perimeterx-js-core 0.2.0 → 0.3.0

package/lib/activities/model/ActivityDetails.d.ts

@@ -1,5 +1,6 @@
-import { PassReason } from '../../utils/PassReason';
-import { BlockReason } from '../../block_handler/BlockReason';
+import { PassReason } from '../../utils';
+import { BlockReason } from '../../block_handler';
+import { GraphQLData } from '../../graphql';
 export declare type ActivityTypeDetails = PageRequestedActivityDetails | BlockActivityDetails | AdditionalS2SActivityDetails;
 export declare type ActivityDetails = ActivityTypeDetails & {
     client_uuid: string;
@@ -17,6 +18,7 @@ export declare type ActivityDetails = ActivityTypeDetails & {
     tls_preferred_ciphers?: string;
     tls_ciphers_sha?: string;
     tls_ja3_fingerprint?: string;
+    graphql_operations?: GraphQLData[];
     credentials_compromised?: boolean;
     ci_version?: string;
     sso_step?: string;

package/lib/activities/utils.js

@@ -8,7 +8,7 @@ var createActivity = function (activityType, config, context) {
         type: activityType,
         px_app_id: config.appId,
         url: context.requestData.url.href,
-        headers: (0, utils_1.removeSensitiveHeaders)(context.requestData.headers, config.sensitiveHeaders).toObject(),
+        headers: (0, utils_1.removeSensitiveHeaders)(context.requestData.headers, config.sensitiveHeaders).toObject(','),
         pxhd: context.pxhd,
         socket_ip: context.requestData.ip,
         timestamp: Date.now(),
@@ -44,6 +44,7 @@ var createGenericActivityDetails = function (config, context) {
         requestId: 'request_id',
         uuid: 'client_uuid',
         tokenOrigin: 'cookie_origin',
+        graphqlData: 'graphql_operations',
     });
     (0, utils_1.transferExistingProperties)(context.requestData, genericActivityDetails, {
         httpVersion: 'http_version',

package/lib/config/ConfigurationParams.d.ts

@@ -58,6 +58,10 @@ export declare type ConfigurationParams = {
     px_jwt_header_name?: string;
     px_jwt_header_user_id_field_name?: string;
     px_jwt_header_additional_field_names?: string[];
+    px_graphql_enabled?: boolean;
+    px_graphql_routes?: string[];
+    px_sensitive_graphql_operation_names?: string[];
+    px_sensitive_graphql_operation_types?: Array<'query' | 'mutation' | 'subscription'>;
     px_extract_ip?: () => {};
     px_additional_activity_handler?: AdditionalActivityHandler;
     px_enrich_custom_parameters?: CustomParametersFunction;

package/lib/config/DefaultConfigurations.js

@@ -94,8 +94,12 @@ exports.DEFAULT_CONFIGURATIONS = {
     px_filter_by_user_agent: [],
     px_css_ref: '',
     px_js_ref: '',
-    px_custom_cookie_header: '',
+    px_custom_cookie_header: 'x-px-cookies',
     px_custom_logo: '',
+    px_graphql_enabled: true,
+    px_graphql_routes: ['/graphql'],
+    px_sensitive_graphql_operation_names: [],
+    px_sensitive_graphql_operation_types: [],
     px_enrich_custom_parameters: null,
     px_proxy_url: '',
     px_jwt_cookie_name: '',

package/lib/config/IConfiguration.d.ts

@@ -165,6 +165,24 @@ export interface IConfiguration<ParamsType extends ConfigurationParams = Configu
      * The maximum amount of time to wait before sending asynchronous activities to the collector.
      */
     readonly activityBatchTimeoutMs: number;
+    /**
+     * Whether parsing of GraphQL request bodies should be enabled.
+     */
+    readonly graphqlEnabled: boolean;
+    /**
+     * Routes that should trigger GraphQL parsing by the enforcer.
+     */
+    readonly graphqlRoutes: string[];
+    /**
+     * An array of GraphQL operation names that should trigger a risk API call
+     * even if a valid, unexpired, low-score risk cookie is present.
+     */
+    readonly sensitiveGraphqlOperationNames: string[];
+    /**
+     * An array of GraphQL operation types (e.g., mutation) that should trigger a risk API call
+     * even if a valid, unexpired, low-score risk cookie is present.
+     */
+    readonly sensitiveGraphqlOperationTypes: string[];
     /**
      * A function returning CustomParameters that will be added to the enforcer activities.
      */

package/lib/config/StaticConfigurationBase.d.ts

@@ -53,6 +53,10 @@ export declare abstract class StaticConfigurationBase<ParamsType extends Configu
     get userAgentMaxLength(): number;
     get maxActivityBatchSize(): number;
     get activityBatchTimeoutMs(): number;
+    get graphqlEnabled(): boolean;
+    get graphqlRoutes(): string[];
+    get sensitiveGraphqlOperationNames(): string[];
+    get sensitiveGraphqlOperationTypes(): string[];
     get enrichCustomParameters(): CustomParametersFunction;
     get additionalActivityHandler(): AdditionalActivityHandler;
     get altBackendCaptchaUrl(): string;

package/lib/config/StaticConfigurationBase.js

@@ -343,6 +343,34 @@ var StaticConfigurationBase = /** @class */ (function () {
         enumerable: false,
         configurable: true
     });
+    Object.defineProperty(StaticConfigurationBase.prototype, "graphqlEnabled", {
+        get: function () {
+            return this.configParams.px_graphql_enabled;
+        },
+        enumerable: false,
+        configurable: true
+    });
+    Object.defineProperty(StaticConfigurationBase.prototype, "graphqlRoutes", {
+        get: function () {
+            return this.configParams.px_graphql_routes;
+        },
+        enumerable: false,
+        configurable: true
+    });
+    Object.defineProperty(StaticConfigurationBase.prototype, "sensitiveGraphqlOperationNames", {
+        get: function () {
+            return this.configParams.px_sensitive_graphql_operation_names;
+        },
+        enumerable: false,
+        configurable: true
+    });
+    Object.defineProperty(StaticConfigurationBase.prototype, "sensitiveGraphqlOperationTypes", {
+        get: function () {
+            return this.configParams.px_sensitive_graphql_operation_types;
+        },
+        enumerable: false,
+        configurable: true
+    });
     Object.defineProperty(StaticConfigurationBase.prototype, "enrichCustomParameters", {
         get: function () {
             return this.configParams.px_enrich_custom_parameters || null;

package/lib/context/ContextBase.d.ts

@@ -4,6 +4,7 @@ import { CustomParameters } from '../custom_parameters';
 import { FilterReason } from '../filter';
 import { IHttpRequest, HttpHeaders } from '../http';
 import { PXDE } from '../pxde';
+import { GraphQLData } from '../graphql';
 import { IBotDefenderToken, TokenOrigin } from '../risk_token';
 import { VidSource, PassReason, ICookieParser, IUuidGenerator } from '../utils';
 import { IContext, MobileData, RequestData, ResponseData, RiskApiData, ServerData, TlsData } from './IContext';
@@ -35,21 +36,21 @@ export declare abstract class ContextBase<OptionsType extends ContextBaseOptions
     pxde?: PXDE;
     pxdeVerified?: boolean;
     customParameters?: CustomParameters;
+    graphqlData?: GraphQLData[];
     protected readonly config: IConfiguration;
     protected constructor(config: IConfiguration, request: IHttpRequest, options?: OptionsType);
     protected abstract createRiskToken(config: IConfiguration, cookies: Record<string, string>, options: OptionsType): IBotDefenderToken;
     protected createRequestData(config: IConfiguration, request: IHttpRequest, cookieParser?: ICookieParser): RequestData;
+    protected getCookies(cookieParser: ICookieParser, ...cookieHeaderValues: string[]): Record<string, string>;
     protected extractUserAgentFromHeader(config: IConfiguration, headers: HttpHeaders): string;
     protected extractIpFromHeader(config: IConfiguration, headers: HttpHeaders): string;
     protected isMonitored(config: IConfiguration, requestData: RequestData): boolean;
     protected isSensitive(config: IConfiguration, { url }: RequestData): boolean;
     protected isAllowedToBypassMonitor(config: IConfiguration, requestData: RequestData): boolean;
-    completeInitialization(): Promise<void>;
     protected setRiskTokenOnContext(config: IConfiguration, options: OptionsType): void;
     protected setMobileTokenOnContext(config: IConfiguration, mobileToken: string, options: OptionsType): void;
     protected setWebTokenOnContext(config: IConfiguration, options: OptionsType): void;
     protected setCookiesOnContext(): void;
     protected getMobileToken(config: IConfiguration, mobileToken: string, options: OptionsType): IBotDefenderToken;
-    protected handleCustomParameters(config: IConfiguration, request: IHttpRequest): Promise<void>;
     get isMobile(): boolean;
 }

