perimeterx-js-core 0.5.0 → 0.5.1

package/lib/activities/utils.js

@@ -5,12 +5,13 @@ var utils_1 = require("../utils");
 var ActivityType_1 = require("./ActivityType");
 var http_1 = require("../http");
 var createActivity = function (activityType, config, context) {
+    var _a;
     return {
         type: activityType,
         px_app_id: config.appId,
         url: context.requestData.url.href,
         headers: (0, http_1.joinHeaderValues)((0, utils_1.removeSensitiveHeaders)(context.requestData.headers, config.sensitiveHeaders)),
-        pxhd: context.pxhd,
+        pxhd: (_a = context.pxhd) === null || _a === void 0 ? void 0 : _a.value,
         socket_ip: context.requestData.ip,
         timestamp: Date.now(),
         vid: context.vid,

package/lib/block_handler/DefaultBlockResponseGenerator.d.ts

@@ -1,8 +1,8 @@
 import { IContext } from '../context';
 import { IConfiguration } from '../config';
+import { IMinimalResponse } from '../http';
 import { IBase64Utils } from '../utils';
 import { IBlockResponseGenerator } from './IBlockResponseGenerator';
-import { IMinimalResponse } from '../http';
 export declare class DefaultBlockResponseGenerator implements IBlockResponseGenerator {
     private readonly config;
     private readonly captchaResponseGenerator;

package/lib/block_handler/DefaultBlockResponseGenerator.js

@@ -6,7 +6,7 @@ var http_1 = require("../http");
 var BlockAction_1 = require("./BlockAction");
 var CaptchaBlockResponseGenerator_1 = require("./captcha/CaptchaBlockResponseGenerator");
 var rate_limit_template_1 = require("./templates/rate_limit_template");
-var http_2 = require("../http");
+var PXHDSource_1 = require("../pxhd/model/PXHDSource");
 var DefaultBlockResponseGenerator = /** @class */ (function () {
     function DefaultBlockResponseGenerator(config, base64Utils) {
         this.config = config;
@@ -16,6 +16,7 @@ var DefaultBlockResponseGenerator = /** @class */ (function () {
         return !context.isMonitoredRequest && !!context.blockReason;
     };
     DefaultBlockResponseGenerator.prototype.generateBlockResponse = function (context) {
+        var _a;
         var res;
         switch (context.blockAction) {
             case BlockAction_1.BlockAction.RATE_LIMIT:
@@ -27,7 +28,12 @@ var DefaultBlockResponseGenerator = /** @class */ (function () {
                 res = this.generateCaptchaResponse(context);
                 break;
         }
-        return pxhd_1.PXHDUtils.addPxhdToMinimalResponse(context, res);
+        if (((_a = context.pxhd) === null || _a === void 0 ? void 0 : _a.source) == PXHDSource_1.PXHDSource.RISK) {
+            return pxhd_1.PXHDUtils.addPxhdToMinimalResponse(context, res);
+        }
+        else {
+            return res;
+        }
     };
     DefaultBlockResponseGenerator.prototype.generateRateLimitResponse = function () {
         var _a;
@@ -35,7 +41,7 @@ var DefaultBlockResponseGenerator = /** @class */ (function () {
         var headers = (_a = {},
             _a[http_1.CONTENT_TYPE_HEADER_NAME] = [http_1.ContentType.TEXT_HTML],
             _a);
-        return new http_2.MinimalResponseImpl({
+        return new http_1.MinimalResponseImpl({
             body: rate_limit_template_1.RATE_LIMIT_TEMPLATE,
             status: status,
             headers: headers,

package/lib/config/ConfigurationParams.d.ts

@@ -1,5 +1,6 @@
 import { CustomParametersFunction } from '../custom_parameters';
 import { AdditionalActivityHandler } from '../additional_activity_handler';
+import { CustomPreflightHandler, CustomBlockResponseHeadersHandler } from '../cors';
 export declare type ConfigurationParams = {
     px_app_id: string;
     px_auth_token: string;
@@ -62,8 +63,12 @@ export declare type ConfigurationParams = {
     px_graphql_routes?: string[];
     px_sensitive_graphql_operation_names?: string[];
     px_sensitive_graphql_operation_types?: Array<'query' | 'mutation' | 'subscription'>;
+    px_cors_support_enabled?: boolean;
+    px_cors_preflight_request_filter_enabled?: boolean;
     px_extract_ip?: () => {};
     px_additional_activity_handler?: AdditionalActivityHandler;
     px_enrich_custom_parameters?: CustomParametersFunction;
     px_login_successful_custom_callback?: () => {};
+    px_cors_custom_preflight_handler?: CustomPreflightHandler;
+    px_cors_create_custom_block_response_headers?: CustomBlockResponseHeadersHandler;
 };

package/lib/config/DefaultConfigurations.js

@@ -108,4 +108,8 @@ exports.DEFAULT_CONFIGURATIONS = {
     px_jwt_header_name: '',
     px_jwt_header_user_id_field_name: '',
     px_jwt_header_additional_field_names: [],
+    px_cors_support_enabled: false,
+    px_cors_custom_preflight_handler: null,
+    px_cors_preflight_request_filter_enabled: false,
+    px_cors_create_custom_block_response_headers: null,
 };

