next 15.3.0-canary.3 → 15.3.0-canary.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bin/next +1 -1
- package/dist/build/index.js +2 -2
- package/dist/build/swc/index.js +1 -1
- package/dist/build/webpack-config.js +2 -2
- package/dist/client/app-bootstrap.js +1 -1
- package/dist/client/index.js +1 -1
- package/dist/esm/build/index.js +2 -2
- package/dist/esm/build/swc/index.js +1 -1
- package/dist/esm/build/webpack-config.js +2 -2
- package/dist/esm/client/app-bootstrap.js +1 -1
- package/dist/esm/client/index.js +1 -1
- package/dist/esm/server/dev/hot-reloader-turbopack.js +1 -1
- package/dist/esm/server/dev/hot-reloader-webpack.js +1 -1
- package/dist/esm/server/lib/app-info-log.js +1 -1
- package/dist/esm/server/lib/router-utils/block-cross-site.js +3 -2
- package/dist/esm/server/lib/router-utils/block-cross-site.js.map +1 -1
- package/dist/esm/server/lib/start-server.js +1 -1
- package/dist/esm/shared/lib/canary-only.js +1 -1
- package/dist/server/dev/hot-reloader-turbopack.js +1 -1
- package/dist/server/dev/hot-reloader-webpack.js +1 -1
- package/dist/server/lib/app-info-log.js +1 -1
- package/dist/server/lib/router-utils/block-cross-site.js +3 -2
- package/dist/server/lib/router-utils/block-cross-site.js.map +1 -1
- package/dist/server/lib/start-server.js +1 -1
- package/dist/shared/lib/canary-only.js +1 -1
- package/dist/telemetry/anonymous-meta.js +1 -1
- package/dist/telemetry/events/session-stopped.js +2 -2
- package/dist/telemetry/events/version.js +2 -2
- package/package.json +15 -15
package/dist/bin/next
CHANGED
|
@@ -79,7 +79,7 @@ const program = new NextRootCommand();
|
|
|
79
79
|
program.name('next').description('The Next.js CLI allows you to develop, build, start your application, and more.').configureHelp({
|
|
80
80
|
formatHelp: (cmd, helper)=>(0, _formatclihelpoutput.formatCliHelpOutput)(cmd, helper),
|
|
81
81
|
subcommandTerm: (cmd)=>`${cmd.name()} ${cmd.usage()}`
|
|
82
|
-
}).helpCommand(false).helpOption('-h, --help', 'Displays this message.').version(`Next.js v${"15.3.0-canary.
|
|
82
|
+
}).helpCommand(false).helpOption('-h, --help', 'Displays this message.').version(`Next.js v${"15.3.0-canary.4"}`, '-v, --version', 'Outputs the Next.js version.');
|
|
83
83
|
program.command('build').description('Creates an optimized production build of your application. The output displays information about each route.').argument('[directory]', `A directory on which to build the application. ${(0, _picocolors.italic)('If no directory is provided, the current directory will be used.')}`).option('-d, --debug', 'Enables a more verbose build output.').option('--no-lint', 'Disables linting.').option('--no-mangling', 'Disables mangling.').option('--profile', 'Enables production profiling for React.').option('--experimental-app-only', 'Builds only App Router routes.').addOption(new _commander.Option('--experimental-turbo').hideHelp()).addOption(new _commander.Option('--experimental-build-mode [mode]', 'Uses an experimental build mode.').choices([
|
|
84
84
|
'compile',
|
|
85
85
|
'generate'
|
package/dist/build/index.js
CHANGED
|
@@ -368,7 +368,7 @@ async function build(dir, reactProductionProfiling = false, debugOutput = false,
|
|
|
368
368
|
const nextBuildSpan = (0, _trace.trace)('next-build', undefined, {
|
|
369
369
|
buildMode: experimentalBuildMode,
|
|
370
370
|
isTurboBuild: String(turboNextBuild),
|
|
371
|
-
version: "15.3.0-canary.
|
|
371
|
+
version: "15.3.0-canary.4"
|
|
372
372
|
});
|
|
373
373
|
_buildcontext.NextBuildContext.nextBuildSpan = nextBuildSpan;
|
|
374
374
|
_buildcontext.NextBuildContext.dir = dir;
|
|
@@ -732,7 +732,7 @@ async function build(dir, reactProductionProfiling = false, debugOutput = false,
|
|
|
732
732
|
// Files outside of the distDir can be "type": "module"
|
|
733
733
|
await writeFileUtf8(_path.default.join(distDir, 'package.json'), '{"type": "commonjs"}');
|
|
734
734
|
// These are written to distDir, so they need to come after creating and cleaning distDr.
|
|
735
|
-
await (0, _builddiagnostics.recordFrameworkVersion)("15.3.0-canary.
|
|
735
|
+
await (0, _builddiagnostics.recordFrameworkVersion)("15.3.0-canary.4");
|
|
736
736
|
await (0, _builddiagnostics.updateBuildDiagnostics)({
|
|
737
737
|
buildStage: 'start'
|
|
738
738
|
});
|
package/dist/build/swc/index.js
CHANGED
|
@@ -119,7 +119,7 @@ function _interop_require_wildcard(obj, nodeInterop) {
|
|
|
119
119
|
}
|
|
120
120
|
return newObj;
|
|
121
121
|
}
|
|
122
|
-
const nextVersion = "15.3.0-canary.