package/lib/context/ContextBase.js

@@ -1,44 +1,7 @@
 "use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __generator = (this && this.__generator) || function (thisArg, body) {
-    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
-    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
-    function verb(n) { return function (v) { return step([n, v]); }; }
-    function step(op) {
-        if (f) throw new TypeError("Generator is already executing.");
-        while (_) try {
-            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
-            if (y = 0, t) op = [op[0] & 2, t.value];
-            switch (op[0]) {
-                case 0: case 1: t = op; break;
-                case 4: _.label++; return { value: op[1], done: false };
-                case 5: _.label++; y = op[1]; op = [0]; continue;
-                case 7: op = _.ops.pop(); _.trys.pop(); continue;
-                default:
-                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
-                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
-                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
-                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
-                    if (t[2]) _.ops.pop();
-                    _.trys.pop(); continue;
-            }
-            op = body.call(thisArg, _);
-        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
-        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
-    }
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ContextBase = void 0;
 var block_handler_1 = require("../block_handler");
-var custom_parameters_1 = require("../custom_parameters");
 var http_1 = require("../http");
 var risk_token_1 = require("../risk_token");
 var utils_1 = require("../utils");
@@ -63,18 +26,28 @@ var ContextBase = /** @class */ (function () {
         }
     }
     ContextBase.prototype.createRequestData = function (config, request, cookieParser) {
-        var _a;
+        var _a, _b;
         if (cookieParser === void 0) { cookieParser = new utils_1.DefaultCookieParser(); }
         var url = (0, utils_1.getDecodedUrl)(request.url);
         var method = request.method;
         var headers = request.headers;
-        var cookieHeaderValue = ((_a = request.headers.get(config.customCookieHeader || http_1.COOKIE_HEADER_NAME)) === null || _a === void 0 ? void 0 : _a[0]) || '';
-        var cookies = cookieHeaderValue ? cookieParser.parseCookies(cookieHeaderValue) : {};
+        var cookies = this.getCookies(cookieParser, (_a = request.headers.get(http_1.COOKIE_HEADER_NAME)) === null || _a === void 0 ? void 0 : _a[0], (_b = request.headers.get(config.customCookieHeader)) === null || _b === void 0 ? void 0 : _b[0]);
         var requestCookieNames = Object.keys(cookies);
         var userAgent = this.extractUserAgentFromHeader(config, headers);
         var ip = this.extractIpFromHeader(config, headers);
         return { url: url, method: method, headers: headers, cookies: cookies, ip: ip, userAgent: userAgent, requestCookieNames: requestCookieNames, request: request };
     };
+    ContextBase.prototype.getCookies = function (cookieParser) {
+        var cookieHeaderValues = [];
+        for (var _i = 1; _i < arguments.length; _i++) {
+            cookieHeaderValues[_i - 1] = arguments[_i];
+        }
+        var cookies = {};
+        cookieHeaderValues.forEach(function (value) {
+            Object.assign(cookies, value ? cookieParser.parseCookies(value) : null);
+        });
+        return cookies;
+    };
     ContextBase.prototype.extractUserAgentFromHeader = function (config, headers) {
         var _a;
         var userAgent = ((_a = headers === null || headers === void 0 ? void 0 : headers.get(http_1.USER_AGENT_HEADER_NAME)) === null || _a === void 0 ? void 0 : _a[0]) || '';
@@ -111,18 +84,6 @@ var ContextBase = /** @class */ (function () {
         return (config.bypassMonitorHeader &&
             ((_a = requestData.headers.get(config.bypassMonitorHeader)) === null || _a === void 0 ? void 0 : _a[0]) === utils_1.BYPASS_MONITOR_HEADER_VALUE);
     };
-    ContextBase.prototype.completeInitialization = function () {
-        return __awaiter(this, void 0, void 0, function () {
-            return __generator(this, function (_a) {
-                switch (_a.label) {
-                    case 0: return [4 /*yield*/, this.handleCustomParameters(this.config, this.requestData.request)];
-                    case 1:
-                        _a.sent();
-                        return [2 /*return*/];
-                }
-            });
-        });
-    };
     ContextBase.prototype.setRiskTokenOnContext = function (config, options) {
         var _a;
         var mobileToken = (_a = this.requestData.headers.get(utils_1.X_PX_AUTHORIZATION_HEADER_NAME)) === null || _a === void 0 ? void 0 : _a[0];
@@ -169,31 +130,6 @@ var ContextBase = /** @class */ (function () {
             return null;
         }
     };
-    ContextBase.prototype.handleCustomParameters = function (config, request) {
-        return __awaiter(this, void 0, void 0, function () {
-            var _a, _b, _c, e_1;
-            return __generator(this, function (_d) {
-                switch (_d.label) {
-                    case 0:
-                        if (!(config.enrichCustomParameters && typeof config.enrichCustomParameters === 'function')) return [3 /*break*/, 4];
-                        _d.label = 1;
-                    case 1:
-                        _d.trys.push([1, 3, , 4]);
-                        _a = this;
-                        _c = (_b = custom_parameters_1.CustomParametersUtils).normalizeCustomParams;
-                        return [4 /*yield*/, config.enrichCustomParameters(config.toParams(), request)];
-                    case 2:
-                        _a.customParameters = _c.apply(_b, [_d.sent()]);
-                        return [3 /*break*/, 4];
-                    case 3:
-                        e_1 = _d.sent();
-                        config.logger.error("unable to enrich custom params: ".concat(e_1));
-                        return [3 /*break*/, 4];
-                    case 4: return [2 /*return*/];
-                }
-            });
-        });
-    };
     Object.defineProperty(ContextBase.prototype, "isMobile", {
         get: function () {
             return this.tokenOrigin === risk_token_1.TokenOrigin.HEADER;

package/lib/context/IContext.d.ts

@@ -6,6 +6,7 @@ import { BlockAction, BlockReason } from '../block_handler';
 import { HttpHeaders, HttpMethod, IHttpRequest } from '../http';
 import { CustomParameters } from '../custom_parameters';
 import { PXDE } from '../pxde';
+import { GraphQLData } from '../graphql/model/GraphQLData';
 export declare type RequestData = {
     /**
      * The request URL.
@@ -253,8 +254,8 @@ export interface IContext {
      */
     customParameters?: CustomParameters;
     /**
-     * A function that completes context initialization. Should be called only if
-     * the request should not be filtered and is not first-party.
+     * An array of objects with information about the different GraphQL operations
+     * parsed from the request.
      */
-    completeInitialization(): Promise<void>;
+    graphqlData?: GraphQLData[];
 }

package/lib/custom_parameters/CustomParametersUtils.d.ts

@@ -1,4 +1,7 @@
+import { IConfiguration } from '../config';
+import { IContext } from '../context';
 import { CustomParameters } from './CustomParameters';
 export declare namespace CustomParametersUtils {
+    const handleCustomParameters: (config: IConfiguration, context: IContext) => Promise<void>;
     const normalizeCustomParams: (customParameters: Record<string, any>) => CustomParameters;
 }

package/lib/custom_parameters/CustomParametersUtils.js

@@ -1,8 +1,67 @@
 "use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (_) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.CustomParametersUtils = void 0;
 var CustomParametersUtils;
 (function (CustomParametersUtils) {
+    var _this = this;
+    CustomParametersUtils.handleCustomParameters = function (config, context) { return __awaiter(_this, void 0, void 0, function () {
+        var parameters, e_1;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0:
+                    if (!(config.enrichCustomParameters && typeof config.enrichCustomParameters === 'function')) return [3 /*break*/, 4];
+                    _a.label = 1;
+                case 1:
+                    _a.trys.push([1, 3, , 4]);
+                    return [4 /*yield*/, config.enrichCustomParameters(config.toParams(), context.requestData.request)];
+                case 2:
+                    parameters = _a.sent();
+                    context.customParameters = CustomParametersUtils.normalizeCustomParams(parameters);
+                    return [3 /*break*/, 4];
+                case 3:
+                    e_1 = _a.sent();
+                    config.logger.error("unable to enrich custom params: ".concat(e_1));
+                    return [3 /*break*/, 4];
+                case 4: return [2 /*return*/];
+            }
+        });
+    }); };
     CustomParametersUtils.normalizeCustomParams = function (customParameters) {
         var normalizedParams = {};
         if (customParameters && typeof customParameters === 'object') {

