gina 0.4.5 → 0.4.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +36 -0
- package/CONTRIBUTING.md +2 -2
- package/README.md +10 -8
- package/ROADMAP.md +2 -2
- package/framework/v0.4.6/VERSION +1 -0
- package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/css/gina.min.css +1 -0
- package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/css/gina.min.css.br +0 -0
- package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/css/gina.min.css.gz +0 -0
- package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/inspector.js +62 -0
- package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/js/gina.js +934 -42
- package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/js/gina.min.js +571 -0
- package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/js/gina.min.js.br +0 -0
- package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/js/gina.min.js.gz +0 -0
- package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.js +62 -6
- package/framework/v0.4.6/core/controller/controller.render-nunjucks-async.js +788 -0
- package/framework/v0.4.6/core/controller/controller.render-swig-async.js +664 -0
- package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-swig.js +52 -5
- package/framework/{v0.4.5 → v0.4.6}/core/gna.js +24 -0
- package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/csp/README.md +35 -0
- package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/csp/src/main.js +136 -2
- package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/storage/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/src/main.js +17 -4
- package/framework/{v0.4.5 → v0.4.6}/core/server.isaac.js +2 -2
- package/framework/{v0.4.5 → v0.4.6}/core/server.js +273 -97
- package/framework/{v0.4.5 → v0.4.6}/helpers/data/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/helpers/data/src/main.js +58 -3
- package/framework/{v0.4.5 → v0.4.6}/helpers/json/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/helpers/plugins/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/archiver/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/cache/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/link.js +16 -5
- package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/msg.json +1 -1
- package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/restart.js +11 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/start.js +5 -1
- package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/version.js +24 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/cmd/helper.js +28 -9
- package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/add.js +29 -13
- package/framework/{v0.4.5 → v0.4.6}/lib/collection/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/cron/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/domain/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/index.js +7 -0
- package/framework/{v0.4.5 → v0.4.6}/lib/inherits/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/logger/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/merge/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/model.js +17 -0
- package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-filters/src/main.js +37 -11
- package/framework/{v0.4.5 → v0.4.6}/lib/routing/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/routing/src/main.js +4 -4
- package/framework/{v0.4.5 → v0.4.6}/lib/swig-filters/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/swig-filters/src/main.js +45 -6
- package/framework/v0.4.6/lib/template-loaders/package.json +17 -0
- package/framework/v0.4.6/lib/template-loaders/src/loaders/http.js +272 -0
- package/framework/v0.4.6/lib/template-loaders/src/loaders/memory.js +75 -0
- package/framework/v0.4.6/lib/template-loaders/src/main.js +134 -0
- package/framework/{v0.4.5 → v0.4.6}/package.json +2 -2
- package/gna.js +4 -4
- package/llms.txt +32 -44
- package/package.json +6 -3
- package/playwright.config.js +35 -0
- package/schema/settings.json +105 -0
- package/types/gna.d.ts +1 -1
- package/framework/v0.4.5/VERSION +0 -1
- package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/css/gina.min.css +0 -1
- package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/css/gina.min.css.br +0 -0
- package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/css/gina.min.css.gz +0 -0
- package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/js/gina.min.js +0 -555
- package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/js/gina.min.js.br +0 -0
- package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/js/gina.min.js.gz +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/AUTHORS +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/LICENSE +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/html/nolayout.html +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/html/static.html +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/android-chrome-192x192.png +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/android-chrome-512x512.png +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/apple-touch-icon.png +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/favicon-16x16.png +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/favicon-32x32.png +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/favicon.ico +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/beemaster/beemaster.css +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/beemaster/beemaster.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/beemaster/index.html +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/html/statusbar.html +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/html/statusbar.html.br +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/html/statusbar.html.gz +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/have_heart_one-webfont.woff2 +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/index.html +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/inspector.css +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/logo.svg +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js.br +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js.gz +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/config.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/ai/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/ai/lib/connector.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/connector.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/connector.v3.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/connector.v4.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/n1ql.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/session-store.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/session-store.v3.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/session-store.v4.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mongodb/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mongodb/lib/connector.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mongodb/lib/pipeline-loader.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mongodb/lib/session-store.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mysql/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mysql/lib/connector.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/postgresql/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/postgresql/lib/connector.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/redis/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/redis/lib/session-store.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/scylladb/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/scylladb/lib/connector.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/scylladb/lib/session-store.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/sql-parser.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/sqlite/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/sqlite/lib/connector.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/sqlite/lib/session-store.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/content.encoding +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.framework.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-json.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-nunjucks.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-stream.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-v1.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/controller/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/controller/inspector-window-emit.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/LICENSE +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/lib/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/lib/types/multipart.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/lib/types/urlencoded.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/lib/utils.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/deps/streamsearch-1.1.0/LICENSE +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/deps/streamsearch-1.1.0/lib/sbmh.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/deps/streamsearch-1.1.0/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/dev/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/dev/lib/class.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/dev/lib/factory.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/dev/lib/tools.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/locales/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/locales/currency.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/locales/dist/language/en.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/locales/dist/language/fr.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/locales/dist/region/en.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/locales/dist/region/fr.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/locales/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/mime.types +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/model/entity.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/model/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/model/template/entityFactory.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/model/template/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/csrf/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/csrf/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/csrf/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coep/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coep/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coep/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coop/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coop/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coop/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/corp/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/corp/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/corp/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/csp/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hide-powered-by/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hide-powered-by/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hide-powered-by/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hsts/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hsts/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hsts/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/origin-agent-cluster/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/origin-agent-cluster/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/origin-agent-cluster/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/referrer-policy/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/referrer-policy/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/referrer-policy/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-content-type-options/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-content-type-options/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-content-type-options/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-dns-prefetch-control/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-dns-prefetch-control/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-dns-prefetch-control/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-download-options/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-download-options/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-download-options/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-frame-options/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-frame-options/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-frame-options/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-xss-protection/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-xss-protection/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-xss-protection/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/session/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/session/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/session/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/storage/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/storage/build.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/storage/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/build.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/src/form-validator.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/router.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/server.express.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/status.codes +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/_gitignore +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/app.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/connectors.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/routing.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/settings.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/settings.server.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/templates.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/watchers.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/controllers/controller.content.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/controllers/controller.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/controllers/setup.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/locales/en.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_namespace/controllers/controller.