react-router 8.0.0-pre.0 → 8.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +66 -0
- package/dist/development/dom-export.js +1 -1
- package/dist/development/index-react-server-client.js +1 -1
- package/dist/development/index-react-server.d.ts +9 -2
- package/dist/development/index-react-server.js +91 -88
- package/dist/development/index.d.ts +1 -2
- package/dist/development/index.js +2 -3
- package/dist/development/lib/actions.js +6 -18
- package/dist/development/lib/components.d.ts +11 -3
- package/dist/development/lib/components.js +8 -2
- package/dist/development/lib/context.js +1 -1
- package/dist/development/lib/dom/dom.js +1 -1
- package/dist/development/lib/dom/lib.d.ts +12 -1
- package/dist/development/lib/dom/lib.js +18 -6
- package/dist/development/lib/dom/server.js +2 -2
- package/dist/development/lib/dom/ssr/components.d.ts +4 -2
- package/dist/development/lib/dom/ssr/components.js +13 -3
- package/dist/development/lib/dom/ssr/data.js +1 -1
- package/dist/development/lib/dom/ssr/entry.d.ts +1 -0
- package/dist/development/lib/dom/ssr/errorBoundaries.js +7 -3
- package/dist/development/lib/dom/ssr/fallback.js +8 -3
- package/dist/development/lib/dom/ssr/fog-of-war.js +12 -2
- package/dist/development/lib/dom/ssr/hydration.js +1 -1
- package/dist/development/lib/dom/ssr/invariant.js +1 -1
- package/dist/development/lib/dom/ssr/links.js +1 -1
- package/dist/development/lib/dom/ssr/markup.js +1 -1
- package/dist/development/lib/dom/ssr/routeModules.js +1 -1
- package/dist/development/lib/dom/ssr/routes-test-stub.js +1 -1
- package/dist/development/lib/dom/ssr/routes.js +1 -1
- package/dist/development/lib/dom/ssr/server.d.ts +4 -1
- package/dist/development/lib/dom/ssr/server.js +2 -1
- package/dist/development/lib/dom/ssr/single-fetch.js +2 -3
- package/dist/development/lib/dom-export/dom-router-provider.js +1 -1
- package/dist/development/lib/dom-export/hydrated-router.d.ts +1 -1
- package/dist/development/lib/dom-export/hydrated-router.js +14 -17
- package/dist/development/lib/errors.js +1 -1
- package/dist/development/lib/hooks.js +6 -4
- package/dist/development/lib/href.js +1 -1
- package/dist/development/lib/router/history.js +3 -2
- package/dist/development/lib/router/instrumentation.js +1 -1
- package/dist/development/lib/router/links.d.ts +3 -2
- package/dist/development/lib/router/router.js +13 -6
- package/dist/development/lib/router/url.js +18 -0
- package/dist/development/lib/router/utils.d.ts +6 -0
- package/dist/development/lib/router/utils.js +27 -8
- package/dist/development/lib/rsc/browser.js +21 -17
- package/dist/development/lib/rsc/errorBoundaries.js +1 -1
- package/dist/development/lib/rsc/html-stream/browser.js +1 -1
- package/dist/development/lib/rsc/html-stream/server.js +1 -1
- package/dist/development/lib/rsc/route-modules.js +1 -1
- package/dist/development/lib/rsc/server.ssr.js +27 -11
- package/dist/development/lib/server-runtime/cookies.js +1 -1
- package/dist/development/lib/server-runtime/crypto.js +1 -1
- package/dist/development/lib/server-runtime/data.js +1 -1
- package/dist/development/lib/server-runtime/dev.js +1 -1
- package/dist/development/lib/server-runtime/entry.js +1 -1
- package/dist/development/lib/server-runtime/errors.js +2 -22
- package/dist/development/lib/server-runtime/headers.js +1 -1
- package/dist/development/lib/server-runtime/invariant.js +1 -1
- package/dist/development/lib/server-runtime/mode.js +1 -1
- package/dist/development/lib/server-runtime/routeMatching.js +1 -1
- package/dist/development/lib/server-runtime/routes.js +1 -1
- package/dist/development/lib/server-runtime/server.js +17 -23
- package/dist/development/lib/server-runtime/serverHandoff.js +1 -1
- package/dist/development/lib/server-runtime/sessions/cookieStorage.js +1 -1
- package/dist/development/lib/server-runtime/sessions/memoryStorage.js +1 -1
- package/dist/development/lib/server-runtime/sessions.js +1 -1
- package/dist/development/lib/server-runtime/single-fetch.js +4 -4
- package/dist/development/lib/server-runtime/urls.js +2 -5
- package/dist/development/lib/server-runtime/warnings.js +1 -1
- package/dist/development/lib/types/internal.js +1 -1
- package/dist/development/vendor/turbo-stream-v2/flatten.js +1 -1
- package/dist/development/vendor/turbo-stream-v2/turbo-stream.js +2 -1
- package/dist/development/vendor/turbo-stream-v2/unflatten.js +3 -2
- package/dist/development/vendor/turbo-stream-v2/utils.js +2 -10
- package/dist/production/dom-export.js +1 -1
- package/dist/production/index-react-server-client.js +1 -1
- package/dist/production/index-react-server.d.ts +9 -2
- package/dist/production/index-react-server.js +91 -88
- package/dist/production/index.d.ts +1 -2
- package/dist/production/index.js +2 -3
- package/dist/production/lib/actions.js +6 -18
- package/dist/production/lib/components.d.ts +11 -3
- package/dist/production/lib/components.js +8 -2
- package/dist/production/lib/context.js +1 -1
- package/dist/production/lib/dom/dom.js +1 -1
- package/dist/production/lib/dom/lib.d.ts +12 -1
- package/dist/production/lib/dom/lib.js +18 -6
- package/dist/production/lib/dom/server.js +2 -2
- package/dist/production/lib/dom/ssr/components.d.ts +4 -2
- package/dist/production/lib/dom/ssr/components.js +13 -3
- package/dist/production/lib/dom/ssr/data.js +1 -1
- package/dist/production/lib/dom/ssr/entry.d.ts +1 -0
- package/dist/production/lib/dom/ssr/errorBoundaries.js +7 -3
- package/dist/production/lib/dom/ssr/fallback.js +3 -1
- package/dist/production/lib/dom/ssr/fog-of-war.js +12 -2
- package/dist/production/lib/dom/ssr/hydration.js +1 -1
- package/dist/production/lib/dom/ssr/invariant.js +1 -1
- package/dist/production/lib/dom/ssr/links.js +1 -1
- package/dist/production/lib/dom/ssr/markup.js +1 -1
- package/dist/production/lib/dom/ssr/routeModules.js +1 -1
- package/dist/production/lib/dom/ssr/routes-test-stub.js +1 -1
- package/dist/production/lib/dom/ssr/routes.js +1 -1
- package/dist/production/lib/dom/ssr/server.d.ts +4 -1
- package/dist/production/lib/dom/ssr/server.js +2 -1
- package/dist/production/lib/dom/ssr/single-fetch.js +2 -3
- package/dist/production/lib/dom-export/dom-router-provider.js +1 -1
- package/dist/production/lib/dom-export/hydrated-router.d.ts +1 -1
- package/dist/production/lib/dom-export/hydrated-router.js +14 -17
- package/dist/production/lib/errors.js +1 -1
- package/dist/production/lib/hooks.js +6 -4
- package/dist/production/lib/href.js +1 -1
- package/dist/production/lib/router/history.js +3 -2
- package/dist/production/lib/router/instrumentation.js +1 -1
- package/dist/production/lib/router/links.d.ts +3 -2
- package/dist/production/lib/router/router.js +13 -6
- package/dist/production/lib/router/url.js +18 -0
- package/dist/production/lib/router/utils.d.ts +6 -0
- package/dist/production/lib/router/utils.js +27 -8
- package/dist/production/lib/rsc/browser.js +21 -17
- package/dist/production/lib/rsc/errorBoundaries.js +1 -1
- package/dist/production/lib/rsc/html-stream/browser.js +1 -1
- package/dist/production/lib/rsc/html-stream/server.js +1 -1
- package/dist/production/lib/rsc/route-modules.js +1 -1
- package/dist/production/lib/rsc/server.ssr.js +27 -11
- package/dist/production/lib/server-runtime/cookies.js +1 -1
- package/dist/production/lib/server-runtime/crypto.js +1 -1
- package/dist/production/lib/server-runtime/data.js +1 -1
- package/dist/production/lib/server-runtime/dev.js +1 -1
- package/dist/production/lib/server-runtime/entry.js +1 -1
- package/dist/production/lib/server-runtime/errors.js +2 -22
- package/dist/production/lib/server-runtime/headers.js +1 -1
- package/dist/production/lib/server-runtime/invariant.js +1 -1
- package/dist/production/lib/server-runtime/mode.js +1 -1
- package/dist/production/lib/server-runtime/routeMatching.js +1 -1
