npm - primate - Versions diffs - 0.5.1 → 0.5.2 - Mend

primate 0.5.1 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/package.json +1 -1
package/source/preset/primate.json +9 -1
package/source/preset/{data/stores → stores}/default.js +0 -0
package/source/server/App.js +1 -0
package/source/server/Session.js +1 -1
package/source/server/domain/Domain.js +1 -1
package/source/server/servers/Static.js +6 -7
package/source/server/store/Store.js +1 -1
package/source/server/servers/content-security-policy.json +0 -7

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "primate",
-  "version": "0.5.1",
+  "version": "0.5.2",
   "author": "Primate core team <core@primatejs.com>",
   "homepage": "https://primatejs.com",
   "bugs": "https://adaptivecloud.dev/primate/primate/issues",

package/source/preset/primate.json CHANGED Viewed

@@ -13,7 +13,15 @@
     "ssl": {
       "key": "ssl/default.key",
       "cert": "ssl/default.crt"
-    }
+    },
+    "csp": {
+      "default-src": "'self'",
+      "object-src": "'none'",
+      "frame-ancestors": "'none'",
+      "form-action": "'self'",
+      "base-uri": "'self'"
+    },
+    "same-site": "Strict"
   },
   "paths": {
     "client": "client",

package/source/preset/{data/stores → stores}/default.js RENAMED Viewed

File without changes

package/source/server/App.js CHANGED Viewed

@@ -36,6 +36,7 @@ export default class App {
     const conf = {index, hashes, router,
       "serve_from": this.conf.paths.public,
       "http": {
+        ...this.conf.http,
         "key": File.read_sync(resolve(this.conf.http.ssl.key)),
         "cert": File.read_sync(resolve(this.conf.http.ssl.cert)),
       },

package/source/server/Session.js CHANGED Viewed

@@ -31,7 +31,7 @@ export default class Session extends Domain {
   }
   get cookie() {
-    return `session_id=${this._id}; Secure; SameSite=Strict; HttpOnly; Path=/`;
+    return `session_id=${this._id}; Path=/; Secure; HttpOnly`;
   }
   async switch_context(context, data = {}) {

package/source/server/domain/Domain.js CHANGED Viewed

@@ -10,7 +10,7 @@ import {random} from "../crypto.js";
 const length = 12;
 export default class Domain {
-  static stores_directory = "data/stores";
+  static stores_directory = "stores";
   static store_file = "default.js";
   static {

package/source/server/servers/Static.js CHANGED Viewed

@@ -7,18 +7,13 @@ import Server from "./Server.js";
 import Session from "../Session.js";
 import File from "../File.js";
 import {algorithm, hash} from "../crypto.js";
-import {assert} from "../invariants.js";
 import log from "../log.js";
 import codes from "./http-codes.json" assert {"type": "json"};
 import mimes from "./mimes.json" assert {"type": "json"};
-import policy from "./content-security-policy.json" assert {"type": "json"};
 const regex = /\.([a-z1-9]*)$/u;
 const mime = filename => mimes[filename.match(regex)[1]] ?? mimes.binary;
-const csp = Object.keys(policy)
-  .reduce((policy_string, key) => policy_string + `${key} ${policy[key]};`, "");
 const stream = (from, response) => {
   response.setHeader("Content-Encoding", "br");
   response.writeHead(codes.OK);
@@ -30,11 +25,15 @@ const stream = (from, response) => {
 export default class StaticServer extends Server {
   async run() {
     const {http, context} = this.conf;
+    const {csp, "same-site": same_site = "Strict"} = http;
+    this.csp = Object.keys(csp).reduce((policy_string, key) =>
+      policy_string + `${key} ${csp[key]};`, "");
     this.server = await createServer(http, async (request, response) => {
       const session = await Session.get(request.headers.cookie, context);
       if (!session.has_cookie) {
-        response.setHeader("Set-Cookie", session.cookie);
+        const {cookie} = session;
+        response.setHeader("Set-Cookie", `${cookie}; SameSite=${same_site}`);
       }
       response.session = session;
       request.on("end", () =>
@@ -90,7 +89,7 @@ export default class StaticServer extends Server {
       .reduce((hash_string, next_hash) => hash_string + ` '${next_hash}'`, "");
     response.setHeader("Content-Security-Policy",
-      csp + `script-src 'self'${script_src};`);
+      this.csp + `script-src 'self'${script_src};`);
     response.setHeader("Content-Type", "text/html");
     response.setHeader("Referrer-Policy", "same-origin");
     return stream(Readable.from([file]), response);

package/source/server/store/Store.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import {resolve} from "path";
-const preset = "../../preset/data/stores";
+const preset = "../../preset/stores";
 export default class Store {
   constructor(conf = {}) {

package/source/server/servers/content-security-policy.json DELETED Viewed

@@ -1,7 +0,0 @@
-{
-  "default-src": "'self'",
-  "object-src": "'none'",
-  "frame-ancestors": "'none'",
-  "form-action": "'self'",
-  "base-uri": "'self'"
-}