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/css/default.css +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/css/home.css +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/css/vendor/readme.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/favicon.ico +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/js/vendor/readme.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/manifest.webmanifest +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/readme.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/sw.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/handlers/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/html/content/homepage.html +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/html/includes/error-msg-noscript.html +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/html/includes/error-msg-outdated-browser.html +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/html/layouts/main.html +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/command/gina.bat.tpl +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/command/gina.tpl +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/env.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/manifest.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/settings.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/statics.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/templates.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/error/client/json/401.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/error/client/json/403.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/error/client/json/404.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/error/server/html/50x.html +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/error/server/json/500.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/error/server/json/503.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/extensions/logger/config.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/console.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/context.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/data/LICENSE +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/data/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/dateFormat.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/json/LICENSE +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/json/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/json/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/path.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/plugins/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/plugins/src/api-error.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/plugins/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/prototypes.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/task.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/text.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/archiver/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/archiver/build.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/archiver/src/dep/jszip.min.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/archiver/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/async/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/async/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cache/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cache/build.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cache/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/aliases.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/add.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/arguments.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/build.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/copy.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/cp.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/inc/name-rewrite.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/list.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/mcp-start.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/mcp.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/oas.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/openapi.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/remove.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/rename.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/restart.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/rm.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/start.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/status.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/stop.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/cache/stats.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/add.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/arguments.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/list.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/migrate.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/remove.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/rm.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/add.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/get.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/link-dev.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/list.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/remove.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/rm.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/set.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/unset.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/use.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/arguments.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/build.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/dot.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/get.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/init.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/link-node-modules.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/open.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/set.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/status.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/stop.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/tail.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/update.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/gina-dev.1.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/gina-framework.1.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/gina.1.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/add.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/arguments.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/export.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/import.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/scan.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/inspector/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/inspector/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/inspector/open.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/arguments.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/kill.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/list.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/msg.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/inc/scan.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/list.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/reset.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/set.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/arguments.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/build.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/import.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/list.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/move.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/remove.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/rename.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/restart.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/rm.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/start.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/status.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/stop.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/arguments.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/list.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/remove.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/set.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/add.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/link-local.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/link-production.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/list.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/remove.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/rm.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/use.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/arguments.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/check.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/scan.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/service/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/service/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/service/list.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/service/start.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/view/add.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd-status-format/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd-status-format/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/collection/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/collection/build.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/collection/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/config.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/connector-registry/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/connector-registry/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cron/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cron/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/domain/LICENSE +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/domain/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/domain/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/generator/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/i18n/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/i18n/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/inherits/LICENSE +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/inherits/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/inherits/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/inspector-redact/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/inspector-redact/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/instrument/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/instrument/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/job/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/job/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/logger/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/default/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/file/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/file/lib/logrotator/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/file/lib/logrotator/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/mq/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/mq/listener.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/mq/speaker.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/helper.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/math/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-dispatch/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-dispatch/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-http/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-http/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-server/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-server/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/merge/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/merge/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/metrics/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/metrics/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-filters/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-filters/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-resolver/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-resolver/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/proc.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/routing/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/routing/build.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/routing/src/radix.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/routing-introspect/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/routing-introspect/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/secrets/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/secrets/src/backends/env.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/secrets/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/session-store.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/shell.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/state.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/swig-filters/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/swig-resolver/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/swig-resolver/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/url/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/url/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/url/routing.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/uuid/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/uuid/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/validator.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/watcher/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/watcher/src/main.js +0 -0
|
@@ -210,7 +210,9 @@ module.exports = async function render(userData, displayInspector, errOptions, d
|
|
|
210
210
|
// Using server cache to cache compiledTemplates
|
|
211
211
|
cache.from(self.serverInstance._cached);
|
|
212
212
|
|
|
213
|
-
cachePath
|
|
213
|
+
// #TPL2 — cachePath (the layout-cache root) is derived IN-ROOT below, once
|
|
214
|
+
// localOptions is resolved; see the assignment before the layout-cache prime.
|
|
215
|
+
// Was: self.serverInstance._cachePath (a sibling, out-of-root tree).