- package/dist/production/lib/server-runtime/routes.js +1 -1
- package/dist/production/lib/server-runtime/server.js +17 -23
- package/dist/production/lib/server-runtime/serverHandoff.js +1 -1
- package/dist/production/lib/server-runtime/sessions/cookieStorage.js +1 -1
- package/dist/production/lib/server-runtime/sessions/memoryStorage.js +1 -1
- package/dist/production/lib/server-runtime/sessions.js +1 -1
- package/dist/production/lib/server-runtime/single-fetch.js +4 -4
- package/dist/production/lib/server-runtime/urls.js +2 -5
- package/dist/production/lib/server-runtime/warnings.js +1 -1
- package/dist/production/lib/types/internal.js +1 -1
- package/dist/production/vendor/turbo-stream-v2/flatten.js +1 -1
- package/dist/production/vendor/turbo-stream-v2/turbo-stream.js +2 -1
- package/dist/production/vendor/turbo-stream-v2/unflatten.js +3 -2
- package/dist/production/vendor/turbo-stream-v2/utils.js +2 -10
- package/docs/explanation/code-splitting.md +1 -1
- package/docs/explanation/index-query-param.md +2 -2
- package/docs/explanation/type-safety.md +1 -1
- package/docs/how-to/data-strategy.md +5 -5
- package/docs/how-to/error-reporting.md +10 -2
- package/docs/how-to/headers.md +2 -1
- package/docs/how-to/middleware.md +8 -89
- package/docs/how-to/security.md +9 -7
- package/docs/how-to/status.md +1 -1
- package/docs/index.md +3 -6
- package/docs/start/data/installation.md +4 -0
- package/docs/start/data/route-object.md +20 -0
- package/docs/start/framework/actions.md +0 -1
- package/docs/start/framework/data-loading.md +1 -1
- package/docs/start/framework/deploying.md +4 -0
- package/docs/start/framework/installation.md +0 -1
- package/docs/start/modes.md +1 -2
- package/docs/upgrading/component-routes.md +2 -2
- package/docs/upgrading/future.md +58 -11
- package/docs/upgrading/router-provider.md +6 -3
- package/docs/upgrading/v7.md +443 -0
- package/package.json +7 -7
- package/dist/development/lib/dom/ssr/errors.d.ts +0 -7
- package/dist/development/lib/dom/ssr/errors.js +0 -36
- package/dist/production/lib/dom/ssr/errors.d.ts +0 -7
- package/dist/production/lib/dom/ssr/errors.js +0 -36
- package/docs/upgrading/remix.md +0 -403
- package/docs/upgrading/v6.md +0 -379
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* react-router v8.0.0
|
|
2
|
+
* react-router v8.0.0
|
|
3
3
|
*
|
|
4
4
|
* Copyright (c) Remix Software Inc.
|
|
5
5
|
*
|
|
@@ -22,7 +22,7 @@ const SERVER_NO_BODY_STATUS_CODES = new Set([...NO_BODY_STATUS_CODES, 304]);
|
|
|
22
22
|
async function singleFetchAction(build, serverMode, staticHandler, request, loadContext, handleError) {
|
|
23
23
|
try {
|
|
24
24
|
try {
|
|
25
|
-
throwIfPotentialCSRFAttack(request
|
|
25
|
+
throwIfPotentialCSRFAttack(request, Array.isArray(build.allowedActionOrigins) ? build.allowedActionOrigins : []);
|
|
26
26
|
} catch (e) {
|
|
27
27
|
return handleQueryError(/* @__PURE__ */ new Error("Bad Request"), 400);
|
|
28
28
|
}
|
|
@@ -37,7 +37,7 @@ async function singleFetchAction(build, serverMode, staticHandler, request, load
|
|
|
37
37
|
return handleQueryError(error);
|
|
38
38
|
}
|
|
39
39
|
},
|
|
40
|
-
normalizePath: (r) => getNormalizedPath(r
|
|
40
|
+
normalizePath: (r) => getNormalizedPath(r)
|
|
41
41
|
}));
|
|
42
42
|
} catch (error) {
|
|
43
43
|
return handleQueryError(error);
|
|
@@ -90,7 +90,7 @@ async function singleFetchLoaders(build, serverMode, staticHandler, request, loa
|
|
|
90
90
|
return handleQueryError(error);
|
|
91
91
|
}
|
|
92
92
|
},
|
|
93
|
-
normalizePath: (r) => getNormalizedPath(r
|
|
93
|
+
normalizePath: (r) => getNormalizedPath(r)
|
|
94
94
|
}));
|
|
95
95
|
} catch (error) {
|
|
96
96
|
return handleQueryError(error);
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* react-router v8.0.0
|
|
2
|
+
* react-router v8.0.0
|
|
3
3
|
*
|
|
4
4
|
* Copyright (c) Remix Software Inc.
