nativescript 9.0.6-rc.0 → 9.0.6-rc.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -4,11 +4,20 @@ exports.DevtoolsHostService = void 0;
|
|
|
4
4
|
const http = require("http");
|
|
5
5
|
const path = require("path");
|
|
6
6
|
const fs = require("fs");
|
|
7
|
+
const constants_1 = require("../constants");
|
|
7
8
|
const yok_1 = require("../common/yok");
|
|
8
9
|
const LOOPBACK_HOST = "127.0.0.1";
|
|
9
|
-
const DEVTOOLS_ORIGIN = "https://chrome-devtools-frontend.appspot.com";
|
|
10
10
|
const PORT_RANGE_START = 41500;
|
|
11
11
|
const PORT_RANGE_END = 41999;
|
|
12
|
+
// Allowed Chrome DevTools origins. Bundled DevTools (devtools://devtools)
|
|
13
|
+
// is the default flow opened by chrome://inspect; the appspot frontend is
|
|
14
|
+
// used when the CLI prints a hosted URL. Any other origin (including
|
|
15
|
+
// custom NS DevTools forks) gets a permissive ACAO since loopback bind
|
|
16
|
+
// is the real security boundary anyway.
|
|
17
|
+
const KNOWN_DEVTOOLS_ORIGINS = new Set([
|
|
18
|
+
"devtools://devtools",
|
|
19
|
+
"https://chrome-devtools-frontend.appspot.com",
|
|
20
|
+
]);
|
|
12
21
|
const CONTENT_TYPES = {
|
|
13
22
|
".map": "application/json; charset=utf-8",
|
|
14
23
|
".json": "application/json; charset=utf-8",
|
|
@@ -31,7 +40,13 @@ class DevtoolsHostService {
|
|
|
31
40
|
return { platform: key, origin: this.formatOrigin(existing.port) };
|
|
32
41
|
}
|
|
33
42
|
const platformData = this.$platformsDataService.getPlatformData(platform, projectData);
|
|
34
|
-
|
|
43
|
+
// Webpack writes to <appDestinationDirectoryPath>/app on both iOS
|
|
44
|
+
// (platforms/ios/<appName>/app) and Android
|
|
45
|
+
// (platforms/android/app/src/main/assets/app). Match that exactly so
|
|
46
|
+
// requests for /bundle.mjs.map resolve to the actual emitted file.
|
|
47
|
+
const rootDir = (platformData === null || platformData === void 0 ? void 0 : platformData.appDestinationDirectoryPath)
|
|
48
|
+
? path.join(platformData.appDestinationDirectoryPath, constants_1.APP_FOLDER_NAME)
|
|
49
|
+
: null;
|
|
35
50
|
if (!rootDir) {
|
|
36
51
|
this.$logger.warn(`DevTools host: unable to resolve output directory for ${platform}.`);
|
|
37
52
|
return null;
|
|
@@ -91,7 +106,11 @@ class DevtoolsHostService {
|
|
|
91
106
|
return `http://${LOOPBACK_HOST}:${port}`;
|
|
92
107
|
}
|
|
93
108
|
handleRequest(req, res, rootDir) {
|
|
94
|
-
|
|
109
|
+
const requestOrigin = req.headers.origin;
|
|
110
|
+
const allowOrigin = requestOrigin && KNOWN_DEVTOOLS_ORIGINS.has(requestOrigin)
|
|
111
|
+
? requestOrigin
|
|
112
|
+
: "*";
|
|
113
|
+
res.setHeader("Access-Control-Allow-Origin", allowOrigin);
|
|
95
114
|
res.setHeader("Vary", "Origin");
|
|
96
115
|
res.setHeader("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS");
|
|
97
116
|
res.setHeader("Access-Control-Allow-Headers", "*");
|
package/package.json
CHANGED