package/lib/enforcer/EnforcerBase.d.ts

@@ -10,6 +10,7 @@ import { ITelemetry } from '../telemetry';
 import { IBlockResponseGenerator } from '../block_handler';
 import { TokenVersion } from '../risk_token';
 import { IActivityClient } from '../activities';
+import { IGraphQLParser } from '../graphql';
 export declare type EnforcerBaseOptions = {
     tokenVersion?: TokenVersion;
     dataEnrichment?: IDataEnrichment;
@@ -20,6 +21,7 @@ export declare type EnforcerBaseOptions = {
     hashUtils?: IHashUtils;
     cipherUtils?: ICipherUtils;
     blockGenerator?: IBlockResponseGenerator;
+    graphqlParser?: IGraphQLParser;
 } & ({
     httpClient: IHttpClient;
     firstParty?: IFirstParty;
@@ -43,6 +45,7 @@ export declare abstract class EnforcerBase<EnforceArgs extends any[], Req, Res>
     protected riskApiScoreRetriever: IScoreRetriever;
     protected blockGenerator: IBlockResponseGenerator;
     protected activityClient: IActivityClient;
+    protected graphQLParser?: IGraphQLParser;
     /**
      * Returns the original Req object in case the module is disabled or an error is thrown.
      * @param args - The EnforceArgs required to enforce the incoming request.
@@ -65,7 +68,7 @@ export declare abstract class EnforcerBase<EnforceArgs extends any[], Req, Res>
      * @returns IContext - The context for the request.
      * @protected
      */
-    protected abstract retrieveContext(req: Req, res: Res, ...args: EnforceArgs): IContext;
+    protected abstract retrieveContext(req: Req, res: Res, ...args: EnforceArgs): IContext | null;
     /**
      * Converts the IHttpRequest object into the Req object.
      * @param httpRequest - The IHttpRequest object.
@@ -118,6 +121,8 @@ export declare abstract class EnforcerBase<EnforceArgs extends any[], Req, Res>
     protected handleFirstParty(context: IContext): Promise<IHttpResponse>;
     protected handleFilter(context: IContext): boolean;
     protected handleCompleteContextInitialization(context: IContext): Promise<void>;
+    protected handleGraphQL(context: IContext): Promise<void>;
+    protected handleEnrichCustomParameters(context: IContext): Promise<void>;
     protected handleTelemetryIfNeeded(context: IContext): Promise<void>;
     protected handlePxde(context: IContext): Promise<void>;
     protected handleCookieRetrieverIfNeeded(context: IContext): Promise<void>;

package/lib/enforcer/EnforcerBase.js

@@ -57,6 +57,8 @@ var block_handler_1 = require("../block_handler");
 var risk_token_1 = require("../risk_token");
 var risk_api_1 = require("../risk_api");
 var activities_1 = require("../activities");
+var graphql_1 = require("../graphql");
+var custom_parameters_1 = require("../custom_parameters");
 var EnforcerBase = /** @class */ (function () {
     /**
      * The EnforcerBase constructor.
@@ -72,6 +74,9 @@ var EnforcerBase = /** @class */ (function () {
         this.cookieScoreRetriever = options.cookieScoreRetriever || new risk_token_1.RiskTokenScoreRetriever(this.config);
         this.blockGenerator = options.blockGenerator || new block_handler_1.DefaultBlockResponseGenerator(this.config, base64Utils);
         this.dataEnrichment = options.dataEnrichment || new pxde_1.DefaultDataEnrichment(this.config, base64Utils, hashUtils);
+        this.graphQLParser = this.config.graphqlEnabled
+            ? options.graphqlParser || new graphql_1.DefaultGraphQLParser(this.config)
+            : null;
         var httpClient = options.httpClient;
         this.firstParty = options.firstParty || new first_party_1.DefaultFirstParty(this.config, httpClient);
         this.telemetry = options.telemetry || new telemetry_1.DefaultTelemetry(this.config, httpClient, base64Utils, hashUtils);
@@ -151,23 +156,29 @@ var EnforcerBase = /** @class */ (function () {
                     case 3:
                         _a.sent();
                         this.config.logger.debug('context initialization complete');
-                        return [4 /*yield*/, this.handleTelemetryIfNeeded(context)];
+                        return [4 /*yield*/, this.handleGraphQL(context)];
                     case 4:
                         _a.sent();
-                        return [4 /*yield*/, this.handlePxde(context)];
+                        return [4 /*yield*/, this.handleEnrichCustomParameters(context)];
                     case 5:
                         _a.sent();
-                        return [4 /*yield*/, this.handleCookieRetrieverIfNeeded(context)];
+                        return [4 /*yield*/, this.handleTelemetryIfNeeded(context)];
                     case 6:
                         _a.sent();
-                        return [4 /*yield*/, this.handleRiskApiIfNeeded(context)];
+                        return [4 /*yield*/, this.handlePxde(context)];
                     case 7:
                         _a.sent();
-                        return [4 /*yield*/, this.handleAdditionalActivityHandler(context)];
+                        return [4 /*yield*/, this.handleCookieRetrieverIfNeeded(context)];
                     case 8:
                         _a.sent();
-                        return [4 /*yield*/, this.handleBlockResponse(context)];
+                        return [4 /*yield*/, this.handleRiskApiIfNeeded(context)];
                     case 9:
+                        _a.sent();
+                        return [4 /*yield*/, this.handleAdditionalActivityHandler(context)];
+                    case 10:
+                        _a.sent();
+                        return [4 /*yield*/, this.handleBlockResponse(context)];
+                    case 11:
                         httpResponse = _a.sent();
                         if (httpResponse) {
                             this.config.logger.debug("blocking request due to ".concat(context.blockReason));
@@ -204,10 +215,33 @@ var EnforcerBase = /** @class */ (function () {
         return this.filter.shouldFilter(context);
     };
     EnforcerBase.prototype.handleCompleteContextInitialization = function (context) {
+        return __awaiter(this, void 0, void 0, function () {
+            return __generator(this, function (_a) {
+                return [2 /*return*/];
+            });
+        });
+    };
+    EnforcerBase.prototype.handleGraphQL = function (context) {
+        var _a;
+        return __awaiter(this, void 0, void 0, function () {
+            return __generator(this, function (_b) {
+                switch (_b.label) {
+                    case 0:
+                        if (!((_a = this.graphQLParser) === null || _a === void 0 ? void 0 : _a.isGraphQLRequest(context))) return [3 /*break*/, 2];
+                        return [4 /*yield*/, this.graphQLParser.parseGraphQLRequest(context)];
+                    case 1:
+                        _b.sent();
+                        _b.label = 2;
+                    case 2: return [2 /*return*/];
+                }
+            });
+        });
+    };
+    EnforcerBase.prototype.handleEnrichCustomParameters = function (context) {
         return __awaiter(this, void 0, void 0, function () {
             return __generator(this, function (_a) {
                 switch (_a.label) {
-                    case 0: return [4 /*yield*/, context.completeInitialization()];
+                    case 0: return [4 /*yield*/, custom_parameters_1.CustomParametersUtils.handleCustomParameters(this.config, context)];
                     case 1:
                         _a.sent();
                         return [2 /*return*/];

