {
-    values = {};
-    addNonce() { }
-    addTrackingTags(tags) { }
-    addMetaTags(tags) { }
-}
-// default-src 'self' vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io https://risk.clearbit.com wss://*.vercel.com localhost:* chrome-extension://*
-// script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.google-analytics.com www.googleadservices.com www.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.twimg.com cdn.ampproject.org www.googletagmanager.com *.googleapis.com *.heapanalytics.com heapanalytics.com *.fides-cdn.ethyca.com *.ethyca.com cdn.ethyca.com cdn.vercel-insights.com va.vercel-scripts.com vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io https://risk.clearbit.com wss://*.vercel.com localhost:* chrome-extension://*
-// child-src *.youtube.com *.youtube-nocookie.com *.stripe.com www.google.com td.doubleclick.net github.com calendly.com *.vusercontent.net vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io https://risk.clearbit.com wss://*.vercel.com localhost:* chrome-extension://*
-// style-src 'self' 'unsafe-inline' *.googleapis.com heapanalytics.com vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io https://risk.clearbit.com wss://*.vercel.com localhost:* chrome-extension://*
-// img-src * blob: data:
-// media-src 'self' videos.ctfassets.net user-images.githubusercontent.com replicate.delivery blob: data: vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io https://risk.clearbit.com wss://*.vercel.com localhost:* chrome-extension://*
-// connect-src wss://ws-us3.pusher.com data: *
-// font-src 'self' *.vercel.com *.gstatic.com vercel.live
-// worker-src 'self' *.vercel.com blob: