nuxt-csp-report 1.0.0-alpha.3 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/module.json +1 -1
  2. package/dist/runtime/server/api/csp-report.post.js +3 -2
  3. package/dist/runtime/server/utils/normalizeCspReport.d.ts +2 -2
  4. package/dist/runtime/server/utils/normalizeCspReport.js +34 -31
  5. package/package.json +2 -2
package/dist/module.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "nuxt-csp-report",
3
3
  "configKey": "cspReport",
4
- "version": "1.0.0-alpha.3",
4
+ "version": "1.0.0",
5
5
  "builder": {
6
6
  "@nuxt/module-builder": "1.0.2",
7
7
  "unbuild": "3.6.1"
package/dist/runtime/server/api/csp-report.post.js CHANGED
@@ -1,4 +1,4 @@
1
- import { useRuntimeConfig, useStorage, readBody, defineEventHandler } from "#imports";
1
+ import { useRuntimeConfig, useStorage, readBody, defineEventHandler, setResponseStatus } from "#imports";
2
2
  import { normalizeCspReport } from "../utils/normalizeCspReport.js";
3
3
  import { formatCspLog } from "../utils/formatCspLog.js";
4
4
  const runtimeConfig = useRuntimeConfig();
@@ -27,6 +27,7 @@ export default defineEventHandler(async (event) => {
27
27
  return { ok: true };
28
28
  } catch (err) {
29
29
  console.error("[nuxt-csp-report]", err);
30
- return { ok: true };
30
+ setResponseStatus(event, 500);
31
+ return { ok: false };
31
32
  }
32
33
  });
package/dist/runtime/server/utils/normalizeCspReport.d.ts CHANGED
@@ -41,7 +41,7 @@ declare const reportToEntrySchema: z.ZodObject<{
41
41
  url: z.ZodString;
42
42
  user_agent: z.ZodString;
43
43
  }, z.core.$loose>;
44
- declare const reportToSchema: z.ZodArray<z.ZodObject<{
44
+ declare const _reportToSchema: z.ZodArray<z.ZodObject<{
45
45
  age: z.ZodNumber;
46
46
  body: z.ZodObject<{
47
47
  blockedURL: z.ZodString;
@@ -64,6 +64,6 @@ declare const reportToSchema: z.ZodArray<z.ZodObject<{
64
64
  user_agent: z.ZodString;
65
65
  }, z.core.$loose>>;
66
66
  export type ReportToEntryFormat = z.infer<typeof reportToEntrySchema>;
67
- export type ReportToFormat = z.infer<typeof reportToSchema>;
67
+ export type ReportToFormat = z.infer<typeof _reportToSchema>;
68
68
  export declare function normalizeCspReport(input: unknown): NormalizedCspReport[];
69
69
  export {};
package/dist/runtime/server/utils/normalizeCspReport.js CHANGED
@@ -32,42 +32,45 @@ const reportToEntrySchema = z.object({
32
32
  type: z.string(),
33
33
  url: z.string(),
34
34
  user_agent: z.string()
35
- }).passthrough();
36
- const reportToSchema = reportToEntrySchema.array();
35
+ }).loose();
36
+ const _reportToSchema = reportToEntrySchema.array();
37
37
  export function normalizeCspReport(input) {
38
- if (!input) {
39
- return [];
38
+ if (!input) return [];
39
+ if (typeof input === "object" && input !== null && "csp-report" in input) {
40
+ const parsed = reportUriSchema.safeParse(input);
41
+ if (!parsed.success) return [];
42
+ const report = parsed.data["csp-report"];
43
+ return [{
44
+ raw: parsed.data,
45
+ timestamp: Date.now(),
46
+ documentURL: report["document-uri"],
47
+ blockedURL: report["blocked-uri"],
48
+ directive: report["violated-directive"],
49
+ sourceFile: report["source-file"],
50
+ line: report["line-number"],
51
+ disposition: report["disposition"]
52
+ }];
40
53
  }
41
- try {
42
- if (typeof input === "object" && "csp-report" in input) {
43
- const parsed = reportUriSchema.parse(input);
44
- return [{
45
- raw: parsed,
54
+ if (Array.isArray(input)) {
55
+ const reports = [];
56
+ for (const entry of input) {
57
+ const parsed = reportToEntrySchema.safeParse(entry);
58
+ if (!parsed.success) continue;
59
+ if (parsed.data.type !== "csp-violation") continue;
60
+ const { body } = parsed.data;
61
+ reports.push({
62
+ raw: parsed.data,
46
63
  timestamp: Date.now(),
47
- documentURL: parsed["csp-report"]["document-uri"],
48
- blockedURL: parsed["csp-report"]["blocked-uri"],
49
- directive: parsed["csp-report"]["violated-directive"],
50
- sourceFile: parsed["csp-report"]["source-file"],
51
- line: parsed["csp-report"]["line-number"],
52
- disposition: parsed["csp-report"]["disposition"]
53
- }];
54
- }
55
- if (Array.isArray(input)) {
56
- const parsed = reportToSchema.parse(input);
57
- return parsed.map((item) => {
58
- return {
59
- raw: item,
60
- timestamp: Date.now(),
61
- documentURL: item.body.documentURL,
62
- blockedURL: item.body.blockedURL,
63
- directive: item.body.effectiveDirective,
64
- sourceFile: item.body.sourceFile,
65
- line: item.body.lineNumber,
66
- disposition: item.body.disposition
67
- };
64
+ documentURL: body.documentURL,
65
+ blockedURL: body.blockedURL,
66
+ directive: body.effectiveDirective,
67
+ sourceFile: body.sourceFile,
68
+ line: body.lineNumber,
69
+ column: body.columnNumber,
70
+ disposition: body.disposition
68
71
  });
69
72
  }
70
- } catch {
73
+ return reports;
71
74
  }
72
75
  return [];
73
76
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nuxt-csp-report",
3
- "version": "1.0.0-alpha.3",
3
+ "version": "1.0.0",
4
4
  "description": "A Nuxt module for collecting, normalizing, and persisting Content Security Policy reports",
5
5
  "repository": {
6
6
  "type": "git",
@@ -63,7 +63,7 @@
63
63
  "dev": "pnpm dev:prepare && nuxi dev playground",
64
64
  "dev:build": "nuxi build playground",
65
65
  "dev:prepare": "nuxt-module-build build --stub && nuxt-module-build prepare && nuxi prepare playground",
66
- "release": "pnpm lint && pnpm test && pnpm prepack && changelogen --release --prerelease alpha && pnpm publish --tag alpha && git push --follow-tags",
66
+ "release": "pnpm lint && pnpm test && pnpm prepack && changelogen --release && pnpm publish && git push --follow-tags",
67
67
  "lint": "eslint .",
68
68
  "test": "vitest run",
69
69
  "test:watch": "vitest watch",