|
|
122
|
+
const nextVersion = "15.3.0-canary.4";
|
|
123
123
|
const ArchName = (0, _os.arch)();
|
|
124
124
|
const PlatformName = (0, _os.platform)();
|
|
125
125
|
function infoLog(...args) {
|
|
@@ -1626,7 +1626,7 @@ async function getBaseWebpackConfig(dir, { buildId, encryptionKey, config, compi
|
|
|
1626
1626
|
isClient && new _copyfileplugin.CopyFilePlugin({
|
|
1627
1627
|
// file path to build output of `@next/polyfill-nomodule`
|
|
1628
1628
|
filePath: require.resolve('./polyfills/polyfill-nomodule'),
|
|
1629
|
-
cacheKey: "15.3.0-canary.
|
|
1629
|
+
cacheKey: "15.3.0-canary.4",
|
|
1630
1630
|
name: `static/chunks/polyfills${dev ? '' : '-[hash]'}.js`,
|
|
1631
1631
|
minimize: false,
|
|
1632
1632
|
info: {
|
|
@@ -1803,7 +1803,7 @@ async function getBaseWebpackConfig(dir, { buildId, encryptionKey, config, compi
|
|
|
1803
1803
|
// - Next.js location on disk (some loaders use absolute paths and some resolve options depend on absolute paths)
|
|
1804
1804
|
// - Next.js version
|
|
1805
1805
|
// - next.config.js keys that affect compilation
|
|
1806
|
-
version: `${__dirname}|${"15.3.0-canary.
|
|
1806
|
+
version: `${__dirname}|${"15.3.0-canary.4"}|${configVars}`,
|
|
1807
1807
|
cacheDirectory: _path.default.join(distDir, 'cache', 'webpack'),
|
|
1808
1808
|
// For production builds, it's more efficient to compress all cache files together instead of compression each one individually.
|
|
1809
1809
|
// So we disable compression here and allow the build runner to take care of compressing the cache as a whole.
|
package/dist/client/index.js
CHANGED
|
@@ -61,7 +61,7 @@ const _hooksclientcontextsharedruntime = require("../shared/lib/hooks-client-con
|
|
|
61
61
|
const _onrecoverableerror = require("./react-client-callbacks/on-recoverable-error");
|
|
62
62
|
const _tracer = /*#__PURE__*/ _interop_require_default._(require("./tracing/tracer"));
|
|
63
63
|
const _isnextroutererror = require("./components/is-next-router-error");
|
|
64
|
-
const version = "15.3.0-canary.
|
|
64
|
+
const version = "15.3.0-canary.4";
|
|
65
65
|
let router;
|
|
66
66
|
const emitter = (0, _mitt.default)();
|
|
67
67
|
const looseToArray = (input)=>[].slice.call(input);
|
package/dist/esm/build/index.js
CHANGED
|
@@ -300,7 +300,7 @@ export default async function build(dir, reactProductionProfiling = false, debug
|
|
|
300
300
|
const nextBuildSpan = trace('next-build', undefined, {
|
|
301
301
|
buildMode: experimentalBuildMode,
|
|
302
302
|
isTurboBuild: String(turboNextBuild),
|
|
303
|
-
version: "15.3.0-canary.
|
|
303
|
+
version: "15.3.0-canary.4"
|
|
304
304
|
});
|
|
305
305
|
NextBuildContext.nextBuildSpan = nextBuildSpan;
|
|
306
306
|
NextBuildContext.dir = dir;
|
|
@@ -664,7 +664,7 @@ export default async function build(dir, reactProductionProfiling = false, debug
|
|
|
664
664
|
// Files outside of the distDir can be "type": "module"
|
|
665
665
|
await writeFileUtf8(path.join(distDir, 'package.json'), '{"type": "commonjs"}');
|
|
666
666
|
// These are written to distDir, so they need to come after creating and cleaning distDr.
|
|
667
|
-
await recordFrameworkVersion("15.3.0-canary.
|
|
667
|
+
await recordFrameworkVersion("15.3.0-canary.4");
|
|
668
668
|
await updateBuildDiagnostics({
|
|
669
669
|
buildStage: 'start'
|
|
670
670
|
});
|
|
@@ -11,7 +11,7 @@ import { isDeepStrictEqual } from 'util';
|
|
|
11
11
|
import { getDefineEnv } from '../webpack/plugins/define-env-plugin';
|
|
12
12
|
import { getReactCompilerLoader } from '../get-babel-loader-config';
|
|
13
13
|
import { TurbopackInternalError } from '../../shared/lib/turbopack/utils';
|
|
14
|
-
const nextVersion = "15.3.0-canary.
|
|
14
|
+
const nextVersion = "15.3.0-canary.4";
|
|
15
15
|
const ArchName = arch();
|
|
16
16
|
const PlatformName = platform();
|
|
17
17
|
function infoLog(...args) {
|
|
@@ -1527,7 +1527,7 @@ export default async function getBaseWebpackConfig(dir, { buildId, encryptionKey
|
|
|
1527
1527
|
isClient && new CopyFilePlugin({
|
|
1528
1528
|
// file path to build output of `@next/polyfill-nomodule`
|
|
1529
1529
|
filePath: require.resolve('./polyfills/polyfill-nomodule'),
|
|
1530
|
-
cacheKey: "15.3.0-canary.
|
|
1530
|
+
cacheKey: "15.3.0-canary.4",
|
|
1531
1531
|
name: `static/chunks/polyfills${dev ? '' : '-[hash]'}.js`,
|
|
1532
1532
|
minimize: false,
|
|
1533
1533
|
info: {
|
|
@@ -1704,7 +1704,7 @@ export default async function getBaseWebpackConfig(dir, { buildId, encryptionKey
|
|
|
1704
1704
|
// - Next.js location on disk (some loaders use absolute paths and some resolve options depend on absolute paths)
|
|
1705
1705
|
// - Next.js version
|
|
1706
1706
|
// - next.config.js keys that affect compilation
|
|
1707
|
-
version: `${__dirname}|${"15.3.0-canary.
|
|
1707
|
+
version: `${__dirname}|${"15.3.0-canary.4"}|${configVars}`,
|
|
1708
1708
|
cacheDirectory: path.join(distDir, 'cache', 'webpack'),
|
|
1709
1709
|
// For production builds, it's more efficient to compress all cache files together instead of compression each one individually.
|
|
1710
1710
|
// So we disable compression here and allow the build runner to take care of compressing the cache as a whole.
|
package/dist/esm/client/index.js
CHANGED
|
@@ -26,7 +26,7 @@ import { SearchParamsContext, PathParamsContext } from '../shared/lib/hooks-clie
|
|
|
26
26
|
import { onRecoverableError } from './react-client-callbacks/on-recoverable-error';
|
|
27
27
|
import tracer from './tracing/tracer';
|
|
28
28
|
import { isNextRouterError } from './components/is-next-router-error';
|
|
29
|
-
export const version = "15.3.0-canary.
|
|
29
|
+
export const version = "15.3.0-canary.4";
|
|
30
30
|
export let router;
|
|
31
31
|
export const emitter = mitt();
|
|
32
32
|
const looseToArray = (input)=>[].slice.call(input);
|
|
@@ -83,7 +83,7 @@ export async function createHotReloaderTurbopack(opts, serverFields, distDir, re
|
|
|
83
83
|
}
|
|
84
84
|
const hasRewrites = opts.fsChecker.rewrites.afterFiles.length > 0 || opts.fsChecker.rewrites.beforeFiles.length > 0 || opts.fsChecker.rewrites.fallback.length > 0;
|
|
85
85
|
const hotReloaderSpan = trace('hot-reloader', undefined, {
|
|
86
|
-
version: "15.3.0-canary.
|
|
86
|
+
version: "15.3.0-canary.4"
|
|
87
87
|
});
|
|
88
88
|
// Ensure the hotReloaderSpan is flushed immediately as it's the parentSpan for all processing
|
|
89
89
|
// of the current `next dev` invocation.
|
|
@@ -180,7 +180,7 @@ export default class HotReloaderWebpack {
|
|
|
180
180
|
this.previewProps = previewProps;
|
|
181
181
|
this.rewrites = rewrites;
|
|
182
182
|
this.hotReloaderSpan = trace('hot-reloader', undefined, {
|
|
183
|
-
version: "15.3.0-canary.
|
|
183
|
+
version: "15.3.0-canary.4"
|
|
184
184
|
});
|
|
185
185
|
// Ensure the hotReloaderSpan is flushed immediately as it's the parentSpan for all processing
|
|
186
186
|
// of the current `next dev` invocation.
|
|
@@ -4,7 +4,7 @@ import { bold, purple } from '../../lib/picocolors';
|
|
|
4
4
|
import { PHASE_DEVELOPMENT_SERVER, PHASE_PRODUCTION_BUILD } from '../../shared/lib/constants';
|
|
5
5
|
import loadConfig, { getConfiguredExperimentalFeatures } from '../config';
|
|
6
6
|
export function logStartInfo({ networkUrl, appUrl, envInfo, experimentalFeatures, maxExperimentalFeatures = Infinity }) {
|
|
7
|
-
Log.bootstrap(`${bold(purple(`${Log.prefixes.ready} Next.js ${"15.3.0-canary.
|
|
7
|
+
Log.bootstrap(`${bold(purple(`${Log.prefixes.ready} Next.js ${"15.3.0-canary.4"}`))}${process.env.TURBOPACK ? ' (Turbopack)' : ''}`);
|
|
8
8
|
if (appUrl) {
|
|
9
9
|
Log.bootstrap(`- Local: ${appUrl}`);
|
|
10
10
|
}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { parseUrl } from '../../../lib/url';
|
|
2
2
|
import net from 'net';
|
|
3
3
|
import { warnOnce } from '../../../build/output/log';
|
|
4
|
+
import { isCsrfOriginAllowed } from '../../app-render/csrf-protection';
|
|
4
5
|
export const blockCrossSite = (req, res, allowedOrigins, activePort)=>{
|
|
5
6
|
var _req_url;
|
|
6
7
|
// only process _next URLs
|
|
@@ -14,7 +15,7 @@ export const blockCrossSite = (req, res, allowedOrigins, activePort)=>{
|
|
|
14
15
|
res.statusCode = 403;
|
|
15
16
|
}
|
|
16
17
|
res.end('Unauthorized');
|
|
17
|
-
warnOnce(`Blocked cross-origin request to /_next/*.
|
|
18
|
+
warnOnce(`Blocked cross-origin request to /_next/*. Cross-site requests are blocked in "no-cors" mode.`);
|
|
18
19
|
return true;
|
|
19
20
|
}
|
|
20
21
|
// ensure websocket requests from allowed origin
|
|
@@ -27,7 +28,7 @@ export const blockCrossSite = (req, res, allowedOrigins, activePort)=>{
|
|
|
27
28
|
const isIpRequest = net.isIPv4(originLowerCase) || net.isIPv6(originLowerCase);
|
|
28
29
|
if (// allow requests if direct IP and matching port and
|
|
29
30
|
// allow if any of the allowed origins match
|
|
30
|
-
!(isIpRequest && isMatchingPort) && !
|
|
31
|
+
!(isIpRequest && isMatchingPort) && !isCsrfOriginAllowed(originLowerCase, allowedOrigins)) {
|
|
31
32
|
if ('statusCode' in res) {
|
|
32
33
|
res.statusCode = 403;
|
|
33
34
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/server/lib/router-utils/block-cross-site.ts"],"sourcesContent":["import type { Duplex } from 'stream'\nimport type { IncomingMessage, ServerResponse } from 'webpack-dev-server'\nimport { parseUrl } from '../../../lib/url'\nimport net from 'net'\nimport { warnOnce } from '../../../build/output/log'\n\nexport const blockCrossSite = (\n req: IncomingMessage,\n res: ServerResponse | Duplex,\n allowedOrigins: string[],\n activePort: string\n): boolean => {\n // only process _next URLs\n if (!req.url?.includes('/_next')) {\n return false\n }\n // block non-cors request from cross-site e.g. script tag on\n // different host\n if (\n req.headers['sec-fetch-mode'] === 'no-cors' &&\n req.headers['sec-fetch-site'] === 'cross-site'\n ) {\n if ('statusCode' in res) {\n res.statusCode = 403\n }\n res.end('Unauthorized')\n warnOnce(\n `Blocked cross-origin request to /_next/*.
|
|
1
|
+
{"version":3,"sources":["../../../../src/server/lib/router-utils/block-cross-site.ts"],"sourcesContent":["import type { Duplex } from 'stream'\nimport type { IncomingMessage, ServerResponse } from 'webpack-dev-server'\nimport { parseUrl } from '../../../lib/url'\nimport net from 'net'\nimport { warnOnce } from '../../../build/output/log'\nimport { isCsrfOriginAllowed } from '../../app-render/csrf-protection'\n\nexport const blockCrossSite = (\n req: IncomingMessage,\n res: ServerResponse | Duplex,\n allowedOrigins: string[],\n activePort: string\n): boolean => {\n // only process _next URLs\n if (!req.url?.includes('/_next')) {\n return false\n }\n // block non-cors request from cross-site e.g. script tag on\n // different host\n if (\n req.headers['sec-fetch-mode'] === 'no-cors' &&\n req.headers['sec-fetch-site'] === 'cross-site'\n ) {\n if ('statusCode' in res) {\n res.statusCode = 403\n }\n res.end('Unauthorized')\n warnOnce(\n `Blocked cross-origin request to /_next/*. Cross-site requests are blocked in \"no-cors\" mode.`\n )\n return true\n }\n\n // ensure websocket requests from allowed origin\n const rawOrigin = req.headers['origin']\n\n if (rawOrigin) {\n const parsedOrigin = parseUrl(rawOrigin)\n\n if (parsedOrigin) {\n const originLowerCase = parsedOrigin.hostname.toLowerCase()\n const isMatchingPort = parsedOrigin.port === activePort\n const isIpRequest =\n net.isIPv4(originLowerCase) || net.isIPv6(originLowerCase)\n\n if (\n // allow requests if direct IP and matching port and\n // allow if any of the allowed origins match\n !