hono 4.5.1 → 4.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/dist/cjs/middleware/csrf/index.js +1 -1
  2. package/dist/cjs/middleware/secure-headers/secure-headers.js +5 -2
  3. package/dist/middleware/csrf/index.js +1 -1
  4. package/dist/middleware/secure-headers/secure-headers.js +5 -2
  5. package/dist/types/context.d.ts +1 -1
  6. package/dist/types/middleware/secure-headers/secure-headers.d.ts +2 -0
  7. package/dist/types/utils/types.d.ts +2 -2
  8. package/package.json +1 -1
package/dist/cjs/middleware/csrf/index.js CHANGED
@@ -42,7 +42,7 @@ const csrf = (options) => {
42
42
  }
43
43
  return handler(origin, c);
44
44
  };
45
- return async function cors(c, next) {
45
+ return async function csrf2(c, next) {
46
46
  if (!isSafeMethodRe.test(c.req.method) && isRequestedByFormElementRe.test(c.req.header("content-type") || "") && !isAllowedOrigin(c.req.header("origin"), c)) {
47
47
  const res = new Response("Forbidden", {
48
48
  status: 403
package/dist/cjs/middleware/secure-headers/secure-headers.js CHANGED
@@ -49,7 +49,8 @@ const DEFAULT_OPTIONS = {
49
49
  xDownloadOptions: true,
50
50
  xFrameOptions: true,
51
51
  xPermittedCrossDomainPolicies: true,
52
- xXssProtection: true
52
+ xXssProtection: true,
53
+ removePoweredBy: true
53
54
  };
54
55
  const generateNonce = () => {
55
56
  const buffer = new Uint8Array(16);
@@ -85,7 +86,9 @@ const secureHeaders = (customOptions) => {
85
86
  const headersToSetForReq = callbacks.length === 0 ? headersToSet : callbacks.reduce((acc, cb) => cb(ctx, acc), headersToSet);
86
87
  await next();
87
88
  setHeaders(ctx, headersToSetForReq);
88
- ctx.res.headers.delete("X-Powered-By");
89
+ if (options?.removePoweredBy) {
90
+ ctx.res.headers.delete("X-Powered-By");
91
+ }
89
92
  };
90
93
  };
91
94
  function getFilteredHeaders(options) {
package/dist/middleware/csrf/index.js CHANGED
@@ -20,7 +20,7 @@ var csrf = (options) => {
20
20
  }
21
21
  return handler(origin, c);
22
22
  };
23
- return async function cors(c, next) {
23
+ return async function csrf2(c, next) {
24
24
  if (!isSafeMethodRe.test(c.req.method) && isRequestedByFormElementRe.test(c.req.header("content-type") || "") && !isAllowedOrigin(c.req.header("origin"), c)) {
25
25
  const res = new Response("Forbidden", {
26
26
  status: 403
package/dist/middleware/secure-headers/secure-headers.js CHANGED
@@ -26,7 +26,8 @@ var DEFAULT_OPTIONS = {
26
26
  xDownloadOptions: true,
27
27
  xFrameOptions: true,
28
28
  xPermittedCrossDomainPolicies: true,
29
- xXssProtection: true
29
+ xXssProtection: true,
30
+ removePoweredBy: true
30
31
  };
31
32
  var generateNonce = () => {
32
33
  const buffer = new Uint8Array(16);
@@ -62,7 +63,9 @@ var secureHeaders = (customOptions) => {
62
63
  const headersToSetForReq = callbacks.length === 0 ? headersToSet : callbacks.reduce((acc, cb) => cb(ctx, acc), headersToSet);
63
64
  await next();
64
65
  setHeaders(ctx, headersToSetForReq);
65
- ctx.res.headers.delete("X-Powered-By");
66
+ if (options?.removePoweredBy) {
67
+ ctx.res.headers.delete("X-Powered-By");
68
+ }
66
69
  };
67
70
  };
68
71
  function getFilteredHeaders(options) {
package/dist/types/context.d.ts CHANGED
@@ -122,7 +122,7 @@ interface JSONRespond {
122
122
  *
123
123
  * @returns {Response & TypedResponse<SimplifyDeepArray<T> extends JSONValue ? (JSONValue extends SimplifyDeepArray<T> ? never : JSONParsed<T>) : never, U, 'json'>} - The response after rendering the JSON object, typed with the provided object and status code types.