|
|
5
5
|
*
|
|
@@ -8,15 +8,12 @@
|
|
|
8
8
|
*
|
|
9
9
|
* @license MIT
|
|
10
10
|
*/
|
|
11
|
-
import { stripBasename } from "../router/utils.js";
|
|
12
11
|
//#region lib/server-runtime/urls.ts
|
|
13
|
-
function getNormalizedPath(request
|
|
14
|
-
basename = basename || "/";
|
|
12
|
+
function getNormalizedPath(request) {
|
|
15
13
|
let url = new URL(request.url);
|
|
16
14
|
let pathname = url.pathname;
|
|
17
15
|
if (pathname.endsWith("/_.data")) pathname = pathname.replace(/_\.data$/, "");
|
|
18
16
|
else pathname = pathname.replace(/\.data$/, "");
|
|
19
|
-
if (stripBasename(pathname, basename) !== "/" && pathname.endsWith("/")) pathname = pathname.slice(0, -1);
|
|
20
17
|
let searchParams = new URLSearchParams(url.search);
|
|
21
18
|
searchParams.delete("_routes");
|
|
22
19
|
let search = searchParams.toString();
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* react-router v8.0.0
|
|
2
|
+
* react-router v8.0.0
|
|
3
3
|
*
|
|
4
4
|
* Copyright (c) Remix Software Inc.
|
|
5
5
|
*
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
*
|
|
9
9
|
* @license MIT
|
|
10
10
|
*/
|
|
11
|
+
import "../../lib/router/utils.js";
|
|
11
12
|
import { Deferred, createLineSplittingTransform } from "./utils.js";
|
|
12
13
|
import { flatten } from "./flatten.js";
|
|
13
14
|
import { unflatten } from "./unflatten.js";
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* react-router v8.0.0
|
|
2
|
+
* react-router v8.0.0
|
|
3
3
|
*
|
|
4
4
|
* Copyright (c) Remix Software Inc.
|
|
5
5
|
*
|
|
@@ -8,7 +8,8 @@
|
|
|
8
8
|
*
|
|
9
9
|
* @license MIT
|
|
10
10
|
*/
|
|
11
|
-
import {
|
|
11
|
+
import { SUPPORTED_ERROR_TYPES } from "../../lib/router/utils.js";
|
|
12
|
+
import { Deferred } from "./utils.js";
|
|
12
13
|
//#region vendor/turbo-stream-v2/unflatten.ts
|
|
13
14
|
const globalObj = typeof window !== "undefined" ? window : typeof globalThis !== "undefined" ? globalThis : void 0;
|
|
14
15
|
function unflatten(parsed) {
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* react-router v8.0.0
|
|
2
|
+
* react-router v8.0.0
|
|
3
3
|
*
|
|
4
4
|
* Copyright (c) Remix Software Inc.