package/lib/config/IConfiguration.d.ts

@@ -3,6 +3,7 @@ import { ILogger, LoggerSeverity } from '../logger';
 import { CustomParametersFunction } from '../custom_parameters';
 import { AdditionalActivityHandler } from '../additional_activity_handler';
 import { ConfigurationParams } from './ConfigurationParams';
+import { CustomPreflightHandler, CustomBlockResponseHeadersHandler } from '../cors';
 export interface IConfiguration<ParamsType extends ConfigurationParams = ConfigurationParams> {
     /**
      * The application ID.
@@ -195,4 +196,20 @@ export interface IConfiguration<ParamsType extends ConfigurationParams = Configu
      * Returns an object representation of the current configuration.
      */
     toParams(): ParamsType;
+    /**
+     * Whether cors support feature should be enabled.
+     */
+    readonly corsSupportEnabled: boolean;
+    /**
+     * Function that will be called for preflight requests and returns response that will be returned to the client.
+     */
+    readonly corsCustomPreflightHandler: CustomPreflightHandler;
+    /**
+     * Function that returns an object with custom headers to be added to the block response.
+     */
+    readonly corsCreateCustomBlockResponseHeaders: CustomBlockResponseHeadersHandler;
+    /**
+     * Whether preflight requests will be filtered out from the enforcer.
+     */
+    readonly corsPreflightRequestFilterEnabled: boolean;
 }

package/lib/config/StaticConfigurationBase.d.ts

@@ -4,6 +4,7 @@ import { CustomParametersFunction } from '../custom_parameters';
 import { AdditionalActivityHandler } from '../additional_activity_handler';
 import { ILogger, LoggerSeverity } from '../logger';
 import { ModuleMode } from '../utils';
+import { CustomBlockResponseHeadersHandler, CustomPreflightHandler } from '../cors';
 export declare abstract class StaticConfigurationBase<ParamsType extends ConfigurationParams = ConfigurationParams> implements IConfiguration<ParamsType> {
     protected readonly configParams: ParamsType;
     protected internalLogger: ILogger;
@@ -60,4 +61,8 @@ export declare abstract class StaticConfigurationBase<ParamsType extends Configu
     get enrichCustomParameters(): CustomParametersFunction;
     get additionalActivityHandler(): AdditionalActivityHandler;
     get altBackendCaptchaUrl(): string;
+    get corsSupportEnabled(): boolean;
+    get corsCustomPreflightHandler(): CustomPreflightHandler;
+    get corsPreflightRequestFilterEnabled(): boolean;
+    get corsCreateCustomBlockResponseHeaders(): CustomBlockResponseHeadersHandler;
 }

package/lib/config/StaticConfigurationBase.js

@@ -392,6 +392,34 @@ var StaticConfigurationBase = /** @class */ (function () {
         enumerable: false,
         configurable: true
     });
+    Object.defineProperty(StaticConfigurationBase.prototype, "corsSupportEnabled", {
+        get: function () {
+            return this.configParams.px_cors_support_enabled;
+        },
+        enumerable: false,
+        configurable: true
+    });
+    Object.defineProperty(StaticConfigurationBase.prototype, "corsCustomPreflightHandler", {
+        get: function () {
+            return this.configParams.px_cors_custom_preflight_handler || null;
+        },
+        enumerable: false,
+        configurable: true
+    });
+    Object.defineProperty(StaticConfigurationBase.prototype, "corsPreflightRequestFilterEnabled", {
+        get: function () {
+            return this.configParams.px_cors_preflight_request_filter_enabled;
+        },
+        enumerable: false,
+        configurable: true
+    });
+    Object.defineProperty(StaticConfigurationBase.prototype, "corsCreateCustomBlockResponseHeaders", {
+        get: function () {
+            return this.configParams.px_cors_create_custom_block_response_headers || null;
+        },
+        enumerable: false,
+        configurable: true
+    });
     return StaticConfigurationBase;
 }());
 exports.StaticConfigurationBase = StaticConfigurationBase;

package/lib/context/ContextBase.d.ts

@@ -1,13 +1,14 @@
 import { IConfiguration } from '../config';
-import { BlockReason, BlockAction } from '../block_handler';
+import { BlockAction, BlockReason } from '../block_handler';
 import { CustomParameters } from '../custom_parameters';
 import { FilterReason } from '../filter';
 import { PXDE } from '../pxde';
 import { GraphQLData } from '../graphql';
 import { IBotDefenderToken, TokenOrigin } from '../risk_token';
-import { ReadOnlyHeaders, IIncomingRequest } from '../http';
-import { VidSource, PassReason, ICookieParser, IUuidGenerator } from '../utils';
+import { IIncomingRequest, ReadOnlyHeaders } from '../http';
+import { ICookieParser, IUuidGenerator, PassReason, VidSource } from '../utils';
 import { IContext, MobileData, RequestData, ResponseData, RiskApiData, ServerData, TlsData } from './IContext';
+import { PXHD } from '../pxhd/model/PXHD';
 export declare type ContextBaseOptions = {
     cookieParser?: ICookieParser;
     uuidGenerator?: IUuidGenerator;
@@ -32,7 +33,7 @@ export declare abstract class ContextBase<OptionsType extends ContextBaseOptions
     filterReason?: FilterReason;
     tokenOrigin?: TokenOrigin;
     riskToken?: IBotDefenderToken;
-    pxhd?: string;
+    pxhd?: PXHD;
     pxde?: PXDE;
     pxdeVerified?: boolean;
     customParameters?: CustomParameters;

package/lib/context/ContextBase.js

@@ -5,6 +5,7 @@ var block_handler_1 = require("../block_handler");
 var risk_token_1 = require("../risk_token");
 var http_1 = require("../http");
 var utils_1 = require("../utils");
+var PXHDSource_1 = require("../pxhd/model/PXHDSource");
 var ContextBase = /** @class */ (function () {
     function ContextBase(config, request, options) {
         this.config = config;
@@ -107,7 +108,14 @@ var ContextBase = /** @class */ (function () {
     };
     ContextBase.prototype.setCookiesOnContext = function () {
         this.vid = this.requestData.cookies[utils_1.PXVID_COOKIE_NAME] || '';
-        this.pxhd = this.requestData.cookies[utils_1.PXHD_COOKIE_NAME] || '';
+        var cookiePxhd = this.requestData.cookies[utils_1.PXHD_COOKIE_NAME];
+        if (cookiePxhd) {
+            this.pxhd = {
+                value: cookiePxhd,
+                domain: null,
+                source: PXHDSource_1.PXHDSource.COOKIE,
+            };
+        }
     };
     ContextBase.prototype.getMobileToken = function (config, mobileToken, options) {
         var _a;