|
|
214
216
|
|
|
215
217
|
var err = null;
|
|
216
218
|
// localOptions must be resolved before the isRenderingCustomError check below
|
|
@@ -408,6 +410,16 @@ module.exports = async function render(userData, displayInspector, errOptions, d
|
|
|
408
410
|
var subFolder = path.split(/\//g).slice(0, -1).join('/').replace(localOptions.template.html, '') || '';
|
|
409
411
|
var hasSubFolder = (subFolder && subFolder != '') ? true : false;
|
|
410
412
|
|
|
413
|
+
// #TPL2 — the processed-layout cache lives IN-ROOT, under the bundle templates
|
|
414
|
+
// root, so the {% extends %} rewrite below resolves inside the swig loader's
|
|
415
|
+
// basepath and swig-core's confinement (CVE-2023-25345) accepts it without an
|
|
416
|
+
// allowOutsideRoot opt-out. The leading-dot dir rides gina's existing
|
|
417
|
+
// dotfile-skip convention (the public/errors/forms scans in config.js), so the
|
|
418
|
+
// cache is never served as a static asset nor enumerated by template discovery.
|
|
419
|
+
// localOptions (not local.options) so the custom-error render path caches under
|
|
420
|
+
// its own template root.
|
|
421
|
+
cachePath = localOptions.template.html + '/.gina-layout-cache';
|
|
422
|
+
|
|
411
423
|
if (
|
|
412
424
|
!isWithoutLayout
|
|
413
425
|
&& !isRenderingCustomError
|
|
@@ -458,6 +470,16 @@ module.exports = async function render(userData, displayInspector, errOptions, d
|
|
|
458
470
|
newLayoutDirObj.mkdirSync()
|
|
459
471
|
}
|
|
460
472
|
newLayoutDirObj = null;
|
|
473
|
+
// #TPL2 — keep the in-root layout cache out of a bundle's git:
|
|
474
|
+
// drop a self-ignoring .gitignore ('*') at the cache root so the
|
|
475
|
+
// .gina-layout-cache tree never surfaces as untracked in a
|
|
476
|
+
// consumer repo (the old out-of-root cache lived under the
|
|
477
|
+
// project `cache/` dir consumers already ignore). Written once,
|
|
478
|
+
// existsSync-guarded; best-effort.
|
|
479
|
+
var _cacheIgnore = cachePath + '/.gitignore';
|
|
480
|
+
if ( !fs.existsSync(_cacheIgnore) ) {
|
|
481
|
+
try { fs.writeFileSync(_cacheIgnore, '*\n'); } catch (_giErr) { /* best effort */ }
|
|
482
|
+
}
|
|
461
483
|
// [CVE-2023-25345] The layoutPath is extracted from the raw {% extends "..." %}
|
|
462
484
|
// directive in the template file. Without a boundary check, a template containing
|
|
463
485
|
// {% extends "../../../etc/passwd" %} would cause readFileSync to read arbitrary
|
|
@@ -973,7 +995,7 @@ module.exports = async function render(userData, displayInspector, errOptions, d
|
|
|
973
995
|
+ 'if(u&&u.environment&&u.environment.metrics){u.environment.metrics.weightBytes=' + _cacheWeightBytes + ';u.environment.metrics.serverMs=' + _cacheServerMsFinal + ';}'
|
|
974
996
|
+ 'if(g&&g.environment&&g.environment.metrics){g.environment.metrics.weightBytes=' + _cacheWeightBytes + ';g.environment.metrics.serverMs=' + _cacheServerMsFinal + ';}'
|
|
975
997
|
+ '}(window.__ginaData));</script>';
|
|
976
|
-
htmlContent = htmlContent.replace(/<\/body>/i, _cachePatchScript + '</body>');
|
|
998
|
+
htmlContent = htmlContent.replace(/<\/body>/i, function () { return _cachePatchScript + '</body>'; });
|
|
977
999
|
}
|
|
978
1000
|
}
|
|
979
1001
|
|
|
@@ -1299,11 +1321,28 @@ module.exports = async function render(userData, displayInspector, errOptions, d
|
|
|
1299
1321
|
+ '};});'
|
|
1300
1322
|
+ '}(window));</script>\n';
|
|
1301
1323
|
|
|
1324
|
+
// #TPL2 — inline the statusbar template body instead of {% include %}-ing
|
|
1325
|
+
// it from the framework core dir. That include target is OUTSIDE the
|
|
1326
|
+
// bundle templates root, which the swig loader now confines
|
|
1327
|
+
// (CVE-2023-25345, allowOutsideRoot=false). statusbar.html is a leaf
|
|
1328
|
+
// (only {% if page.cspNonce %} + {{ }} tags, no nested include/extends),
|
|
1329
|
+
// so its body compiles identically when spliced into the layout in place
|
|
1330
|
+
// of the include. Read per-render so dev edits hot-reload; this block is
|
|
1331
|
+
// dev/debug-gated above, so there is no production read.