124
124
  */
125
- type JSONRespondReturn<T extends JSONValue | SimplifyDeepArray<unknown> | InvalidJSONValue, U extends StatusCode> = Response & TypedResponse<SimplifyDeepArray<T> extends JSONValue ? JSONValue extends SimplifyDeepArray<T> ? never : JSONParsed<T> : JSONParsed<T>, U, 'json'>;
125
+ type JSONRespondReturn<T extends JSONValue | SimplifyDeepArray<unknown> | InvalidJSONValue, U extends StatusCode> = Response & TypedResponse<SimplifyDeepArray<T> extends JSONValue ? JSONValue extends SimplifyDeepArray<T> ? never : JSONParsed<T> : never, U, 'json'>;
126
126
  /**
127
127
  * Interface representing a function that responds with HTML content.
128
128
  *
package/dist/types/middleware/secure-headers/secure-headers.d.ts CHANGED
@@ -62,6 +62,7 @@ interface SecureHeadersOptions {
62
62
  xFrameOptions?: overridableHeader;
63
63
  xPermittedCrossDomainPolicies?: overridableHeader;
64
64
  xXssProtection?: overridableHeader;
65
+ removePoweredBy?: boolean;
65
66
  }
66
67
  export declare const NONCE: ContentSecurityPolicyOptionHandler;
67
68
  /**
@@ -85,6 +86,7 @@ export declare const NONCE: ContentSecurityPolicyOptionHandler;
85
86
  * @param {overridableHeader} [customOptions.xFrameOptions=true] - Settings for the X-Frame-Options header.
86
87
  * @param {overridableHeader} [customOptions.xPermittedCrossDomainPolicies=true] - Settings for the X-Permitted-Cross-Domain-Policies header.
87
88
  * @param {overridableHeader} [customOptions.xXssProtection=true] - Settings for the X-XSS-Protection header.
89
+ * @param {boolean} [customOptions.removePoweredBy=true] - Settings for remove X-Powered-By header.
88
90
  * @returns {MiddlewareHandler} The middleware handler function.
89
91
  *
90
92
  * @example
package/dist/types/utils/types.d.ts CHANGED
@@ -11,7 +11,7 @@ export type IfAnyThenEmptyObject<T> = 0 extends 1 & T ? {} : T;
11
11
  export type JSONPrimitive = string | boolean | number | null;
12
12
  export type JSONArray = (JSONPrimitive | JSONObject | JSONArray)[];
13
13
  export type JSONObject = {
14
- [key: string]: JSONPrimitive | JSONArray | JSONObject | object;
14
+ [key: string]: JSONPrimitive | JSONArray | JSONObject | object | InvalidJSONValue;
15
15
  };
16
16
  export type InvalidJSONValue = undefined | symbol | ((...args: unknown[]) => unknown);
17
17
  type InvalidToNull<T> = T extends InvalidJSONValue ? null : T;
@@ -27,7 +27,7 @@ export type JSONParsed<T> = T extends {
27
27
  toJSON(): infer J;
28
28
  } ? (() => J) extends () => JSONPrimitive ? J : (() => J) extends () => {
29
29
  toJSON(): unknown;
30
- } ? {} : JSONParsed<J> : T extends JSONPrimitive ? T : T extends InvalidJSONValue ? never : T extends [] ? [] : T extends readonly [infer R, ...infer U] ? [JSONParsed<InvalidToNull<R>>, ...JSONParsed<U>] : T extends Array<infer U> ? Array<JSONParsed<InvalidToNull<U>>> : T extends Set<unknown> | Map<unknown, unknown> ? {} : T extends object ? {
30
+ } ? {} : JSONParsed<J> : T extends JSONPrimitive ? T : T extends InvalidJSONValue ? never : T extends [] ? [] : T extends readonly [infer R, ...infer U] ? [JSONParsed<InvalidToNull<R>>, ...JSONParsed<U>] : T extends Array<infer U> ? Array<JSONParsed<InvalidToNull<U>>> : T extends ReadonlyArray<infer U> ? ReadonlyArray<JSONParsed<InvalidToNull<U>>> : T extends Set<unknown> | Map<unknown, unknown> ? {} : T extends object ? {
31
31
  [K in keyof OmitSymbolKeys<T> as IsInvalid<T[K]> extends true ? never : K]: boolean extends IsInvalid<T[K]> ? JSONParsed<T[K]> | undefined : JSONParsed<T[K]>;
32
32
  } : never;
33
33
  /**
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "hono",
3
- "version": "4.5.1",
3
+ "version": "4.5.2",
4
4
  "description": "Web framework built on Web Standards",
5
5
  "main": "dist/cjs/index.js",
6
6
  "type": "module",