(isIpRequest && isMatchingPort) &&\n !isCsrfOriginAllowed(originLowerCase, allowedOrigins)\n ) {\n if ('statusCode' in res) {\n res.statusCode = 403\n }\n res.end('Unauthorized')\n warnOnce(\n `Blocked cross-origin request from ${originLowerCase}. To allow this, configure \"allowedDevOrigins\" in next.config\\nRead more: https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins`\n )\n return true\n }\n }\n }\n\n return false\n}\n"],"names":["parseUrl","net","warnOnce","isCsrfOriginAllowed","blockCrossSite","req","res","allowedOrigins","activePort","url","includes","headers","statusCode","end","rawOrigin","parsedOrigin","originLowerCase","hostname","toLowerCase","isMatchingPort","port","isIpRequest","isIPv4","isIPv6"],"mappings":"AAEA,SAASA,QAAQ,QAAQ,mBAAkB;AAC3C,OAAOC,SAAS,MAAK;AACrB,SAASC,QAAQ,QAAQ,4BAA2B;AACpD,SAASC,mBAAmB,QAAQ,mCAAkC;AAEtE,OAAO,MAAMC,iBAAiB,CAC5BC,KACAC,KACAC,gBACAC;QAGKH;IADL,0BAA0B;IAC1B,IAAI,GAACA,WAAAA,IAAII,GAAG,qBAAPJ,SAASK,QAAQ,CAAC,YAAW;QAChC,OAAO;IACT;IACA,4DAA4D;IAC5D,iBAAiB;IACjB,IACEL,IAAIM,OAAO,CAAC,iBAAiB,KAAK,aAClCN,IAAIM,OAAO,CAAC,iBAAiB,KAAK,cAClC;QACA,IAAI,gBAAgBL,KAAK;YACvBA,IAAIM,UAAU,GAAG;QACnB;QACAN,IAAIO,GAAG,CAAC;QACRX,SACE,CAAC,4FAA4F,CAAC;QAEhG,OAAO;IACT;IAEA,gDAAgD;IAChD,MAAMY,YAAYT,IAAIM,OAAO,CAAC,SAAS;IAEvC,IAAIG,WAAW;QACb,MAAMC,eAAef,SAASc;QAE9B,IAAIC,cAAc;YAChB,MAAMC,kBAAkBD,aAAaE,QAAQ,CAACC,WAAW;YACzD,MAAMC,iBAAiBJ,aAAaK,IAAI,KAAKZ;YAC7C,MAAMa,cACJpB,IAAIqB,MAAM,CAACN,oBAAoBf,IAAIsB,MAAM,CAACP;YAE5C,IACE,oDAAoD;YACpD,4CAA4C;YAC5C,CAAEK,CAAAA,eAAeF,cAAa,KAC9B,CAAChB,oBAAoBa,iBAAiBT,iBACtC;gBACA,IAAI,gBAAgBD,KAAK;oBACvBA,IAAIM,UAAU,GAAG;gBACnB;gBACAN,IAAIO,GAAG,CAAC;gBACRX,SACE,CAAC,kCAAkC,EAAEc,gBAAgB,2JAA2J,CAAC;gBAEnN,OAAO;YACT;QACF;IACF;IAEA,OAAO;AACT,EAAC"}
|
|
@@ -43,7 +43,7 @@ export async function getRequestHandlers({ dir, port, isDev, onDevServerCleanup,
|
|
|
43
43
|
export async function startServer(serverOptions) {
|
|
44
44
|
const { dir, isDev, hostname, minimalMode, allowRetry, keepAliveTimeout, selfSignedCertificate } = serverOptions;
|
|
45
45
|
let { port } = serverOptions;
|
|
46
|
-
process.title = `next-server (v${"15.3.0-canary.
|
|
46
|
+
process.title = `next-server (v${"15.3.0-canary.4"})`;
|
|
47
47
|
let handlersReady = ()=>{};
|
|
48
48
|
let handlersError = ()=>{};
|
|
49
49
|
let handlersPromise = new Promise((resolve, reject)=>{
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
export function isStableBuild() {
|
|
2
2
|
var _process_env___NEXT_VERSION;
|
|
3
|
-
return !((_process_env___NEXT_VERSION = "15.3.0-canary.
|
|
3
|
+
return !((_process_env___NEXT_VERSION = "15.3.0-canary.4") == null ? void 0 : _process_env___NEXT_VERSION.includes('canary')) && !process.env.__NEXT_TEST_MODE && !process.env.NEXT_PRIVATE_LOCAL_DEV;
|
|
4
4
|
}
|
|
5
5
|
export class CanaryOnlyError extends Error {
|
|
6
6
|
constructor(arg){
|
|
@@ -139,7 +139,7 @@ async function createHotReloaderTurbopack(opts, serverFields, distDir, resetFetc
|
|
|
139
139
|
}
|
|
140
140
|
const hasRewrites = opts.fsChecker.rewrites.afterFiles.length > 0 || opts.fsChecker.rewrites.beforeFiles.length > 0 || opts.fsChecker.rewrites.fallback.length > 0;
|
|
141
141
|
const hotReloaderSpan = (0, _trace.trace)('hot-reloader', undefined, {
|
|
142
|
-
version: "15.3.0-canary.
|
|
142
|
+
version: "15.3.0-canary.4"
|
|
143
143
|
});
|
|
144
144
|
// Ensure the hotReloaderSpan is flushed immediately as it's the parentSpan for all processing
|
|
145
145
|
// of the current `next dev` invocation.
|
|
@@ -256,7 +256,7 @@ class HotReloaderWebpack {
|
|
|
256
256
|
this.previewProps = previewProps;
|
|
257
257
|
this.rewrites = rewrites;
|
|
258
258
|
this.hotReloaderSpan = (0, _trace.trace)('hot-reloader', undefined, {
|
|
259
|
-
version: "15.3.0-canary.
|
|
259
|
+
version: "15.3.0-canary.4"
|
|
260
260
|
});
|
|
261
261
|
// Ensure the hotReloaderSpan is flushed immediately as it's the parentSpan for all processing
|
|
262
262
|
// of the current `next dev` invocation.
|
|
@@ -67,7 +67,7 @@ function _interop_require_wildcard(obj, nodeInterop) {
|
|
|
67
67
|
return newObj;
|
|
68
68
|
}
|
|
69
69
|
function logStartInfo({ networkUrl, appUrl, envInfo, experimentalFeatures, maxExperimentalFeatures = Infinity }) {
|
|
70
|
-
_log.bootstrap(`${(0, _picocolors.bold)((0, _picocolors.purple)(`${_log.prefixes.ready} Next.js ${"15.3.0-canary.