|
|
1332
|
+
var _statusbarTpl = '';
|
|
1333
|
+
try {
|
|
1334
|
+
_statusbarTpl = await fs.promises.readFile(
|
|
1335
|
+
getPath('gina').core + '/asset/plugin/dist/vendor/gina/html/statusbar.html', 'utf8'
|
|
1336
|
+
);
|
|
1337
|
+
} catch (_sbErr) {
|
|
1338
|
+
console.warn('[render] Inspector statusbar template unavailable: ' + (_sbErr.message || _sbErr));
|
|
1339
|
+
}
|
|
1340
|
+
|
|
1302
1341
|
plugin = '\t'
|
|
1303
1342
|
+ '{# Gina Inspector #}'
|
|
1304
1343
|
+ __logsScript
|
|
1305
1344
|
+ __gdScript
|
|
1306
|
-
+
|
|
1345
|
+
+ _statusbarTpl
|
|
1307
1346
|
+ '{# END Gina Inspector #}'
|
|
1308
1347
|
;
|
|
1309
1348
|
|
|
@@ -1334,7 +1373,15 @@ module.exports = async function render(userData, displayInspector, errOptions, d
|
|
|
1334
1373
|
localOptions.debugMode
|
|
1335
1374
|
&& !/\{\# Gina Inspector \#\}/.test(layout)
|
|
1336
1375
|
) {
|
|
1337
|
-
|
|
1376
|
+
// $-safe splice. With a STRING replacement, String.prototype.replace expands
|
|
1377
|
+
// dollar patterns: $` is the text BEFORE the match, $' the text AFTER it
|
|
1378
|
+
// (also $&, $n). The inlined #TPL2 statusbar body literally contains both
|
|
1379
|
+
// (a `$` followed by a backtick in a comment, and `$'` in a regex literal),
|
|
1380
|
+
// so the old string form spliced the whole pre/post-</body> document INTO
|
|
1381
|
+
// the statusbar <script> — a SyntaxError that killed the dev Inspector
|
|
1382
|
+
// statusbar + launch link on any content-heavy page. A function replacer
|
|
1383
|
+
// returns the text verbatim, with no dollar-pattern expansion.
|
|
1384
|
+
layout = layout.replace(/<\/body>/i, function () { return plugin + '\n\t</body>'; });
|
|
1338
1385
|
}
|
|
1339
1386
|
|
|
1340
1387
|
// adding javascripts
|
|
@@ -1704,7 +1751,7 @@ module.exports = async function render(userData, displayInspector, errOptions, d
|
|
|
1704
1751
|
+ 'if(u&&u.environment&&u.environment.metrics){u.environment.metrics.weightBytes=' + _weightBytesFinal + ';u.environment.metrics.serverMs=' + _serverMsFinal + ';}'
|
|
1705
1752
|
+ 'if(g&&g.environment&&g.environment.metrics){g.environment.metrics.weightBytes=' + _weightBytesFinal + ';g.environment.metrics.serverMs=' + _serverMsFinal + ';}'
|
|
1706
1753
|
+ '}(window.__ginaData));</script>';
|
|
1707
|
-
htmlContent = htmlContent.replace(/<\/body>/i, _patchScript + '</body>');
|
|
1754
|
+
htmlContent = htmlContent.replace(/<\/body>/i, function () { return _patchScript + '</body>'; });
|
|
1708
1755
|
}
|
|
1709
1756
|
}
|
|
1710
1757
|
|
|
@@ -2001,6 +2001,30 @@ gna.run = run;
|
|
|
2001
2001
|
*/
|
|
2002
2002
|
gna.encodeRFC5987ValueChars = encodeRFC5987ValueChars;
|
|
2003
2003
|
|
|
2004
|
+
/**
|
|
2005
|
+
* Percent-decode a string, returning it unchanged on a malformed `%` escape
|
|
2006
|
+
* (`decodeURIComponent` would throw `URIError`). Crash-safe decode for the
|
|
2007
|
+
* server request path — see {@link safeDecodeURIComponent} in helpers/data (#B30).
|
|
2008
|
+
*
|
|
2009
|
+
* @param {string} str - Value to decode
|
|
2010
|
+
* @returns {string} Decoded value, or the original string on URIError
|
|
2011
|
+
* @example
|
|
2012
|
+
* safeDecodeURIComponent('100%'); // "100%" (decodeURIComponent would throw)
|
|
2013
|
+
*/
|
|
2014
|
+
gna.safeDecodeURIComponent = safeDecodeURIComponent;
|
|
2015
|
+
|
|
2016
|
+
/**
|
|
2017
|
+
* Whole-URI variant of {@link safeDecodeURIComponent} — wraps `decodeURI`
|
|
2018
|
+
* (leaves `/ ? #` intact) and returns the input unchanged on a malformed `%`
|
|
2019
|
+
* escape, so the routing / error paths cannot crash on a bad URL (#B30).
|
|
2020
|
+
*
|
|
2021
|
+
* @param {string} str - Value to decode
|
|
2022
|
+
* @returns {string} Decoded value, or the original string on URIError
|
|
2023
|
+
* @example
|
|
2024
|
+
* safeDecodeURI('/a%E0%A'); // "/a%E0%A" (decodeURI would throw)
|
|
2025
|
+
*/
|
|
2026
|
+
gna.safeDecodeURI = safeDecodeURI;
|
|
2027
|
+
|
|
2004
2028
|
/**
|
|
2005
2029
|
* Parse a form/body string (`application/x-www-form-urlencoded` or JSON) into
|
|
2006
2030
|
* a nested object. Recognises PHP-style `foo[bar][0]` keys.
