ghost 4.48.6 → 4.48.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/core/frontend/web/middleware/cors.js +19 -1
  2. package/core/server/services/members/middleware.js +10 -0
  3. package/core/server/web/api/middleware/cors.js +20 -2
  4. package/package.json +1 -1
package/core/frontend/web/middleware/cors.js CHANGED
@@ -53,4 +53,22 @@ function corsOptionsDelegate(req, callback) {
53
53
  callback(null, corsOptions);
54
54
  }
55
55
 
56
- module.exports = cors(corsOptionsDelegate);
56
+ /**
57
+ *
58
+ * @param {Express.Request} req
59
+ * @param {Express.Response} res
60
+ * @param {Function} next
61
+ */
62
+ const handleCaching = (req, res, next) => {
63
+ const method = req.method && req.method.toUpperCase && req.method.toUpperCase();
64
+ if (method === 'OPTIONS') {
65
+ // @NOTE: try to add native support for dynamic 'vary' header value in 'cors' module
66
+ res.vary('Origin');
67
+ }
68
+ next();
69
+ };
70
+
71
+ module.exports = [
72
+ handleCaching,
73
+ cors(corsOptionsDelegate)
74
+ ];
package/core/server/services/members/middleware.js CHANGED
@@ -106,6 +106,11 @@ const updateMemberNewsletters = async function (req, res) {
106
106
  }
107
107
 
108
108
  const data = _.pick(req.body, 'newsletters');
109
+ if (data.newsletters) {
110
+ data.newsletters = data.newsletters.map(newsletter => ({
111
+ id: newsletter.id
112
+ }));
113
+ }
109
114
  const memberData = await membersService.api.members.get({
110
115
  uuid: memberUuid
111
116
  });
@@ -131,6 +136,11 @@ const updateMemberNewsletters = async function (req, res) {
131
136
  const updateMemberData = async function (req, res) {
132
137
  try {
133
138
  const data = _.pick(req.body, 'name', 'subscribed', 'newsletters');
139
+ if (data.newsletters) {
140
+ data.newsletters = data.newsletters.map(newsletter => ({
141
+ id: newsletter.id
142
+ }));
143
+ }
134
144
  const member = await membersService.ssr.getMemberDataFromSession(req, res);
135
145
  if (member) {
136
146
  const options = {
package/core/server/web/api/middleware/cors.js CHANGED
@@ -64,7 +64,7 @@ function getAllowlist() {
64
64
  * @param {Function} cb callback that configures CORS.
65
65
  * @return {null}
66
66
  */
67
- function handleCORS(req, cb) {
67
+ function corsOptionsDelegate(req, cb) {
68
68
  const origin = req.get('origin');
69
69
 
70
70
  // Request must have an Origin header
@@ -80,4 +80,22 @@ function handleCORS(req, cb) {
80
80
  return cb(null, DISABLE_CORS);
81
81
  }
82
82
 
83
- module.exports = cors(handleCORS);
83
+ /**
84
+ *
85
+ * @param {Express.Request} req
86
+ * @param {Express.Response} res
87
+ * @param {Function} next
88
+ */
89
+ const handleCaching = (req, res, next) => {
90
+ const method = req.method && req.method.toUpperCase && req.method.toUpperCase();
91
+ if (method === 'OPTIONS') {
92
+ // @NOTE: try to add native support for dynamic 'vary' header value in 'cors' module
93
+ res.vary('Origin');
94
+ }
95
+ next();
96
+ };
97
+
98
+ module.exports = [
99
+ handleCaching,
100
+ cors(corsOptionsDelegate)
101
+ ];
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "ghost",
3
- "version": "4.48.6",
3
+ "version": "4.48.8",
4
4
  "description": "The professional publishing platform",
5
5
  "author": "Ghost Foundation",
6
6
  "homepage": "https://ghost.org",