package/lib/context/IContext.d.ts

@@ -8,7 +8,8 @@ import { PXDE } from '../pxde';
 import { GraphQLData } from '../graphql';
 import { HttpMethod } from '../http';
 import { ReadOnlyHeaders } from '../http';
-import { IIncomingRequest } from '../http/interfaces/IIncomingRequest';
+import { IIncomingRequest } from '../http';
+import { PXHD } from '../pxhd/model/PXHD';
 export declare type RequestData = {
     /**
      * The request URL.
@@ -239,7 +240,7 @@ export interface IContext {
     /**
      * The PXHD (PerimeterX Hashed Data) cookie value, if it exists on the request.
      */
-    pxhd?: string;
+    pxhd?: PXHD;
     /**
      * The PXDE (PerimeterX Data Enrichment) object, if it was parsed from
      * the PXDE cookie or received on the risk response.

package/lib/cors/CustomBlockResponseHeadersHandler.d.ts

@@ -0,0 +1,2 @@
+import { IIncomingRequest, ReadOnlyHeaders } from '../http';
+export declare type CustomBlockResponseHeadersHandler = (httpRequest: IIncomingRequest) => ReadOnlyHeaders | Promise<ReadOnlyHeaders>;

package/lib/cors/CustomBlockResponseHeadersHandler.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/cors/CustomPreflightHandler.d.ts

@@ -0,0 +1,2 @@
+import { IMinimalResponse, IIncomingRequest } from '../http';
+export declare type CustomPreflightHandler = (httpRequest: IIncomingRequest) => IMinimalResponse | Promise<IMinimalResponse>;

package/lib/cors/CustomPreflightHandler.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/cors/DefaultCors.d.ts

@@ -0,0 +1,15 @@
+import { ICors } from './ICors';
+import { IConfiguration } from '../config';
+import { IContext } from '../context';
+import { ReadOnlyHeaders, IMinimalResponse } from '../http';
+export declare class DefaultCors implements ICors {
+    private readonly customBlockResponseHeaders;
+    private readonly customPreflightHandler;
+    private readonly logger;
+    constructor(config: IConfiguration);
+    isPreflightRequest(context: IContext): boolean;
+    runPreflightCustomHandler(context: IContext): Promise<IMinimalResponse>;
+    isCorsRequest(context: IContext): boolean;
+    getCorsBlockHeaders(context: IContext): Promise<ReadOnlyHeaders>;
+    getDefaultCorsHeaders(context: IContext): ReadOnlyHeaders;
+}

package/lib/cors/DefaultCors.js

@@ -0,0 +1,107 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (_) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DefaultCors = void 0;
+var constants_1 = require("./constants");
+var http_1 = require("../http");
+var DefaultCors = /** @class */ (function () {
+    function DefaultCors(config) {
+        this.customBlockResponseHeaders = config.corsCreateCustomBlockResponseHeaders;
+        this.customPreflightHandler = config.corsCustomPreflightHandler;
+        this.logger = config.logger;
+    }
+    DefaultCors.prototype.isPreflightRequest = function (context) {
+        var requestData = context.requestData;
+        return !!(requestData.method.toUpperCase() === http_1.HttpMethod.OPTIONS &&
+            requestData.headers[constants_1.ORIGIN_HEADER] &&
+            requestData.headers[constants_1.ACCESS_CONTROL_REQUEST_METHOD_HEADER]);
+    };
+    DefaultCors.prototype.runPreflightCustomHandler = function (context) {
+        return __awaiter(this, void 0, void 0, function () {
+            var e_1;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        if (!(this.customPreflightHandler && typeof this.customPreflightHandler === 'function')) return [3 /*break*/, 4];
+                        _a.label = 1;
+                    case 1:
+                        _a.trys.push([1, 3, , 4]);
+                        return [4 /*yield*/, this.customPreflightHandler(context.requestData.request)];
+                    case 2: return [2 /*return*/, _a.sent()];
+                    case 3:
+                        e_1 = _a.sent();
+                        this.logger.debug("Exception occurred while executing custom preflight handler: ".concat(e_1));
+                        return [3 /*break*/, 4];
+                    case 4: return [2 /*return*/, null];
+                }
+            });
+        });
+    };
+    DefaultCors.prototype.isCorsRequest = function (context) {
+        return !!context.requestData.headers[constants_1.ORIGIN_HEADER];
+    };
+    DefaultCors.prototype.getCorsBlockHeaders = function (context) {
+        return __awaiter(this, void 0, void 0, function () {
+            var e_2;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        if (!(this.customBlockResponseHeaders && typeof this.customBlockResponseHeaders === 'function')) return [3 /*break*/, 4];
+                        _a.label = 1;
+                    case 1:
+                        _a.trys.push([1, 3, , 4]);
+                        return [4 /*yield*/, this.customBlockResponseHeaders(context.requestData.request)];
+                    case 2: return [2 /*return*/, _a.sent()];
+                    case 3:
+                        e_2 = _a.sent();
+                        this.logger.debug("Exception occurred in px_cors_create_custom_block_response_headers custom function: ".concat(e_2));
+                        return [3 /*break*/, 4];
+                    case 4: return [2 /*return*/, this.getDefaultCorsHeaders(context)];
+                }
+            });
+        });
+    };
+    DefaultCors.prototype.getDefaultCorsHeaders = function (context) {
+        return {
+            'Access-Control-Allow-Origin': context.requestData.headers[constants_1.ORIGIN_HEADER],
+            'Access-Control-Allow-Credentials': ['true'],
+        };
+    };
+    return DefaultCors;
+}());
+exports.DefaultCors = DefaultCors;