|
|
@@ -154,6 +154,40 @@ require('gina').plugins.Csp({
|
|
|
154
154
|
});
|
|
155
155
|
```
|
|
156
156
|
|
|
157
|
+
### Report-only-inert directives are omitted automatically
|
|
158
|
+
|
|
159
|
+
The `sandbox` directive has **no effect** in a `Content-Security-Policy-Report-Only`
|
|
160
|
+
header — it applies a document-level restriction rather than a load decision, so
|
|
161
|
+
every engine ignores it there (the CSP Level 2 spec says it outright: *"The
|
|
162
|
+
sandbox directive will be ignored when monitoring a policy"*) and logs
|
|
163
|
+
*"Ignoring sandbox directive when delivered in a report-only policy"*. When `reportOnly: true`, the plugin therefore **omits**
|
|
164
|
+
`sandbox` from the emitted header and logs one line at startup naming what was
|
|
165
|
+
dropped. The omission is functionally identical (the directive does nothing in
|
|
166
|
+
report-only) and keeps the browser console clean. `sandbox` remains in your
|
|
167
|
+
configured `directives`, so an enforcing factory (`reportOnly: false`) built from
|
|
168
|
+
the same config still emits it — you can keep **one directive set across both
|
|
169
|
+
modes** without remove-then-re-add churn.
|
|
170
|
+
|
|
171
|
+
`frame-ancestors` is **not** omitted — its report-only behaviour is
|
|
172
|
+
**engine-divergent**: the CSP3 spec, Firefox (Gecko) and Chrome (Blink) evaluate
|
|
173
|
+
it and send violation reports without enforcing, while Safari (WebKit) ignores
|
|
174
|
+
it, logs *"The Content Security Policy directive 'frame-ancestors' is ignored
|
|
175
|
+
when delivered in a report-only policy"* and sends no report (WebKit retains the
|
|
176
|
+
CSP Level 2 rule — *"The frame-ancestors directive MUST be ignored when
|
|
177
|
+
monitoring a policy"* — which CSP Level 3 dropped; CSP3 only restricts `<meta>`
|
|
178
|
+
delivery, which a report-only policy never uses). The plugin keeps it so the
|
|
179
|
+
observation phase still reports on Chrome and Firefox. If you serve a
|
|
180
|
+
WebKit-heavy audience and want a clean Safari console, leave `frame-ancestors`
|
|
181
|
+
out of your report-only directive set — clickjacking protection stays enforced
|
|
182
|
+
by `X-Frame-Options` and/or an enforcing-mode `frame-ancestors`. (Chrome caveat:
|
|
183
|
+
frame-ancestors violation reports are delivered via `report-uri`; known Chromium
|
|
184
|
+
bugs leave them undelivered via `report-to`.) A report-only policy whose every
|
|
185
|
+
directive is report-only-inert (e.g. only `sandbox`) **throws at factory call
|
|
186
|
+
time**, since it would report nothing.
|
|
187
|
+
|
|
188
|
+
The omitted set is intentionally conservative — `sandbox` is the only directive
|
|
189
|
+
confirmed ignored in report-only across all engines.
|
|
190
|
+
|
|
157
191
|
## Per-response CSP nonce (`useNonce`)
|
|
158
192
|
|
|
159
193
|
Set `useNonce: true` to drop `'unsafe-inline'` from `script-src` without
|
|
@@ -217,6 +251,7 @@ console at runtime. Gina favours fail-fast.
|
|
|
217
251
|
| Source-list directive array contains a non-string entry | Factory throws with index in message |
|
|
218
252
|
| All directives resolve to `false` (omitted) | Factory throws — empty CSP is invalid |
|
|
219
253
|
| `reportOnly` is non-boolean | Factory throws |
|
|
254
|
+
| `reportOnly:true` with only report-only-inert directives | Factory throws — a report-only policy would report nothing |
|
|
220
255
|
| Plugin not registered | Header not emitted; browser applies no CSP |
|
|
221
256
|
| Header already set by an earlier middleware | Existing value preserved (idempotent) |
|
|
222
257
|
| Response already sent (`res.headersSent === true`) | Node's `setHeader` no-ops; request resumes |
|
|
@@ -78,6 +78,24 @@
|
|
|
78
78
|
* useful for non-enforcing migration testing. The browser reports
|
|
79
79
|
* violations but does not block any resources.
|
|
80
80
|
*
|
|
81
|
+
* In report-only mode the plugin also OMITS directives that browsers ignore
|
|
82
|
+
* there (`REPORT_ONLY_IGNORED_DIRECTIVES` — currently just `sandbox`, which
|
|
83
|
+
* every engine ignores in report-only: it applies a restriction but produces
|
|
84
|
+
* no violation report and triggers a browser console warning). The omission
|
|
85
|
+
* is functionally identical (the directive does nothing in report-only) and
|
|
86
|
+
* silences that console warning; a one-time factory-time `console.warn`
|
|
87
|
+
* names what was dropped. The omitted directives remain in the configured
|
|
88
|
+
* set, so an enforcing factory built from the same config still emits them.
|
|
89
|
+
* `frame-ancestors` is NOT omitted — its report-only behaviour is
|
|
90
|
+
* engine-divergent: the CSP3 spec, Gecko and Blink evaluate it and send
|
|
91
|
+
* violation reports (without enforcing), while WebKit alone ignores it with
|
|
92
|
+
* a console warning and no report (it retains CSP2's rule that the directive
|
|
93
|
+
* MUST be ignored when monitoring, which CSP3 dropped). Keeping it preserves
|
|
94
|
+
* the observation-phase signal on Chrome + Firefox; WebKit-heavy consumers
|
|
95
|
+
* can leave it out of their own report-only directive set. A report-only
|
|
96
|
+
* policy whose every directive is inert (e.g. only `sandbox`) throws at
|
|
97
|
+
* factory call time.