|
|
70
|
+
_log.bootstrap(`${(0, _picocolors.bold)((0, _picocolors.purple)(`${_log.prefixes.ready} Next.js ${"15.3.0-canary.4"}`))}${process.env.TURBOPACK ? ' (Turbopack)' : ''}`);
|
|
71
71
|
if (appUrl) {
|
|
72
72
|
_log.bootstrap(`- Local: ${appUrl}`);
|
|
73
73
|
}
|
|
@@ -11,6 +11,7 @@ Object.defineProperty(exports, "blockCrossSite", {
|
|
|
11
11
|
const _url = require("../../../lib/url");
|
|
12
12
|
const _net = /*#__PURE__*/ _interop_require_default(require("net"));
|
|
13
13
|
const _log = require("../../../build/output/log");
|
|
14
|
+
const _csrfprotection = require("../../app-render/csrf-protection");
|
|
14
15
|
function _interop_require_default(obj) {
|
|
15
16
|
return obj && obj.__esModule ? obj : {
|
|
16
17
|
default: obj
|
|
@@ -29,7 +30,7 @@ const blockCrossSite = (req, res, allowedOrigins, activePort)=>{
|
|
|
29
30
|
res.statusCode = 403;
|
|
30
31
|
}
|
|
31
32
|
res.end('Unauthorized');
|
|
32
|
-
(0, _log.warnOnce)(`Blocked cross-origin request to /_next/*.
|
|
33
|
+
(0, _log.warnOnce)(`Blocked cross-origin request to /_next/*. Cross-site requests are blocked in "no-cors" mode.`);
|
|
33
34
|
return true;
|
|
34
35
|
}
|
|
35
36
|
// ensure websocket requests from allowed origin
|
|
@@ -42,7 +43,7 @@ const blockCrossSite = (req, res, allowedOrigins, activePort)=>{
|
|
|
42
43
|
const isIpRequest = _net.default.isIPv4(originLowerCase) || _net.default.isIPv6(originLowerCase);
|
|
43
44
|
if (// allow requests if direct IP and matching port and
|
|
44
45
|
// allow if any of the allowed origins match
|
|
45
|
-
!(isIpRequest && isMatchingPort) && !
|
|
46
|
+
!(isIpRequest && isMatchingPort) && !(0, _csrfprotection.isCsrfOriginAllowed)(originLowerCase, allowedOrigins)) {
|
|
46
47
|
if ('statusCode' in res) {
|
|
47
48
|
res.statusCode = 403;
|
|
48
49
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/server/lib/router-utils/block-cross-site.ts"],"sourcesContent":["import type { Duplex } from 'stream'\nimport type { IncomingMessage, ServerResponse } from 'webpack-dev-server'\nimport { parseUrl } from '../../../lib/url'\nimport net from 'net'\nimport { warnOnce } from '../../../build/output/log'\n\nexport const blockCrossSite = (\n req: IncomingMessage,\n res: ServerResponse | Duplex,\n allowedOrigins: string[],\n activePort: string\n): boolean => {\n // only process _next URLs\n if (!req.url?.includes('/_next')) {\n return false\n }\n // block non-cors request from cross-site e.g. script tag on\n // different host\n if (\n req.headers['sec-fetch-mode'] === 'no-cors' &&\n req.headers['sec-fetch-site'] === 'cross-site'\n ) {\n if ('statusCode' in res) {\n res.statusCode = 403\n }\n res.end('Unauthorized')\n warnOnce(\n `Blocked cross-origin request to /_next/*.
|
|
1
|
+
{"version":3,"sources":["../../../../src/server/lib/router-utils/block-cross-site.ts"],"sourcesContent":["import type { Duplex } from 'stream'\nimport type { IncomingMessage, ServerResponse } from 'webpack-dev-server'\nimport { parseUrl } from '../../../lib/url'\nimport net from 'net'\nimport { warnOnce } from '../../../build/output/log'\nimport { isCsrfOriginAllowed } from '../../app-render/csrf-protection'\n\nexport const blockCrossSite = (\n req: IncomingMessage,\n res: ServerResponse | Duplex,\n allowedOrigins: string[],\n activePort: string\n): boolean => {\n // only process _next URLs\n if (!req.url?.includes('/_next')) {\n return false\n }\n // block non-cors request from cross-site e.g. script tag on\n // different host\n if (\n req.headers['sec-fetch-mode'] === 'no-cors' &&\n req.headers['sec-fetch-site'] === 'cross-site'\n ) {\n if ('statusCode' in res) {\n res.statusCode = 403\n }\n res.end('Unauthorized')\n warnOnce(\n `Blocked cross-origin request to /_next/*. Cross-site requests are blocked in \"no-cors\" mode.