package/lib/cors/ICors.d.ts

@@ -0,0 +1,26 @@
+import { IContext } from '../context';
+import { IMinimalResponse } from '../http';
+import { ReadOnlyHeaders } from '../http';
+export interface ICors {
+    /**
+     * @param context
+     * @returns boolean - Whether the request is preflight.
+     */
+    isPreflightRequest(context: IContext): boolean;
+    /**
+     * @param context- The request context.
+     * @returns IMinimalResponse- The response that return to client for preflight request.
+     */
+    runPreflightCustomHandler(context: IContext): Promise<IMinimalResponse> | null;
+    /**
+     * @param context- The request context.
+     * @returns boolean - Whether the request is CORS.
+     */
+    isCorsRequest(context: IContext): boolean;
+    /**
+     *
+     * @param context - The request context.
+     * @returns ReadOnlyHeaders - headers to be added to the block response.
+     */
+    getCorsBlockHeaders(context: IContext): Promise<ReadOnlyHeaders>;
+}

package/lib/cors/ICors.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/cors/constants.d.ts

@@ -0,0 +1,2 @@
+export declare const ORIGIN_HEADER = "origin";
+export declare const ACCESS_CONTROL_REQUEST_METHOD_HEADER = "access-control-request-method";

package/lib/cors/constants.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ACCESS_CONTROL_REQUEST_METHOD_HEADER = exports.ORIGIN_HEADER = void 0;
+exports.ORIGIN_HEADER = 'origin';
+exports.ACCESS_CONTROL_REQUEST_METHOD_HEADER = 'access-control-request-method';

package/lib/cors/index.d.ts

@@ -0,0 +1,5 @@
+export { ICors } from './ICors';
+export { CustomPreflightHandler } from './CustomPreflightHandler';
+export { CustomBlockResponseHeadersHandler } from './CustomBlockResponseHeadersHandler';
+export { DefaultCors } from './DefaultCors';
+export * from './constants';

package/lib/cors/index.js

@@ -0,0 +1,20 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DefaultCors = void 0;
+var DefaultCors_1 = require("./DefaultCors");
+Object.defineProperty(exports, "DefaultCors", { enumerable: true, get: function () { return DefaultCors_1.DefaultCors; } });
+__exportStar(require("./constants"), exports);

package/lib/enforcer/EnforcerBase.d.ts

@@ -10,7 +10,8 @@ import { IBlockResponseGenerator } from '../block_handler';
 import { TokenVersion } from '../risk_token';
 import { IActivityClient } from '../activities';
 import { IGraphQLParser } from '../graphql';
-import { IHttpClient, IOutgoingResponse, IMinimalResponse } from '../http';
+import { ICors } from '../cors';
+import { IHttpClient, IMinimalResponse, IOutgoingResponse } from '../http';
 export declare type EnforcerBaseOptions = {
     tokenVersion?: TokenVersion;
     dataEnrichment?: IDataEnrichment;
@@ -22,6 +23,7 @@ export declare type EnforcerBaseOptions = {
     cipherUtils?: ICipherUtils;
     blockGenerator?: IBlockResponseGenerator;
     graphqlParser?: IGraphQLParser;
+    cors?: ICors;
 } & ({
     httpClient: IHttpClient;
     firstParty?: IFirstParty;
@@ -46,6 +48,7 @@ export declare abstract class EnforcerBase<EnforceArgs extends any[], Req, Res>
     protected blockGenerator: IBlockResponseGenerator;
     protected activityClient: IActivityClient;
     protected graphQLParser?: IGraphQLParser;
+    protected cors?: ICors;
     /**
      * Returns the original Req object in case the module is disabled or an error is thrown.
      * @param args - The EnforceArgs required to enforce the incoming request.