|
|
98
|
+
*
|
|
81
99
|
* Opens Phase 2 of the gina security-headers track (Phase 1 = HDR1-4 +
|
|
82
100
|
* HDR7 shipped in 0.3.15-alpha). Single-header plugin shape — composes
|
|
83
101
|
* cleanly under the future `SecurityHeaders` combined wrapper (#HDR15).
|
|
@@ -162,6 +180,52 @@ var HYBRID_DIRECTIVES = [
|
|
|
162
180
|
'sandbox'
|
|
163
181
|
];
|
|
164
182
|
|
|
183
|
+
/**
|
|
184
|
+
* Directives that browsers IGNORE when delivered in a
|
|
185
|
+
* `Content-Security-Policy-Report-Only` header. A report-only policy monitors
|
|
186
|
+
* and reports violations but enforces nothing; `sandbox` applies a
|
|
187
|
+
* document-level restriction that produces no reportable violation, so the
|
|
188
|
+
* browser drops it in report-only mode AND emits a console warning
|
|
189
|
+
* ("Ignoring sandbox directive when delivered in a report-only policy"). It
|
|
190
|
+
* therefore contributes browser-console noise and zero monitoring value, so
|
|
191
|
+
* the plugin omits it from a report-only header (see the `reportOnly` notes in
|
|
192
|
+
* the module docstring above).
|
|
193
|
+
*
|
|
194
|
+
* Deliberately conservative — `sandbox` is the only directive confirmed
|
|
195
|
+
* ignored in report-only across ALL engines: CSP2 spec text ("The sandbox
|
|
196
|
+
* directive will be ignored when monitoring a policy"), MDN's Report-Only
|
|
197
|
+
* page ("supports all Content-Security-Policy directives except sandbox,
|
|
198
|
+
* which is ignored"), Chromium's SupportedInReportOnly() (false for
|
|
199
|
+
* Sandbox), and WebKit's console warning. Intentionally NOT included:
|
|
200
|
+
* - `frame-ancestors` — report-only behaviour is ENGINE-DIVERGENT. The CSP3
|
|
201
|
+
* spec, Gecko and Blink evaluate it and send violation reports without
|
|
202
|
+
* enforcing (Chromium's SupportedInReportOnly() is true for
|
|
203
|
+
* FrameAncestors; the WPT report-only frame-ancestors test asserts the
|
|
204
|
+
* report). WebKit alone ignores it, logs "The Content Security Policy
|
|
205
|
+
* directive 'frame-ancestors' is ignored when delivered in a report-only
|
|
206
|
+
* policy." and sends no report — it retains CSP2's "MUST be ignored when
|
|
207
|
+
* monitoring a policy", which CSP3 dropped (CSP3 restricts only `<meta>`
|
|
208
|
+
* delivery, which a report-only policy cannot use anyway). Omitting it
|
|
209
|
+
* would discard the observation-phase signal on Chrome + Firefox;
|
|
210
|
+
* consumers serving WebKit-heavy audiences that want a clean Safari
|
|
211
|
+
* console can omit it from their own report-only directive set
|
|
212
|
+
* (clickjacking stays enforced by X-Frame-Options and/or an enforcing
|
|
213
|
+
* frame-ancestors regardless).
|
|
214
|
+
* - `upgrade-insecure-requests` / `block-all-mixed-content` — not confirmed
|
|
215
|
+
* inert across engines: Chromium ignores-and-warns
|
|
216
|
+
* `upgrade-insecure-requests` in report-only but supports
|
|
217
|
+
* `block-all-mixed-content` there, and Gecko/WebKit behaviour is
|
|
218
|
+
* unverified; excluded under uncertainty (omitting a directive that may
|
|
219
|
+
* still act/report would lose behaviour or signal). Expanding this list
|
|
220
|
+
* requires an empirical per-engine check first.
|
|
221
|
+
*
|
|
222
|
+
* @constant
|
|
223
|
+
* @type {string[]}
|
|
224
|
+
*/
|
|
225
|
+
var REPORT_ONLY_IGNORED_DIRECTIVES = [
|
|
226
|
+
'sandbox'
|
|
227
|
+
];
|
|
228
|
+
|
|
165
229
|
|
|
166
230
|
/**
|
|
167
231
|
* Read the active bundle's `settings.json > csp.*` block and return the
|
|
@@ -416,6 +480,32 @@ function buildHeaderValue(normalised, nonce, nonceTarget) {
|
|
|
416
480
|
}
|
|
417
481
|
|
|
418
482
|
|
|
483
|
+
/**
|
|
484
|
+
* Return a shallow copy of the normalised directive dict with the
|
|
485
|
+
* report-only-inert directives (`REPORT_ONLY_IGNORED_DIRECTIVES`) removed.
|
|
486
|
+
* Used only when `reportOnly` is true. Pure — never mutates the input, so the
|
|
487
|
+
* full configured set survives for an enforcing factory built from the same
|
|
488
|
+
* directives.
|
|
489
|
+
*
|
|
490
|
+
* @param {object} normalised — validated directive dict from resolveDirectives.
|
|
491
|
+
* @returns {object} a new dict without the report-only-ignored directives.