|
|
5
5
|
*
|
|
@@ -9,14 +9,6 @@
|
|
|
9
9
|
* @license MIT
|
|
10
10
|
*/
|
|
11
11
|
//#region vendor/turbo-stream-v2/utils.ts
|
|
12
|
-
const SUPPORTED_ERROR_TYPES = [
|
|
13
|
-
"EvalError",
|
|
14
|
-
"RangeError",
|
|
15
|
-
"ReferenceError",
|
|
16
|
-
"SyntaxError",
|
|
17
|
-
"TypeError",
|
|
18
|
-
"URIError"
|
|
19
|
-
];
|
|
20
12
|
var Deferred = class {
|
|
21
13
|
promise;
|
|
22
14
|
resolve;
|
|
@@ -44,4 +36,4 @@ function createLineSplittingTransform() {
|
|
|
44
36
|
});
|
|
45
37
|
}
|
|
46
38
|
//#endregion
|
|
47
|
-
export { Deferred,
|
|
39
|
+
export { Deferred, createLineSplittingTransform };
|
|
@@ -815,6 +815,8 @@ interface RouteMeta<RouteObjectType extends RouteObject = RouteObject> {
|
|
|
815
815
|
caseSensitive: boolean;
|
|
816
816
|
childrenIndex: number;
|
|
817
817
|
route: RouteObjectType;
|
|
818
|
+
matcher?: RegExp;
|
|
819
|
+
compiledParams?: CompiledPathParam[];
|
|
818
820
|
}
|
|
819
821
|
/**
|
|
820
822
|
* @private
|
|
@@ -828,6 +830,10 @@ interface RouteBranch<RouteObjectType extends RouteObject = RouteObject> {
|
|
|
828
830
|
score: number;
|
|
829
831
|
routesMeta: RouteMeta<RouteObjectType>[];
|
|
830
832
|
}
|
|
833
|
+
type CompiledPathParam = {
|
|
834
|
+
paramName: string;
|
|
835
|
+
isOptional?: boolean;
|
|
836
|
+
};
|
|
831
837
|
declare class DataWithResponseInit<D> {
|
|
832
838
|
type: string;
|
|
833
839
|
data: D;
|
|
@@ -1825,8 +1831,9 @@ interface PageLinkDescriptor extends Omit<HtmlLinkDescriptor, "href" | "rel" | "
|
|
|
1825
1831
|
/**
|
|
1826
1832
|
* A [`nonce`](https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Global_attributes/nonce)
|
|
1827
1833
|
* attribute to render on the [`<link>`](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/link)
|
|
1828
|
-
* element
|
|
1829
|
-
|
|
1834
|
+
* element. If not provided in Framework Mode, it will default to any
|
|
1835
|
+
* {@link ServerRouter | `<ServerRouter nonce>`} prop.
|
|
1836
|
+
*/
|
|
1830
1837
|
nonce?: string | undefined;
|
|
1831
1838
|
/**
|
|
1832
1839
|
* The absolute path of the page to prefetch, e.g. `/absolute/path`.
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* react-router v8.0.0
|
|
2
|
+
* react-router v8.0.0
|
|
3
3
|
*
|
|
4
4
|
* Copyright (c) Remix Software Inc.
|
|
5
5
|
*
|
|
@@ -12,6 +12,9 @@ import { AsyncLocalStorage } from "node:async_hooks";
|
|
|
12
12
|
import * as React from "react";
|
|
13
13
|
import { parse, serialize, splitSetCookieString } from "cookie-es";
|
|
14
14
|
import { BrowserRouter, Form, HashRouter, Link, Links, MemoryRouter, Meta, NavLink, Navigate, Outlet, Outlet as Outlet$1, Route, Router, RouterProvider, Routes, ScrollRestoration, StaticRouter, StaticRouterProvider, UNSAFE_AwaitContextProvider, UNSAFE_WithComponentProps, UNSAFE_WithErrorBoundaryProps, UNSAFE_WithHydrateFallbackProps, unstable_HistoryRouter } from "react-router/internal/react-server-client";
|
|
15
|
+
//#region lib/router/url.ts
|
|
16
|
+
const ABSOLUTE_URL_REGEX = /^(?:[a-z][a-z0-9+.-]*:|[\\/]{2})/i;
|
|
17
|
+
//#endregion
|
|
15
18
|
//#region lib/router/history.ts
|
|
16
19
|
function invariant$1(value, message) {
|
|
17
20
|
if (value === false || value === null || typeof value === "undefined") throw new Error(message);
|
|
@@ -480,7 +483,14 @@ function flattenRoutes(routes, branches = [], parentsMeta = [], parentPath = "",
|
|
|
480
483
|
branches.push({
|
|
481
484
|
path,
|
|
482
485
|
score: computeScore(path, route.index),
|
|
483