package/lib/first_party/DefaultFirstParty.js

@@ -153,7 +153,7 @@ var DefaultFirstParty = /** @class */ (function () {
                     case 1: return [2 /*return*/, _b.sent()];
                     case 2:
                         e_1 = _b.sent();
-                        this.config.logger.debug("failed sending first party request to ".concat(url));
+                        this.config.logger.debug("failed sending first party request to ".concat(url, ": ").concat(e_1));
                         return [2 /*return*/, null];
                     case 3: return [2 /*return*/];
                 }

package/lib/graphql/DefaultGraphQLParser.d.ts

@@ -0,0 +1,19 @@
+import { IContext } from '../context/IContext';
+import { IConfiguration } from '../config';
+import { IGraphQLParser } from './IGraphQLParser';
+export declare class DefaultGraphQLParser implements IGraphQLParser {
+    private readonly logger;
+    private readonly graphqlRoutes;
+    private readonly sensitiveOperationTypes;
+    private readonly sensitiveOperationNames;
+    constructor(config: IConfiguration);
+    isGraphQLRequest({ requestData }: IContext): boolean;
+    parseGraphQLRequest(context: IContext): Promise<boolean>;
+    private getGraphQLOperationsFromBody;
+    private parseGraphQLOperations;
+    private parseGraphQlOperation;
+    private getOperationNameToTypeMap;
+    private getGraphQLData;
+    private isSensitiveOperation;
+    private extractGraphQLVariableNames;
+}