|
|
492
|
+
* @inner
|
|
493
|
+
* @private
|
|
494
|
+
*/
|
|
495
|
+
function stripReportOnlyIgnored(normalised) {
|
|
496
|
+
var out = {};
|
|
497
|
+
var keys = Object.keys(normalised);
|
|
498
|
+
for (var i = 0; i < keys.length; i++) {
|
|
499
|
+
var name = keys[i];
|
|
500
|
+
if (REPORT_ONLY_IGNORED_DIRECTIVES.indexOf(name) !== -1) {
|
|
501
|
+
continue;
|
|
502
|
+
}
|
|
503
|
+
out[name] = normalised[name];
|
|
504
|
+
}
|
|
505
|
+
return out;
|
|
506
|
+
}
|
|
507
|
+
|
|
508
|
+
|
|
419
509
|
/**
|
|
420
510
|
* Coerce `useNonce` to a strict boolean. Defaults to `false` (static header,
|
|
421
511
|
* no per-request nonce). `true` opts into per-response nonce generation.
|
|
@@ -538,10 +628,52 @@ function Csp(opts) {
|
|
|
538
628
|
var reportOnly = resolveReportOnly(merged.reportOnly);
|
|
539
629
|
var useNonce = resolveUseNonce(merged.useNonce);
|
|
540
630
|
|
|
631
|
+
// Report-only mode: drop directives browsers ignore in a report-only
|
|
632
|
+
// header (REPORT_ONLY_IGNORED_DIRECTIVES — currently `sandbox`). They apply
|
|
633
|
+
// no restriction and emit no violation report there, so omitting them is
|
|
634
|
+
// functionally identical while silencing the browser console warning. They
|
|
635
|
+
// survive in `directives`, so an enforcing factory built from the same
|
|
636
|
+
// config still emits them.
|
|
637
|
+
var emitDirectives = directives;
|
|
638
|
+
if (reportOnly) {
|
|
639
|
+
emitDirectives = stripReportOnlyIgnored(directives);
|
|
640
|
+
var dropped = Object.keys(directives).filter(function (d) {
|
|
641
|
+
return !Object.prototype.hasOwnProperty.call(emitDirectives, d);
|
|
642
|
+
});
|
|
643
|
+
if (Object.keys(emitDirectives).length === 0) {
|
|
644
|
+
// Mirrors the all-omitted throw in resolveDirectives: an empty CSP
|
|
645
|
+
// is invalid, and a report-only policy made entirely of inert
|
|
646
|
+
// directives reports nothing — surface it at factory (boot) time.
|
|
647
|
+
throw new Error(
|
|
648
|
+
'[gina.plugins.Csp] reportOnly:true but every configured directive is '
|
|
649
|
+
+ 'ignored by browsers in report-only mode (' + dropped.join(', ') + '). '
|
|
650
|
+
+ 'A report-only policy needs at least one directive that produces '
|
|
651
|
+
+ 'violation reports (e.g. script-src / default-src / frame-ancestors). '
|
|
652
|
+
+ 'sandbox applies a restriction but reports nothing, so it is dropped '
|
|
653
|
+
+ 'in report-only mode.'
|
|
654
|
+
);
|
|
655
|
+
}
|
|
656
|
+
if (dropped.length > 0) {
|
|
657
|
+
// Transparency: the emitted header diverges from the configured
|
|
658
|
+
// directives. One line at factory (boot) time — per call, no
|
|
659
|
+
// module-level latch — so the operator knows why a configured
|
|
660
|
+
// directive is absent from the wire.
|
|
661
|
+
console.warn(
|
|
662
|
+
'[gina.plugins.Csp] reportOnly:true — omitting directive(s) ignored by '
|
|
663
|
+
+ 'browsers in report-only mode: ' + dropped.join(', ') + '. They apply no '
|
|
664
|
+
+ 'restriction and emit a browser console warning in report-only mode; they '
|
|
665
|
+
+ 'are included automatically when reportOnly is false.'
|
|
666
|
+
);
|
|
667
|
+
}
|
|
668
|
+
}
|
|
669
|
+
|
|
541
670
|
var headerName = reportOnly ? HEADER_NAME_REPORT_ONLY : HEADER_NAME;
|
|
542
671
|
// Static value — reused on every response when useNonce is off.
|
|
543
|
-
var headerValue = buildHeaderValue(
|
|
672
|
+
var headerValue = buildHeaderValue(emitDirectives);
|
|
544
673
|
// Fail-fast at factory time: a nonce needs a script-governing directive.
|
|
674
|
+
// Resolved from `directives` (not emitDirectives) — the nonce target is
|
|
675
|
+
// always script-src/default-src, which are never report-only-stripped, so
|
|
676
|
+
// the two sets agree; the middleware still serialises emitDirectives.
|
|
545
677
|
var nonceTarget = useNonce ? resolveNonceTarget(directives) : null;
|
|
546
678
|
|
|
547
679
|
return function ginaCsp(req, res, next) {
|
|
@@ -553,7 +685,7 @@ function Csp(opts) {
|
|
|
553
685
|
// render delegates can mirror it onto framework inline <script>s.