`\n )\n return true\n }\n\n // ensure websocket requests from allowed origin\n const rawOrigin = req.headers['origin']\n\n if (rawOrigin) {\n const parsedOrigin = parseUrl(rawOrigin)\n\n if (parsedOrigin) {\n const originLowerCase = parsedOrigin.hostname.toLowerCase()\n const isMatchingPort = parsedOrigin.port === activePort\n const isIpRequest =\n net.isIPv4(originLowerCase) || net.isIPv6(originLowerCase)\n\n if (\n // allow requests if direct IP and matching port and\n // allow if any of the allowed origins match\n !(isIpRequest && isMatchingPort) &&\n !isCsrfOriginAllowed(originLowerCase, allowedOrigins)\n ) {\n if ('statusCode' in res) {\n res.statusCode = 403\n }\n res.end('Unauthorized')\n warnOnce(\n `Blocked cross-origin request from ${originLowerCase}. To allow this, configure \"allowedDevOrigins\" in next.config\\nRead more: https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins`\n )\n return true\n }\n }\n }\n\n return false\n}\n"],"names":["blockCrossSite","req","res","allowedOrigins","activePort","url","includes","headers","statusCode","end","warnOnce","rawOrigin","parsedOrigin","parseUrl","originLowerCase","hostname","toLowerCase","isMatchingPort","port","isIpRequest","net","isIPv4","isIPv6","isCsrfOriginAllowed"],"mappings":";;;;+BAOaA;;;eAAAA;;;qBALY;4DACT;qBACS;gCACW;;;;;;AAE7B,MAAMA,iBAAiB,CAC5BC,KACAC,KACAC,gBACAC;QAGKH;IADL,0BAA0B;IAC1B,IAAI,GAACA,WAAAA,IAAII,GAAG,qBAAPJ,SAASK,QAAQ,CAAC,YAAW;QAChC,OAAO;IACT;IACA,4DAA4D;IAC5D,iBAAiB;IACjB,IACEL,IAAIM,OAAO,CAAC,iBAAiB,KAAK,aAClCN,IAAIM,OAAO,CAAC,iBAAiB,KAAK,cAClC;QACA,IAAI,gBAAgBL,KAAK;YACvBA,IAAIM,UAAU,GAAG;QACnB;QACAN,IAAIO,GAAG,CAAC;QACRC,IAAAA,aAAQ,EACN,CAAC,4FAA4F,CAAC;QAEhG,OAAO;IACT;IAEA,gDAAgD;IAChD,MAAMC,YAAYV,IAAIM,OAAO,CAAC,SAAS;IAEvC,IAAII,WAAW;QACb,MAAMC,eAAeC,IAAAA,aAAQ,EAACF;QAE9B,IAAIC,cAAc;YAChB,MAAME,kBAAkBF,aAAaG,QAAQ,CAACC,WAAW;YACzD,MAAMC,iBAAiBL,aAAaM,IAAI,KAAKd;YAC7C,MAAMe,cACJC,YAAG,CAACC,MAAM,CAACP,oBAAoBM,YAAG,CAACE,MAAM,CAACR;YAE5C,IACE,oDAAoD;YACpD,4CAA4C;YAC5C,CAAEK,CAAAA,eAAeF,cAAa,KAC9B,CAACM,IAAAA,mCAAmB,EAACT,iBAAiBX,iBACtC;gBACA,IAAI,gBAAgBD,KAAK;oBACvBA,IAAIM,UAAU,GAAG;gBACnB;gBACAN,IAAIO,GAAG,CAAC;gBACRC,IAAAA,aAAQ,EACN,CAAC,kCAAkC,EAAEI,gBAAgB,2JAA2J,CAAC;gBAEnN,OAAO;YACT;QACF;IACF;IAEA,OAAO;AACT"}
|
|
@@ -111,7 +111,7 @@ async function getRequestHandlers({ dir, port, isDev, onDevServerCleanup, server
|
|
|
111
111
|
async function startServer(serverOptions) {
|
|
112
112
|
const { dir, isDev, hostname, minimalMode, allowRetry, keepAliveTimeout, selfSignedCertificate } = serverOptions;
|
|
113
113
|
let { port } = serverOptions;
|
|
114
|
-
process.title = `next-server (v${"15.3.0-canary.
|
|
114
|
+
process.title = `next-server (v${"15.3.0-canary.4"})`;
|
|
115
115
|
let handlersReady = ()=>{};
|
|
116
116
|
let handlersError = ()=>{};
|
|
117
117
|
let handlersPromise = new Promise((resolve, reject)=>{
|
|
@@ -22,7 +22,7 @@ _export(exports, {
|
|
|
22
22
|
});
|
|
23
23
|
function isStableBuild() {
|
|
24
24
|
var _process_env___NEXT_VERSION;
|
|
25
|
-
return !((_process_env___NEXT_VERSION = "15.3.0-canary.
|
|
25
|
+
return !((_process_env___NEXT_VERSION = "15.3.0-canary.4") == null ? void 0 : _process_env___NEXT_VERSION.includes('canary')) && !process.env.__NEXT_TEST_MODE && !process.env.NEXT_PRIVATE_LOCAL_DEV;
|
|
26
26
|
}
|
|
27
27
|
class CanaryOnlyError extends Error {
|
|
28
28
|
constructor(arg){
|
|
@@ -11,11 +11,11 @@ Object.defineProperty(exports, "eventCliSessionStopped", {
|
|
|
11
11
|
const EVENT_VERSION = 'NEXT_CLI_SESSION_STOPPED';
|
|
12
12
|
function eventCliSessionStopped(event) {
|
|
13
13
|
// This should be an invariant, if it fails our build tooling is broken.
|
|
14
|
-
if (typeof "15.3.0-canary.
|
|
14
|
+
if (typeof "15.3.0-canary.4" !== 'string') {
|
|
15
15
|
return [];
|
|
16
16
|
}
|
|
17
17
|
const payload = {
|
|
18
|
-
nextVersion: "15.3.0-canary.