package/lib/enforcer/EnforcerBase.js

@@ -59,6 +59,9 @@ var risk_api_1 = require("../risk_api");
 var activities_1 = require("../activities");
 var graphql_1 = require("../graphql");
 var custom_parameters_1 = require("../custom_parameters");
+var cors_1 = require("../cors");
+var MinimalResponseUtils_1 = require("../http/utils/MinimalResponseUtils");
+var PXHDSource_1 = require("../pxhd/model/PXHDSource");
 var EnforcerBase = /** @class */ (function () {
     /**
      * The EnforcerBase constructor.
@@ -90,6 +93,7 @@ var EnforcerBase = /** @class */ (function () {
             : new risk_api_1.RiskResponseV3Handler(this.config);
         this.riskApiScoreRetriever =
             options.riskApiScoreRetriever || new risk_api_1.PostRiskApiClient(this.config, httpClient, riskResponseHandler);
+        this.cors = this.config.corsSupportEnabled ? options.cors || new cors_1.DefaultCors(this.config) : null;
     }
     /**
      * The central function that triggers enforcement on the incoming request.
@@ -130,20 +134,21 @@ var EnforcerBase = /** @class */ (function () {
      * @protected
      */
     EnforcerBase.prototype.doEnforce = function () {
+        var _a;
         var args = [];
         for (var _i = 0; _i < arguments.length; _i++) {
             args[_i] = arguments[_i];
         }
         return __awaiter(this, void 0, void 0, function () {
-            var context, httpResponse;
-            return __generator(this, function (_a) {
-                switch (_a.label) {
+            var context, httpResponse, response;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
                     case 0: return [4 /*yield*/, this.createContext.apply(this, args)];
                     case 1:
-                        context = _a.sent();
+                        context = _b.sent();
                         return [4 /*yield*/, this.handleFirstParty(context)];
                     case 2:
-                        httpResponse = _a.sent();
+                        httpResponse = _b.sent();
                         if (httpResponse) {
                             this.config.logger.debug('returning first party response');
                             return [2 /*return*/, this.convertToRes(httpResponse)];
@@ -152,34 +157,47 @@ var EnforcerBase = /** @class */ (function () {
                             this.config.logger.debug("filtering due to ".concat(context.filterReason));
                             return [2 /*return*/, null];
                         }
-                        return [4 /*yield*/, this.handleCompleteContextInitialization(context)];
+                        if (!((_a = this.cors) === null || _a === void 0 ? void 0 : _a.isPreflightRequest(context))) return [3 /*break*/, 4];
+                        this.config.logger.debug("Preflight request");
+                        return [4 /*yield*/, this.cors.runPreflightCustomHandler(context)];
                     case 3:
-                        _a.sent();
+                        response = _b.sent();
+                        if (response) {
+                            return [2 /*return*/, this.convertToRes(response)];
+                        }
+                        if (this.config.corsPreflightRequestFilterEnabled) {
+                            this.config.logger.debug("Skipping verification due to preflight request");
+                            return [2 /*return*/, null];
+                        }
+                        _b.label = 4;
+                    case 4: return [4 /*yield*/, this.handleCompleteContextInitialization(context)];
+                    case 5:
+                        _b.sent();
                         this.config.logger.debug('context initialization complete');
                         return [4 /*yield*/, this.handleGraphQL(context)];
-                    case 4:
-                        _a.sent();
+                    case 6:
+                        _b.sent();
                         return [4 /*yield*/, this.handleEnrichCustomParameters(context)];
-                    case 5:
-                        _a.sent();
+                    case 7:
+                        _b.sent();
                         return [4 /*yield*/, this.handleTelemetryIfNeeded(context)];
-                    case 6:
-                        _a.sent();
+                    case 8:
+                        _b.sent();
                         return [4 /*yield*/, this.handlePxde(context)];
-                    case 7:
-                        _a.sent();
+                    case 9:
+                        _b.sent();
                         return [4 /*yield*/, this.handleCookieRetrieverIfNeeded(context)];
-                    case 8:
-                        _a.sent();
+                    case 10:
+                        _b.sent();
                         return [4 /*yield*/, this.handleRiskApiIfNeeded(context)];
-                    case 9:
-                        _a.sent();
+                    case 11:
+                        _b.sent();
                         return [4 /*yield*/, this.handleAdditionalActivityHandler(context)];
-                    case 10:
-                        _a.sent();
+                    case 12:
+                        _b.sent();
                         return [4 /*yield*/, this.handleBlockResponse(context)];
-                    case 11:
-                        httpResponse = _a.sent();
+                    case 13:
+                        httpResponse = _b.sent();
                         if (httpResponse) {
                             this.config.logger.debug("blocking request due to ".concat(context.blockReason));
                             return [2 /*return*/, this.convertToRes(httpResponse)];
@@ -322,16 +340,28 @@ var EnforcerBase = /** @class */ (function () {
         });
     };
     EnforcerBase.prototype.handleBlockResponse = function (context) {
+        var _a;
         return __awaiter(this, void 0, void 0, function () {
-            return __generator(this, function (_a) {
-                switch (_a.label) {
+            var res, corsBlockResponseHeaders;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
                     case 0:
-                        if (!this.blockGenerator.shouldGenerate(context)) return [3 /*break*/, 2];
+                        if (!this.blockGenerator.shouldGenerate(context)) return [3 /*break*/, 4];
                         return [4 /*yield*/, this.handleSendActivities(context)];
                     case 1:
-                        _a.sent();
-                        return [2 /*return*/, this.blockGenerator.generateBlockResponse(context)];
-                    case 2: return [2 /*return*/, null];
+                        _b.sent();
+                        res = this.blockGenerator.generateBlockResponse(context);
+                        if (!((_a = this.cors) === null || _a === void 0 ? void 0 : _a.isCorsRequest(context))) return [3 /*break*/, 3];
+                        this.config.logger.debug("Adding CORS headers to block response");
+                        return [4 /*yield*/, this.cors.getCorsBlockHeaders(context)];
+                    case 2:
+                        corsBlockResponseHeaders = _b.sent();
+                        if (corsBlockResponseHeaders) {
+                            res = (0, MinimalResponseUtils_1.appendHeaders)(res, corsBlockResponseHeaders);
+                        }
+                        _b.label = 3;
+                    case 3: return [2 /*return*/, res];
+                    case 4: return [2 /*return*/, null];
                 }
             });
         });
@@ -404,9 +434,13 @@ var EnforcerBase = /** @class */ (function () {
         });
     };
     EnforcerBase.prototype.handlePxhd = function (context, response) {
+        var _a;
         return __awaiter(this, void 0, void 0, function () {
-            return __generator(this, function (_a) {
-                return [2 /*return*/, pxhd_1.PXHDUtils.addPxhdToOutgoingResponse(context, response)];
+            return __generator(this, function (_b) {
+                if (((_a = context.pxhd) === null || _a === void 0 ? void 0 : _a.source) === PXHDSource_1.PXHDSource.RISK) {
+                    pxhd_1.PXHDUtils.addPxhdToOutgoingResponse(context, response);
+                }
+                return [2 /*return*/];
             });
         });
     };

package/lib/graphql/DefaultGraphQLParser.d.ts

@@ -1,8 +1,8 @@
-import { IContext } from '../context/IContext';
+import { IContext } from '../context';
 import { IConfiguration } from '../config';
 import { IGraphQLParser } from './IGraphQLParser';
 export declare class DefaultGraphQLParser implements IGraphQLParser {
-    private readonly logger;
+    private readonly config;
     private readonly graphqlRoutes;
     private readonly sensitiveOperationTypes;
     private readonly sensitiveOperationNames;