package/lib/graphql/DefaultGraphQLParser.js

@@ -0,0 +1,183 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (_) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DefaultGraphQLParser = void 0;
+var http_1 = require("../http");
+var GraphQLOperationType_1 = require("./model/GraphQLOperationType");
+var utils_1 = require("../utils");
+var DefaultGraphQLParser = /** @class */ (function () {
+    function DefaultGraphQLParser(config) {
+        this.logger = config.logger;
+        this.graphqlRoutes = config.graphqlRoutes;
+        this.sensitiveOperationNames = config.sensitiveGraphqlOperationNames;
+        this.sensitiveOperationTypes = config.sensitiveGraphqlOperationTypes;
+    }
+    DefaultGraphQLParser.prototype.isGraphQLRequest = function (_a) {
+        var requestData = _a.requestData;
+        return (requestData.method === http_1.HttpMethod.POST && (0, utils_1.isRouteInPatterns)(requestData.url.pathname, this.graphqlRoutes));
+    };
+    DefaultGraphQLParser.prototype.parseGraphQLRequest = function (context) {
+        return __awaiter(this, void 0, void 0, function () {
+            var graphQLOperations, data, e_1;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        _a.trys.push([0, 2, , 3]);
+                        return [4 /*yield*/, this.getGraphQLOperationsFromBody(context.requestData)];
+                    case 1:
+                        graphQLOperations = _a.sent();
+                        if (!graphQLOperations) {
+                            this.logger.debug('unable to get graphql operations from request body');
+                            return [2 /*return*/, false];
+                        }
+                        data = this.parseGraphQLOperations(graphQLOperations);
+                        if (!data || data.length === 0) {
+                            this.logger.debug('unable to parse graphql operations');
+                            return [2 /*return*/, false];
+                        }
+                        this.logger.debug("".concat(data.length, " graphql operation").concat(data.length === 1 ? '' : 's', " parsed successfully"));
+                        context.graphqlData = data;
+                        context.isSensitiveRequest = context.isSensitiveRequest || data.some(function (operation) { return operation.sensitive; });
+                        return [2 /*return*/, true];
+                    case 2:
+                        e_1 = _a.sent();
+                        this.logger.debug("error parsing graphql request: ".concat(e_1));
+                        return [2 /*return*/, false];
+                    case 3: return [2 /*return*/];
+                }
+            });
+        });
+    };
+    DefaultGraphQLParser.prototype.getGraphQLOperationsFromBody = function (_a) {
+        var request = _a.request;
+        return __awaiter(this, void 0, void 0, function () {
+            var body;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
+                    case 0: return [4 /*yield*/, request.readBody()];
+                    case 1:
+                        body = _b.sent();
+                        if (typeof body === 'string') {
+                            try {
+                                body = JSON.parse(body);
+                            }
+                            catch (e) {
+                                this.logger.debug("unable to parse string body: ".concat(e));
+                            }
+                        }
+                        if (!body || typeof body !== 'object') {
+                            return [2 /*return*/, null];
+                        }
+                        return [2 /*return*/, Array.isArray(body) ? body : [body]];
+                }
+            });
+        });
+    };
+    DefaultGraphQLParser.prototype.parseGraphQLOperations = function (operations) {
+        var _this = this;
+        return operations.map(function (operation) { return _this.parseGraphQlOperation(operation); }).filter(function (x) { return x; });
+    };
+    DefaultGraphQLParser.prototype.parseGraphQlOperation = function (operation) {
+        if (!operation.query || typeof operation.query !== 'string') {
+            return null;
+        }
+        var operationNameToTypeMap = this.getOperationNameToTypeMap(operation.query);
+        if (!operationNameToTypeMap) {
+            return null;
+        }
+        return this.getGraphQLData(operationNameToTypeMap, operation);
+    };
+    DefaultGraphQLParser.prototype.getOperationNameToTypeMap = function (query) {
+        var operationTypesString = Object.values(GraphQLOperationType_1.GraphQLOperationType).join('|');
+        var pattern = new RegExp("\\s*(".concat(operationTypesString, ")\\s+(\\w+)"), 'gm');
+        var match;
+        var map = {};
+        while ((match = pattern.exec(query)) !== null) {
+            var operationType = match[1];
+            var operationName = match[2];
+            if (map[operationName]) {
+                // query contains two operations with the same name which is illegal
+                return null;
+            }
+            else {
+                map[operationName] = operationType;
+            }
+        }
+        return map;
+    };
+    DefaultGraphQLParser.prototype.getGraphQLData = function (operationNameToTypeMap, operation) {
+        var name = operation.operationName ||
+            (Object.keys(operationNameToTypeMap).length === 1 ? Object.keys(operationNameToTypeMap)[0] : undefined);
+        var type = operationNameToTypeMap[name];
+        if (!type && /^\s*{/.test(operation.query)) {
+            type = GraphQLOperationType_1.GraphQLOperationType.QUERY;
+        }
+        if (!type) {
+            return null;
+        }
+        var data = { name: name, type: type };
+        if (this.isSensitiveOperation(name, type)) {
+            data.sensitive = true;
+        }
+        if (operation.variables && typeof operation.variables === 'object') {
+            data.variables = this.extractGraphQLVariableNames(operation.variables);
+        }
+        return data;
+    };
+    DefaultGraphQLParser.prototype.isSensitiveOperation = function (operationName, operationType) {
+        return (this.sensitiveOperationTypes.some(function (type) { return type === operationType; }) ||
+            this.sensitiveOperationNames.some(function (name) { return name === operationName; }));
+    };
+    DefaultGraphQLParser.prototype.extractGraphQLVariableNames = function (variables) {
+        var processVariables = function (variablesObj, prefix) {
+            return Object.entries(variablesObj).reduce(function (total, _a) {
+                var key = _a[0], value = _a[1];
+                if (!value || typeof value !== 'object' || Object.keys(value).length === 0) {
+                    total.push(prefix + key);
+                    return total;
+                }
+                else {
+                    return total.concat(processVariables(value, "".concat(prefix).concat(key, ".")));
+                }
+            }, []);
+        };
+        return processVariables(variables, '');
+    };
+    return DefaultGraphQLParser;
+}());
+exports.DefaultGraphQLParser = DefaultGraphQLParser;

package/lib/graphql/IGraphQLParser.d.ts

@@ -0,0 +1,5 @@
+import { IContext } from '../context';
+export interface IGraphQLParser {
+    isGraphQLRequest(context: IContext): boolean;
+    parseGraphQLRequest(context: IContext): Promise<boolean>;
+}

package/lib/graphql/IGraphQLParser.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/graphql/index.d.ts

@@ -0,0 +1,5 @@
+export { GraphQLOperationType } from './model/GraphQLOperationType';
+export { GraphQLOperation } from './model/GraphQLOperation';
+export { GraphQLData } from './model/GraphQLData';
+export { IGraphQLParser } from './IGraphQLParser';
+export { DefaultGraphQLParser } from './DefaultGraphQLParser';

package/lib/graphql/index.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DefaultGraphQLParser = exports.GraphQLOperationType = void 0;
+var GraphQLOperationType_1 = require("./model/GraphQLOperationType");
+Object.defineProperty(exports, "GraphQLOperationType", { enumerable: true, get: function () { return GraphQLOperationType_1.GraphQLOperationType; } });
+var DefaultGraphQLParser_1 = require("./DefaultGraphQLParser");
+Object.defineProperty(exports, "DefaultGraphQLParser", { enumerable: true, get: function () { return DefaultGraphQLParser_1.DefaultGraphQLParser; } });

package/lib/graphql/model/GraphQLData.d.ts

@@ -0,0 +1,7 @@
+import { GraphQLOperationType } from './GraphQLOperationType';
+export declare type GraphQLData = {
+    type: GraphQLOperationType;
+    name?: string;
+    sensitive?: boolean;
+    variables?: string[];
+};

package/lib/graphql/model/GraphQLData.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/graphql/model/GraphQLOperation.d.ts