|
-
routesMeta
|
|
486
|
+
routesMeta: routesMeta.map((meta, i) => {
|
|
487
|
+
let [matcher, params] = compilePath(meta.relativePath, meta.caseSensitive, i === routesMeta.length - 1);
|
|
488
|
+
return {
|
|
489
|
+
...meta,
|
|
490
|
+
matcher,
|
|
491
|
+
compiledParams: params
|
|
492
|
+
};
|
|
493
|
+
})
|
|
484
494
|
});
|
|
485
495
|
};
|
|
486
496
|
routes.forEach((route, index) => {
|
|
@@ -531,11 +541,12 @@ function matchRouteBranch(branch, pathname, allowPartial = false) {
|
|
|
531
541
|
let meta = routesMeta[i];
|
|
532
542
|
let end = i === routesMeta.length - 1;
|
|
533
543
|
let remainingPathname = matchedPathname === "/" ? pathname : pathname.slice(matchedPathname.length) || "/";
|
|
534
|
-
let
|
|
544
|
+
let pattern = {
|
|
535
545
|
path: meta.relativePath,
|
|
536
546
|
caseSensitive: meta.caseSensitive,
|
|
537
547
|
end
|
|
538
|
-
}
|
|
548
|
+
};
|
|
549
|
+
let match = meta.matcher && meta.compiledParams ? matchPathImpl(pattern, remainingPathname, meta.matcher, meta.compiledParams) : matchPath(pattern, remainingPathname);
|
|
539
550
|
let route = meta.route;
|
|
540
551
|
if (!match && end && allowPartial && !routesMeta[routesMeta.length - 1].route.index) match = matchPath({
|
|
541
552
|
path: meta.relativePath,
|
|
@@ -575,6 +586,9 @@ function matchPath(pattern, pathname) {
|
|
|
575
586
|
end: true
|
|
576
587
|
};
|
|
577
588
|
let [matcher, compiledParams] = compilePath(pattern.path, pattern.caseSensitive, pattern.end);
|
|
589
|
+
return matchPathImpl(pattern, pathname, matcher, compiledParams);
|
|
590
|
+
}
|
|
591
|
+
function matchPathImpl(pattern, pathname, matcher, compiledParams) {
|
|
578
592
|
let match = pathname.match(matcher);
|
|
579
593
|
if (!match) return null;
|
|
580
594
|
let matchedPathname = match[0];
|
|
@@ -637,7 +651,6 @@ function stripBasename(pathname, basename) {
|
|
|
637
651
|
function prependBasename({ basename, pathname }) {
|
|
638
652
|
return pathname === "/" ? basename : joinPaths([basename, pathname]);
|
|
639
653
|
}
|
|
640
|
-
const ABSOLUTE_URL_REGEX = /^(?:[a-z][a-z0-9+.-]*:|\/\/)/i;
|
|
641
654
|
const isAbsoluteUrl = (url) => ABSOLUTE_URL_REGEX.test(url);
|
|
642
655
|
/**
|
|
643
656
|
* Returns a resolved {@link Path} object relative to the given pathname.
|
|
@@ -713,7 +726,7 @@ function resolveTo(toArg, routePathnames, locationPathname, isPathRelative = fal
|
|
|
713
726
|
if (!path.pathname.endsWith("/") && (hasExplicitTrailingSlash || hasCurrentTrailingSlash)) path.pathname += "/";
|
|
714
727
|
return path;
|
|
715
728
|
}
|
|
716
|
-
const removeDoubleSlashes = (path) => path.replace(
|
|
729
|
+
const removeDoubleSlashes = (path) => path.replace(/[\\/]{2,}/g, "/");
|
|
717
730
|
const joinPaths = (paths) => removeDoubleSlashes(paths.join("/"));
|
|
718
731
|
const removeTrailingSlash = (path) => path.replace(/\/+$/, "");
|
|
719
732
|
const normalizePathname = (pathname) => removeTrailingSlash(pathname).replace(/^\/*/, "/");
|
|
@@ -2062,55 +2075,13 @@ function prependCookies(parentHeaders, childHeaders) {
|
|
|
2062
2075
|
}
|
|
2063
2076
|
}
|
|
2064
2077
|
//#endregion
|
|
2065
|
-
//#region lib/
|
|
2066
|
-
|
|
2067
|
-
|
|
2068
|
-
|
|
2069
|
-
|
|
2070
|
-
|
|
2071
|
-
} catch {
|
|
2072
|
-
throw new Error(`\`origin\` header is not a valid URL. Aborting the action.`);
|
|
2073
|
-
}
|
|
2074
|
-
let host = parseHostHeader(headers);
|
|
2075
|
-
if (originDomain && (!host || originDomain !== host.value)) {
|
|
2076
|