package/lib/graphql/DefaultGraphQLParser.js

@@ -42,7 +42,7 @@ var utils_1 = require("../utils");
 var http_1 = require("../http");
 var DefaultGraphQLParser = /** @class */ (function () {
     function DefaultGraphQLParser(config) {
-        this.logger = config.logger;
+        this.config = config;
         this.graphqlRoutes = config.graphqlRoutes;
         this.sensitiveOperationNames = config.sensitiveGraphqlOperationNames;
         this.sensitiveOperationTypes = config.sensitiveGraphqlOperationTypes;
@@ -62,21 +62,21 @@ var DefaultGraphQLParser = /** @class */ (function () {
                     case 1:
                         graphQLOperations = _a.sent();
                         if (!graphQLOperations) {
-                            this.logger.debug('unable to get graphql operations from request body');
+                            this.config.logger.debug('unable to get graphql operations from request body');
                             return [2 /*return*/, false];
                         }
                         data = this.parseGraphQLOperations(graphQLOperations);
                         if (!data || data.length === 0) {
-                            this.logger.debug('unable to parse graphql operations');
+                            this.config.logger.debug('unable to parse graphql operations');
                             return [2 /*return*/, false];
                         }
-                        this.logger.debug("".concat(data.length, " graphql operation").concat(data.length === 1 ? '' : 's', " parsed successfully"));
+                        this.config.logger.debug("".concat(data.length, " graphql operation").concat(data.length === 1 ? '' : 's', " parsed successfully"));
                         context.graphqlData = data;
                         context.isSensitiveRequest = context.isSensitiveRequest || data.some(function (operation) { return operation.sensitive; });
                         return [2 /*return*/, true];
                     case 2:
                         e_1 = _a.sent();
-                        this.logger.debug("error parsing graphql request: ".concat(e_1));
+                        this.config.logger.debug("unable to parse graphql request: ".concat(e_1));
                         return [2 /*return*/, false];
                     case 3: return [2 /*return*/];
                 }
@@ -86,20 +86,23 @@ var DefaultGraphQLParser = /** @class */ (function () {
     DefaultGraphQLParser.prototype.getGraphQLOperationsFromBody = function (_a) {
         var request = _a.request;
         return __awaiter(this, void 0, void 0, function () {
-            var body;
-            var _this = this;
+            var body, e_2;
             return __generator(this, function (_b) {
                 switch (_b.label) {
-                    case 0: return [4 /*yield*/, request.json().catch(function (e) {
-                            _this.logger.debug("unable to parse string body: ".concat(e));
-                            return null;
-                        })];
+                    case 0:
+                        _b.trys.push([0, 2, , 3]);
+                        return [4 /*yield*/, request.json()];
                     case 1:
                         body = _b.sent();
                         if (!body) {
                             return [2 /*return*/, null];
                         }
                         return [2 /*return*/, Array.isArray(body) ? body : [body]];
+                    case 2:
+                        e_2 = _b.sent();
+                        this.config.logger.debug("unable to parse body to json: ".concat(e_2));
+                        return [2 /*return*/, null];
+                    case 3: return [2 /*return*/];
                 }
             });
         });

package/lib/http/utils/MinimalResponseUtils.d.ts

@@ -1,4 +1,6 @@
 import { IMinimalResponse } from '..';
 import { IIncomingResponse } from '..';
+import { ReadOnlyHeaders } from '..';
 export declare const appendHeader: (response: IMinimalResponse, name: string, value: string) => IMinimalResponse;
+export declare const appendHeaders: (response: IMinimalResponse, headers: ReadOnlyHeaders) => IMinimalResponse;
 export declare const from: (response: IIncomingResponse) => IMinimalResponse;

package/lib/http/utils/MinimalResponseUtils.js

@@ -11,21 +11,31 @@ var __assign = (this && this.__assign) || function () {
     return __assign.apply(this, arguments);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.from = exports.appendHeader = void 0;
+exports.from = exports.appendHeaders = exports.appendHeader = void 0;
 var __1 = require("..");
 var appendHeader = function (response, name, value) {
+    var _a;
+    return (0, exports.appendHeaders)(response, (_a = {},
+        _a[name] = [value],
+        _a));
+};
+exports.appendHeader = appendHeader;
+var appendHeaders = function (response, headers) {
     var body = response.body;
     var statusCode = response.status;
-    var headers = response.headers;
-    var newHeaders = __assign({}, headers);
-    newHeaders[name] = (newHeaders[name] || []).concat([value]);
+    var responseHeaders = response.headers;
+    var newHeaders = __assign({}, responseHeaders);
+    Object.entries(headers).forEach(function (_a) {
+        var name = _a[0], values = _a[1];
+        newHeaders[name] = (newHeaders[name] || []).concat(values);
+    });
     return new __1.MinimalResponseImpl({
         body: body,
         headers: newHeaders,
         status: statusCode,
     });
 };
-exports.appendHeader = appendHeader;
+exports.appendHeaders = appendHeaders;
 var from = function (response) {
     return new (/** @class */ (function () {
         function class_1() {

package/lib/index.d.ts

@@ -4,6 +4,7 @@ export * from './block_handler';
 export * from './config';
 export * from './context';
 export * from './custom_parameters';
+export * from './cors';
 export * from './enforcer';
 export * from './filter';
 export * from './first_party';

package/lib/index.js

@@ -20,6 +20,7 @@ __exportStar(require("./block_handler"), exports);
 __exportStar(require("./config"), exports);
 __exportStar(require("./context"), exports);
 __exportStar(require("./custom_parameters"), exports);
+__exportStar(require("./cors"), exports);
 __exportStar(require("./enforcer"), exports);
 __exportStar(require("./filter"), exports);
 __exportStar(require("./first_party"), exports);