@@ -0,0 +1,5 @@
+export declare type GraphQLOperation = {
+    query: string;
+    operationName?: string;
+    variables?: Record<string, unknown>;
+};

package/lib/graphql/model/GraphQLOperation.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/graphql/model/GraphQLOperationType.d.ts

@@ -0,0 +1,5 @@
+export declare enum GraphQLOperationType {
+    QUERY = "query",
+    MUTATION = "mutation",
+    SUBSCRIPTION = "subscription"
+}

package/lib/graphql/model/GraphQLOperationType.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GraphQLOperationType = void 0;
+var GraphQLOperationType;
+(function (GraphQLOperationType) {
+    GraphQLOperationType["QUERY"] = "query";
+    GraphQLOperationType["MUTATION"] = "mutation";
+    GraphQLOperationType["SUBSCRIPTION"] = "subscription";
+})(GraphQLOperationType = exports.GraphQLOperationType || (exports.GraphQLOperationType = {}));

package/lib/http/utils/HttpHeaders.d.ts

@@ -1,6 +1,7 @@
 export declare type HttpHeadersInit = Record<string, string[]>;
 export declare class HttpHeaders {
     private readonly headers;
+    static from(headers: Headers): HttpHeaders;
     /**
      * Constructs a new instance of the HttpHeaders class.
      * @param init - Optional header names and values with which to initialize the HttpHeaders instance.
@@ -41,11 +42,12 @@ export declare class HttpHeaders {
      * @returns object - An object representing the current state of the HttpHeaders instance. The keys are the header
      * names (all lowercase), and the values are arrays of all the associated header values.
      */
-    toObject(): Record<string, string[]>;
+    toObject(joinDelimiter?: string): Record<string, string | string[]>;
     /**
      * Iterates through all headers and applies a callback function to each one.
      * @param callbackFn - The callback function to be applied on every header.
      */
     forEach(callbackFn: (values: readonly string[], name: string) => void): void;
     private toKey;
+    entries(delimiter?: string): [string, string][];
 }

package/lib/http/utils/HttpHeaders.js

@@ -19,6 +19,13 @@ var HttpHeaders = /** @class */ (function () {
         var _this = this;
         this.headers = init ? new Map(Object.keys(init).map(function (name) { return [_this.toKey(name), init[name]]; })) : new Map();
     }
+    HttpHeaders.from = function (headers) {
+        var ret = new HttpHeaders();
+        headers.forEach(function (value, key) {
+            ret.append(key, value);
+        });
+        return ret;
+    };
     /**
      * Retrieves the values associated with the provided header name. If no header exists, it returns undefined.
      * @param name - The case-insensitive header name.
@@ -84,10 +91,10 @@ var HttpHeaders = /** @class */ (function () {
      * @returns object - An object representing the current state of the HttpHeaders instance. The keys are the header
      * names (all lowercase), and the values are arrays of all the associated header values.
      */
-    HttpHeaders.prototype.toObject = function () {
+    HttpHeaders.prototype.toObject = function (joinDelimiter) {
         var obj = {};
         this.forEach(function (values, name) {
-            obj[name] = __spreadArray([], values, true);
+            obj[name] = joinDelimiter ? values.join(joinDelimiter) : __spreadArray([], values, true);
         });
         return obj;
     };
@@ -101,6 +108,16 @@ var HttpHeaders = /** @class */ (function () {
     HttpHeaders.prototype.toKey = function (name) {
         return name.toLowerCase();
     };
+    HttpHeaders.prototype.entries = function (delimiter) {
+        if (delimiter === void 0) { delimiter = ','; }
+        var ret = [];
+        this.headers.forEach(function (values, headerName) {
+            if (values === null || values === void 0 ? void 0 : values.length) {
+                ret.push([headerName, values.join(delimiter)]);
+            }
+        });
+        return ret;
+    };
     return HttpHeaders;
 }());
 exports.HttpHeaders = HttpHeaders;

package/lib/index.d.ts

@@ -7,6 +7,7 @@ export * from './custom_parameters';
 export * from './enforcer';
 export * from './filter';
 export * from './first_party';
+export * from './graphql';
 export * from './http';
 export * from './logger';
 export * from './pxde';

package/lib/index.js

@@ -23,6 +23,7 @@ __exportStar(require("./custom_parameters"), exports);
 __exportStar(require("./enforcer"), exports);
 __exportStar(require("./filter"), exports);
 __exportStar(require("./first_party"), exports);
+__exportStar(require("./graphql"), exports);
 __exportStar(require("./http"), exports);
 __exportStar(require("./logger"), exports);
 __exportStar(require("./pxde"), exports);