|
|
554
686
|
var nonce = crypto.randomBytes(NONCE_BYTES).toString('base64');
|
|
555
687
|
if (req) { req._ginaCspNonce = nonce; }
|
|
556
|
-
res.setHeader(headerName, buildHeaderValue(
|
|
688
|
+
res.setHeader(headerName, buildHeaderValue(emitDirectives, nonce, nonceTarget));
|
|
557
689
|
} else {
|
|
558
690
|
res.setHeader(headerName, headerValue);
|
|
559
691
|
}
|
|
@@ -578,5 +710,7 @@ Csp._resolveReportOnly = resolveReportOnly;
|
|
|
578
710
|
Csp._resolveUseNonce = resolveUseNonce;
|
|
579
711
|
Csp._resolveNonceTarget = resolveNonceTarget;
|
|
580
712
|
Csp._buildHeaderValue = buildHeaderValue;
|
|
713
|
+
Csp._REPORT_ONLY_IGNORED_DIRECTIVES = REPORT_ONLY_IGNORED_DIRECTIVES;
|
|
714
|
+
Csp._stripReportOnlyIgnored = stripReportOnlyIgnored;
|
|
581
715
|
|
|
582
716
|
module.exports = Csp;
|
|
@@ -1969,8 +1969,18 @@ function ValidatorPlugin(rules, data, formId) {
|
|
|
1969
1969
|
}
|
|
1970
1970
|
//console.debug('sending -> ', data);
|
|
1971
1971
|
if (!hasBinaries) {
|
|
1972
|
-
|
|
1973
|
-
|
|
1972
|
+
// #FORMCT — the non-binary body is JSON (JSON.stringify'd above). Honor an
|
|
1973
|
+
// EXPLICIT form `enctype` if set; otherwise send application/json — NOT the
|
|
1974
|
+
// urlencoded default — or the server url-decodes the JSON body ('+' -> space,
|
|
1975
|
+
// decodeURIComponent) and corrupts values such as email "+aliases".
|
|
1976
|
+
var explicitEnctype = $target.getAttribute('enctype');
|
|
1977
|
+
var sendContentType = (explicitEnctype && explicitEnctype != '')
|
|
1978
|
+
? explicitEnctype
|
|
1979
|
+
: ( (typeof(data) == 'string' && /^[\[{]/.test(data.trim()))
|
|
1980
|
+
? 'application/json; charset=UTF-8'
|
|
1981
|
+
: enctype );
|
|
1982
|
+
if (typeof (sendContentType) != 'undefined' && sendContentType != null && sendContentType != '') {
|
|
1983
|
+
xhr.setRequestHeader('Content-Type', sendContentType);
|
|
1974
1984
|
}
|
|
1975
1985
|
xhr.send(data)
|
|
1976
1986
|
}
|
|
@@ -2346,8 +2356,11 @@ function ValidatorPlugin(rules, data, formId) {
|
|
|
2346
2356
|
method: method,
|
|
2347
2357
|
isSynchrone: isSynchrone,
|
|
2348
2358
|
headers : {
|
|
2349
|
-
//
|
|
2350
|
-
|
|
2359
|
+
// #FORMCT — the body sent below is JSON (JSON.stringify({ files })).
|
|
2360
|
+
// Send application/json — NOT the urlencoded default — or the server
|
|
2361
|
+
// url-decodes the JSON body ('+' -> space, decodeURIComponent) and
|
|
2362
|
+
// corrupts '+'/'%' in removed-file keys.
|
|
2363
|
+
'Content-Type': 'application/json; charset=UTF-8',
|
|
2351
2364
|
// cross domain is enabled by default, but you need to setup `Access-Control-Allow-Origin`
|
|
2352
2365
|
'X-Requested-With': 'XMLHttpRequest' // in case of cross domain origin
|
|
2353
2366
|
}
|
|
@@ -1615,7 +1615,7 @@ function ServerEngineClass(options) {
|
|
|
1615
1615
|
else if (a[1] && (a[1].indexOf('+') > -1 || a[1].indexOf('%') > -1)) {
|
|
1616
1616
|
// #B17: '+' → space per WHATWG URL form-urlencoded parser; must run before decodeURIComponent (which does NOT decode '+').
|
|
1617
1617
|
if (a[1].indexOf('+') > -1) a[1] = a[1].replace(/\+/g, ' ');
|
|
1618
|
-
if (a[1].indexOf('%') > -1) a[1] =
|
|
1618
|
+
if (a[1].indexOf('%') > -1) a[1] = safeDecodeURIComponent(a[1]); // #B30: malformed-%-safe (raw fallback) — an unguarded decodeURIComponent here crashes the bundle
|
|
1619
1619
|
}
|
|
1620
1620
|
|
|
1621
1621
|
if (a[1] && typeof a[1] === 'string' && (a[1].charAt(0) === '{' || a[1].charAt(0) === '[') ) {
|
|
@@ -1639,7 +1639,7 @@ function ServerEngineClass(options) {
|
|
|
1639
1639
|
else if (a[1] && (a[1].indexOf('+') > -1 || a[1].indexOf('%') > -1)) {
|
|
1640
1640
|
// #B17: '+' → space per WHATWG URL form-urlencoded parser; must run before decodeURIComponent (which does NOT decode '+').
|
|
1641
1641
|
if (a[1].indexOf('+') > -1) a[1] = a[1].replace(/\+/g, ' ');
|
|
1642
|
-
if (a[1].indexOf('%') > -1) a[1] =
|
|
1642
|
+
if (a[1].indexOf('%') > -1) a[1] = safeDecodeURIComponent(a[1]); // #B30: malformed-%-safe (raw fallback) — an unguarded decodeURIComponent here crashes the bundle
|
|
1643
1643
|
}
|
|
1644
1644
|
|
|
1645
1645
|
request.query[ a[0] ] = a[1]
|