package/lib/pxhd/PXHDUtils.d.ts

@@ -1,10 +1,11 @@
 import { IContext } from '../context';
 import { IOutgoingResponse, IMinimalResponse } from '../http';
+import { PXHD } from './model';
 export declare namespace PXHDUtils {
     const PXHD_SAMESITE_VALUE = "Lax";
     const PXHD_PATH_VALUE = "/";
     const addPxhdToResponse: (context: IContext, httpResponse: IMinimalResponse) => IMinimalResponse;
     const addPxhdToOutgoingResponse: (context: IContext, response: IOutgoingResponse) => void;
     const addPxhdToMinimalResponse: (context: IContext, response: IMinimalResponse) => IMinimalResponse;
-    const getPxhdCookieValue: (pxhdValue: string) => string;
+    const getPxhdCookieValue: (pxhd: PXHD) => string;
 }

package/lib/pxhd/PXHDUtils.js

@@ -29,7 +29,11 @@ var PXHDUtils;
         }
         return response;
     };
-    PXHDUtils.getPxhdCookieValue = function (pxhdValue) {
-        return "".concat(utils_1.PXHD_COOKIE_NAME, "=").concat(pxhdValue, "; path=").concat(PXHDUtils.PXHD_PATH_VALUE, "; SameSite=").concat(PXHDUtils.PXHD_SAMESITE_VALUE);
+    PXHDUtils.getPxhdCookieValue = function (pxhd) {
+        var value = "".concat(utils_1.PXHD_COOKIE_NAME, "=").concat(pxhd.value);
+        var domain = pxhd.domain && "domain=".concat(pxhd.domain);
+        var path = "path=".concat(PXHDUtils.PXHD_PATH_VALUE);
+        var sameSite = "SameSite=".concat(PXHDUtils.PXHD_SAMESITE_VALUE);
+        return [value, domain, path, sameSite].filter(Boolean).join('; ');
     };
 })(PXHDUtils = exports.PXHDUtils || (exports.PXHDUtils = {}));

package/lib/pxhd/index.d.ts

@@ -1 +1,2 @@
 export { PXHDUtils } from './PXHDUtils';
+export * from './model';

package/lib/pxhd/index.js

@@ -1,5 +1,20 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PXHDUtils = void 0;
 var PXHDUtils_1 = require("./PXHDUtils");
 Object.defineProperty(exports, "PXHDUtils", { enumerable: true, get: function () { return PXHDUtils_1.PXHDUtils; } });
+__exportStar(require("./model"), exports);

package/lib/pxhd/model/PXHD.d.ts

@@ -0,0 +1,6 @@
+import { PXHDSource } from './PXHDSource';
+export declare type PXHD = {
+    value: string;
+    domain?: string;
+    source: PXHDSource;
+};

package/lib/pxhd/model/PXHD.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/pxhd/model/PXHDSource.d.ts

@@ -0,0 +1,4 @@
+export declare enum PXHDSource {
+    COOKIE = "cookie",
+    RISK = "risk"
+}

package/lib/pxhd/model/PXHDSource.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PXHDSource = void 0;
+var PXHDSource;
+(function (PXHDSource) {
+    PXHDSource["COOKIE"] = "cookie";
+    PXHDSource["RISK"] = "risk";
+})(PXHDSource = exports.PXHDSource || (exports.PXHDSource = {}));

package/lib/pxhd/model/index.d.ts

@@ -0,0 +1,2 @@
+export * from './PXHD';
+export * from './PXHDSource';

package/lib/pxhd/model/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./PXHD"), exports);
+__exportStar(require("./PXHDSource"), exports);

package/lib/risk_api/PostRiskApiClient.js

@@ -162,11 +162,15 @@ var PostRiskApiClient = /** @class */ (function () {
         this.addCustomParamsToAdditional(riskActivity, context);
     };
     PostRiskApiClient.prototype.addOptionalRiskFieldsToRoot = function (riskActivity, context) {
-        (0, utils_1.transferExistingProperties)(context, riskActivity, {
-            vid: 'vid',
-            uuid: 'uuid',
-            pxhd: 'pxhd',
-        });
+        if (context.vid) {
+            riskActivity.vid = context.vid;
+        }
+        if (context.uuid) {
+            riskActivity.uuid = context.uuid;
+        }
+        if (context.pxhd) {
+            riskActivity.pxhd = context.pxhd.value;
+        }
     };
     PostRiskApiClient.prototype.addOptionalRiskFieldsToAdditional = function (riskActivity, context) {
         (0, utils_1.transferExistingProperties)(context, riskActivity.additional, {

package/lib/risk_api/model/RiskResponseV2.d.ts

@@ -7,6 +7,7 @@ export declare type RiskResponseV2 = {
     action?: BlockAction;
     uuid?: string;
     pxhd?: string;
+    pxhdDomain?: string;
     message?: string;
     data_enrichment?: PXDE;
 };

package/lib/risk_api/model/RiskResponseV3.d.ts

@@ -7,6 +7,7 @@ export declare type RiskResponseV3 = {
     action?: BlockAction;
     uuid?: string;
     pxhd?: string;
+    pxhdDomain?: string;
     message?: string;
     data_enrichment?: PXDE;
 };