package/lib/risk_api/PostRiskApiClient.js

@@ -37,7 +37,7 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PostRiskApiClient = void 0;
-var TokenOrigin_1 = require("../risk_token/TokenOrigin");
+var risk_token_1 = require("../risk_token");
 var http_1 = require("../http");
 var utils_1 = require("../utils");
 var S2SCallReason_1 = require("./S2SCallReason");
@@ -136,7 +136,7 @@ var PostRiskApiClient = /** @class */ (function () {
                 http_method: context.requestData.method,
                 http_version: context.requestData.httpVersion,
                 risk_mode: context.isMonitoredRequest ? utils_1.ModuleMode.MONITOR : utils_1.ModuleMode.ACTIVE_BLOCKING,
-                cookie_origin: context.tokenOrigin || TokenOrigin_1.TokenOrigin.COOKIE,
+                cookie_origin: context.tokenOrigin || risk_token_1.TokenOrigin.COOKIE,
                 request_cookie_names: context.requestData.requestCookieNames,
                 request_id: context.requestId,
             },
@@ -169,6 +169,7 @@ var PostRiskApiClient = /** @class */ (function () {
     PostRiskApiClient.prototype.addOptionalRiskFieldsToAdditional = function (riskActivity, context) {
         (0, utils_1.transferExistingProperties)(context, riskActivity.additional, {
             vidSource: 'enforcer_vid_source',
+            graphqlData: 'graphql_operations',
         });
         (0, utils_1.transferExistingProperties)(context.serverData, riskActivity.additional, {
             region: 'server_info_region',
@@ -197,11 +198,13 @@ var PostRiskApiClient = /** @class */ (function () {
     PostRiskApiClient.prototype.addCookieRiskFieldsToAdditional = function (riskActivity, _a) {
         var riskToken = _a.riskToken;
         if (riskToken) {
-            riskActivity.additional.px_orig_cookie = riskToken.getCookieString();
             if (riskToken.isValid()) {
                 riskActivity.additional.px_cookie = riskToken.getPayloadString();
                 riskActivity.additional.px_cookie_hmac = riskToken.hmac;
             }
+            else {
+                riskActivity.additional.px_orig_cookie = riskToken.getCookieString();
+            }
         }
     };
     PostRiskApiClient.prototype.formatRiskHeadersField = function (headers) {

package/lib/risk_api/model/RiskActivity.d.ts

@@ -1,6 +1,7 @@
 import { ModuleMode, VidSource } from '../../utils';
 import { TokenOrigin } from '../../risk_token';
 import { CustomParameters } from '../../custom_parameters';
+import { GraphQLData } from '../../graphql/';
 import { S2SCallReason } from '../S2SCallReason';
 export declare type HeaderEntry = {
     name: string;
@@ -40,6 +41,7 @@ export declare type RiskAdditionalData = {
     cross_tab_session?: string;
     app_user_id?: string;
     jwt_additional_fields?: string[];
+    graphql_operations?: GraphQLData[];
 } & CustomParameters;
 export declare type RiskActivity = {
     vid?: string;

package/lib/risk_api/model/RiskResponseV2.d.ts

@@ -1,8 +1,10 @@
 import { RiskStatus } from './RiskStatus';
 import { PXDE } from '../../pxde';
+import { BlockAction } from '../../block_handler';
 export declare type RiskResponseV2 = {
     status: RiskStatus;
     cookie_cfg_block_result?: '0' | '1';
+    action?: BlockAction;
     uuid?: string;
     pxhd?: string;
     message?: string;

package/lib/risk_api/risk_response_handler/RiskResponseV2Handler.js

@@ -35,6 +35,7 @@ var RiskResponseV2Handler = /** @class */ (function (_super) {
         (0, utils_1.transferExistingProperties)(riskResponse, context, {
             uuid: 'uuid',
             pxhd: 'pxhd',
+            action: 'blockAction',
             data_enrichment: 'pxde',
         });
         if (riskResponse.data_enrichment) {

package/lib/utils/constants.d.ts

@@ -7,4 +7,4 @@ export declare const BYPASS_MONITOR_HEADER_VALUE = "1";
 export declare const X_PX_AUTHORIZATION_HEADER_NAME = "x-px-authorization";
 export declare const X_PX_ORIGINAL_TOKEN_HEADER_NAME = "x-px-original-token";
 export declare const X_PX_BYPASS_REASON_HEADER_NAME = "x-px-bypass-reason";
-export declare const CORE_MODULE_VERSION = "JS Core 0.2.0";
+export declare const CORE_MODULE_VERSION = "JS Core 0.3.0";

package/lib/utils/constants.js

@@ -10,4 +10,4 @@ exports.BYPASS_MONITOR_HEADER_VALUE = '1';
 exports.X_PX_AUTHORIZATION_HEADER_NAME = 'x-px-authorization';
 exports.X_PX_ORIGINAL_TOKEN_HEADER_NAME = 'x-px-original-token';
 exports.X_PX_BYPASS_REASON_HEADER_NAME = 'x-px-bypass-reason';
-exports.CORE_MODULE_VERSION = 'JS Core 0.2.0';
+exports.CORE_MODULE_VERSION = 'JS Core 0.3.0';

package/lib/utils/utils.js

@@ -104,7 +104,7 @@ var isRouteMatch = function (route, pattern) {
     if (!route || !pattern) {
         return false;
     }
-    if (pattern instanceof RegExp && route.match(pattern)) {
+    if (pattern instanceof RegExp && pattern.test(route)) {
         return true;
     }
     if (typeof pattern === 'string' && route.startsWith(pattern)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "perimeterx-js-core",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",
@@ -39,7 +39,6 @@
     "core-js": "^3.19.1",
     "eslint": "^8.25.0",
     "eslint-config-prettier": "^8.5.0",
-    "eslint-plugin-no-loops": "^0.3.0",
     "eslint-plugin-prettier": "^4.2.1",
     "husky": "^8.0.3",
     "lint-staged": "^13.1.0",