|
|
18
|
+
nextVersion: "15.3.0-canary.4",
|
|
19
19
|
nodeVersion: process.version,
|
|
20
20
|
cliCommand: event.cliCommand,
|
|
21
21
|
durationMilliseconds: event.durationMilliseconds,
|
|
@@ -36,12 +36,12 @@ function hasBabelConfig(dir) {
|
|
|
36
36
|
function eventCliSession(dir, nextConfig, event) {
|
|
37
37
|
var _nextConfig_experimental_staleTimes, _nextConfig_experimental_staleTimes1, _nextConfig_experimental_reactCompiler, _nextConfig_experimental_reactCompiler1;
|
|
38
38
|
// This should be an invariant, if it fails our build tooling is broken.
|
|
39
|
-
if (typeof "15.3.0-canary.
|
|
39
|
+
if (typeof "15.3.0-canary.4" !== 'string') {
|
|
40
40
|
return [];
|
|
41
41
|
}
|
|
42
42
|
const { images, i18n } = nextConfig || {};
|
|
43
43
|
const payload = {
|
|
44
|
-
nextVersion: "15.3.0-canary.
|
|
44
|
+
nextVersion: "15.3.0-canary.4",
|
|
45
45
|
nodeVersion: process.version,
|
|
46
46
|
cliCommand: event.cliCommand,
|
|
47
47
|
isSrcDir: event.isSrcDir,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "next",
|
|
3
|
-
"version": "15.3.0-canary.
|
|
3
|
+
"version": "15.3.0-canary.4",
|
|
4
4
|
"description": "The React Framework",
|
|
5
5
|
"main": "./dist/server/next.js",
|
|
6
6
|
"license": "MIT",
|
|
@@ -100,7 +100,7 @@
|
|
|
100
100
|
]
|
|
101
101
|
},
|
|
102
102
|
"dependencies": {
|
|
103
|
-
"@next/env": "15.3.0-canary.
|
|
103
|
+
"@next/env": "15.3.0-canary.4",
|
|
104
104
|
"@swc/counter": "0.1.3",
|
|
105
105
|
"@swc/helpers": "0.5.15",
|
|
106
106
|
"busboy": "1.6.0",
|
|
@@ -132,14 +132,14 @@
|
|
|
132
132
|
},
|
|
133
133
|
"optionalDependencies": {
|
|
134
134
|
"sharp": "^0.33.5",
|
|
135
|
-
"@next/swc-darwin-arm64": "15.3.0-canary.
|
|
136
|
-
"@next/swc-darwin-x64": "15.3.0-canary.
|
|
137
|
-
"@next/swc-linux-arm64-gnu": "15.3.0-canary.
|
|
138
|
-
"@next/swc-linux-arm64-musl": "15.3.0-canary.
|
|
139
|
-
"@next/swc-linux-x64-gnu": "15.3.0-canary.
|
|
140
|
-
"@next/swc-linux-x64-musl": "15.3.0-canary.
|
|
141
|
-
"@next/swc-win32-arm64-msvc": "15.3.0-canary.
|
|
142
|
-
"@next/swc-win32-x64-msvc": "15.3.0-canary.
|
|
135
|
+
"@next/swc-darwin-arm64": "15.3.0-canary.4",
|
|
136
|
+
"@next/swc-darwin-x64": "15.3.0-canary.4",
|
|
137
|
+
"@next/swc-linux-arm64-gnu": "15.3.0-canary.4",
|
|
138
|
+
"@next/swc-linux-arm64-musl": "15.3.0-canary.4",
|
|
139
|
+
"@next/swc-linux-x64-gnu": "15.3.0-canary.4",
|
|
140
|
+
"@next/swc-linux-x64-musl": "15.3.0-canary.4",
|
|
141
|
+
"@next/swc-win32-arm64-msvc": "15.3.0-canary.4",
|
|
142
|
+
"@next/swc-win32-x64-msvc": "15.3.0-canary.4"
|
|
143
143
|
},
|
|
144
144
|
"devDependencies": {
|
|
145
145
|
"@ampproject/toolbox-optimizer": "2.8.3",
|
|
@@ -172,11 +172,11 @@
|
|
|
172
172
|
"@jest/types": "29.5.0",
|
|
173
173
|
"@mswjs/interceptors": "0.23.0",
|
|
174
174
|
"@napi-rs/triples": "1.2.0",
|
|
175
|
-
"@next/font": "15.3.0-canary.
|
|
176
|
-
"@next/polyfill-module": "15.3.0-canary.
|
|
177
|
-
"@next/polyfill-nomodule": "15.3.0-canary.
|
|
178
|
-
"@next/react-refresh-utils": "15.3.0-canary.
|
|
179
|
-
"@next/swc": "15.3.0-canary.
|
|
175
|
+
"@next/font": "15.3.0-canary.4",
|
|
176
|
+
"@next/polyfill-module": "15.3.0-canary.4",
|
|
177
|
+
"@next/polyfill-nomodule": "15.3.0-canary.4",
|
|
178
|
+
"@next/react-refresh-utils": "15.3.0-canary.4",
|
|
179
|
+
"@next/swc": "15.3.0-canary.4",
|
|
180
180
|
"@opentelemetry/api": "1.6.0",
|
|
181
181
|
"@playwright/test": "1.41.2",
|
|
182
182
|
"@storybook/addon-a11y": "8.6.0",
|