package/lib/risk_api/risk_response_handler/RiskResponseV2Handler.js

@@ -16,9 +16,9 @@ var __extends = (this && this.__extends) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.RiskResponseV2Handler = void 0;
-var utils_1 = require("../../utils");
 var RiskStatus_1 = require("../model/RiskStatus");
 var RiskResponseHandlerBase_1 = require("./RiskResponseHandlerBase");
+var PXHDSource_1 = require("../../pxhd/model/PXHDSource");
 var RiskResponseV2Handler = /** @class */ (function (_super) {
     __extends(RiskResponseV2Handler, _super);
     function RiskResponseV2Handler(config) {
@@ -32,14 +32,22 @@ var RiskResponseV2Handler = /** @class */ (function (_super) {
     };
     RiskResponseV2Handler.prototype.setRiskResponseContextFields = function (context, riskResponse) {
         context.score = this.extractScoreFromRiskResponse(riskResponse);
-        (0, utils_1.transferExistingProperties)(riskResponse, context, {
-            uuid: 'uuid',
-            pxhd: 'pxhd',
-            action: 'blockAction',
-            data_enrichment: 'pxde',
-        });
+        if (riskResponse.uuid) {
+            context.uuid = riskResponse.uuid;
+        }
+        if (riskResponse.pxhd) {
+            context.pxhd = {
+                value: riskResponse.pxhd,
+                domain: riskResponse.pxhdDomain,
+                source: PXHDSource_1.PXHDSource.RISK,
+            };
+        }
+        if (riskResponse.action) {
+            context.blockAction = riskResponse.action;
+        }
         if (riskResponse.data_enrichment) {
             context.pxdeVerified = true;
+            context.pxde = riskResponse.data_enrichment;
         }
     };
     return RiskResponseV2Handler;

package/lib/risk_api/risk_response_handler/RiskResponseV3Handler.js

@@ -16,9 +16,9 @@ var __extends = (this && this.__extends) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.RiskResponseV3Handler = void 0;
-var utils_1 = require("../../utils");
 var RiskStatus_1 = require("../model/RiskStatus");
 var RiskResponseHandlerBase_1 = require("./RiskResponseHandlerBase");
+var PXHDSource_1 = require("../../pxhd/model/PXHDSource");
 var RiskResponseV3Handler = /** @class */ (function (_super) {
     __extends(RiskResponseV3Handler, _super);
     function RiskResponseV3Handler(config) {
@@ -31,15 +31,25 @@ var RiskResponseV3Handler = /** @class */ (function (_super) {
         return riskResponse.score;
     };
     RiskResponseV3Handler.prototype.setRiskResponseContextFields = function (context, riskResponse) {
-        (0, utils_1.transferExistingProperties)(riskResponse, context, {
-            score: 'score',
-            uuid: 'uuid',
-            action: 'blockAction',
-            pxhd: 'pxhd',
-            data_enrichment: 'pxde',
-        });
+        if (typeof riskResponse.score === 'number') {
+            context.score = riskResponse.score;
+        }
+        if (riskResponse.uuid) {
+            context.uuid = riskResponse.uuid;
+        }
+        if (riskResponse.action) {
+            context.blockAction = riskResponse.action;
+        }
+        if (riskResponse.pxhd) {
+            context.pxhd = {
+                value: riskResponse.pxhd,
+                domain: riskResponse.pxhdDomain,
+                source: PXHDSource_1.PXHDSource.RISK,
+            };
+        }
         if (riskResponse.data_enrichment) {
             context.pxdeVerified = true;
+            context.pxde = riskResponse.data_enrichment;
         }
     };
     return RiskResponseV3Handler;

package/lib/utils/constants.d.ts

@@ -7,4 +7,4 @@ export declare const BYPASS_MONITOR_HEADER_VALUE = "1";
 export declare const X_PX_AUTHORIZATION_HEADER_NAME = "x-px-authorization";
 export declare const X_PX_ORIGINAL_TOKEN_HEADER_NAME = "x-px-original-token";
 export declare const X_PX_BYPASS_REASON_HEADER_NAME = "x-px-bypass-reason";
-export declare const CORE_MODULE_VERSION = "JS Core 0.5.0";
+export declare const CORE_MODULE_VERSION = "JS Core 0.5.1";

package/lib/utils/constants.js

@@ -10,4 +10,4 @@ exports.BYPASS_MONITOR_HEADER_VALUE = '1';
 exports.X_PX_AUTHORIZATION_HEADER_NAME = 'x-px-authorization';
 exports.X_PX_ORIGINAL_TOKEN_HEADER_NAME = 'x-px-original-token';
 exports.X_PX_BYPASS_REASON_HEADER_NAME = 'x-px-bypass-reason';
-exports.CORE_MODULE_VERSION = 'JS Core 0.5.0';
+exports.CORE_MODULE_VERSION = 'JS Core 0.5.1';

package/lib/utils/utils.d.ts

@@ -9,5 +9,8 @@ export declare const removeSensitiveFields: <T extends Record<string, any>>(obje
 export declare const removeSensitiveHeaders: (headers: Record<string, string[]>, sensitiveHeaderNames: string[]) => Record<string, string[]>;
 export declare const isRouteInPatterns: (route: string, patterns: Array<string | RegExp>) => boolean;
 export declare const isRouteMatch: (route: string, pattern: string | RegExp) => boolean;
+/**
+ * @deprecated this method is not typesafe. Copy the fields manually instead.
+ */
 export declare const transferExistingProperties: <FromObj extends Record<string, any>, ToObj extends Record<string, any>>(fromObj: FromObj, toObj: ToObj, propertyMappings: Partial<Record<keyof FromObj, keyof ToObj>>) => void;
 export declare const rejectOnTimeout: <T>(promise: Promise<T>, ms: number) => Promise<T>;

package/lib/utils/utils.js

@@ -124,6 +124,9 @@ var isRouteMatch = function (route, pattern) {
     return false;
 };
 exports.isRouteMatch = isRouteMatch;
+/**
+ * @deprecated this method is not typesafe. Copy the fields manually instead.
+ */
 var transferExistingProperties = function (fromObj, toObj, propertyMappings) {
     if (!toObj || !fromObj) {
         return;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "perimeterx-js-core",
-  "version": "0.5.0",
+  "version": "0.5.1",
   "description": "",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",