-
if (!isAllowedOrigin(originDomain, allowedActionOrigins)) if (host) throw new Error(`${host.type} header does not match \`origin\` header from a forwarded action request. Aborting the action.`);
|
|
2077
|
-
else throw new Error("`x-forwarded-host` or `host` headers are not provided. One of these is needed to compare the `origin` header from a forwarded action request. Aborting the action.");
|
|
2078
|
-
}
|
|
2079
|
-
}
|
|
2080
|
-
function matchWildcardDomain(domain, pattern) {
|
|
2081
|
-
const domainParts = domain.split(".");
|
|
2082
|
-
const patternParts = pattern.split(".");
|
|
2083
|
-
if (patternParts.length < 1) return false;
|
|
2084
|
-
if (domainParts.length < patternParts.length) return false;
|
|
2085
|
-
while (patternParts.length) {
|
|
2086
|
-
const patternPart = patternParts.pop();
|
|
2087
|
-
const domainPart = domainParts.pop();
|
|
2088
|
-
switch (patternPart) {
|
|
2089
|
-
case "": return false;
|
|
2090
|
-
case "*": if (domainPart) continue;
|
|
2091
|
-
else return false;
|
|
2092
|
-
case "**":
|
|
2093
|
-
if (patternParts.length > 0) return false;
|
|
2094
|
-
return domainPart !== void 0;
|
|
2095
|
-
case void 0:
|
|
2096
|
-
default: if (domainPart !== patternPart) return false;
|
|
2097
|
-
}
|
|
2078
|
+
//#region lib/server-runtime/warnings.ts
|
|
2079
|
+
const alreadyWarned = {};
|
|
2080
|
+
function warnOnce(condition, message) {
|
|
2081
|
+
if (!condition && !alreadyWarned[message]) {
|
|
2082
|
+
alreadyWarned[message] = true;
|
|
2083
|
+
console.warn(message);
|
|
2098
2084
|
}
|
|
2099
|
-
return domainParts.length === 0;
|
|
2100
|
-
}
|
|
2101
|
-
function isAllowedOrigin(originDomain, allowedActionOrigins = []) {
|
|
2102
|
-
return allowedActionOrigins.some((allowedOrigin) => allowedOrigin && (allowedOrigin === originDomain || matchWildcardDomain(originDomain, allowedOrigin)));
|
|
2103
|
-
}
|
|
2104
|
-
function parseHostHeader(headers) {
|
|
2105
|
-
let forwardedHostValue = headers.get("x-forwarded-host")?.split(",")[0]?.trim();
|
|
2106
|
-
let hostHeader = headers.get("host");
|
|
2107
|
-
return forwardedHostValue ? {
|
|
2108
|
-
type: "x-forwarded-host",
|
|
2109
|
-
value: forwardedHostValue
|
|
2110
|
-
} : hostHeader ? {
|
|
2111
|
-
type: "host",
|
|
2112
|
-
value: hostHeader
|
|
2113
|
-
} : void 0;
|
|
2114
2085
|
}
|
|
2115
2086
|
//#endregion
|
|
2116
2087
|
//#region lib/errors.ts
|
|
@@ -2145,15 +2116,61 @@ function createRouteErrorResponseDigest(response) {
|
|
|
2145
2116
|
data
|
|
2146
2117
|
})}`;
|
|
2147
2118
|
}
|
|
2119
|
+
function getPathsWithAncestors(paths) {
|
|
2120
|
+
let result = /* @__PURE__ */ new Set();
|
|
2121
|
+
paths.forEach((path) => {
|
|
2122
|
+
if (!path.startsWith("/")) path = `/${path}`;
|
|
2123
|
+
for (let i = 1; i < path.length; i++) if (path[i] === "/") result.add(path.slice(0, i));
|
|
2124
|
+
result.add(path);
|
|
2125
|
+
});
|
|
2126
|
+
return Array.from(result);
|
|
2127
|
+
}
|
|
2128
|
+
//#endregion
|
|
2129
|
+
//#region lib/actions.ts
|
|
2130
|
+
function throwIfPotentialCSRFAttack(request, allowedActionOrigins) {
|
|
2131
|
+
let originHeader = request.headers.get("origin");
|
|
2132
|
+
let originDomain = null;
|
|
2133
|
+
try {
|
|
2134
|
+
originDomain = typeof originHeader === "string" && originHeader !== "null" ? new URL(originHeader).host : originHeader;
|
|
2135
|
+
} catch {
|
|
2136
|
+
throw new Error(`\`origin\` header is not a valid URL. Aborting the action.`);
|
|
2137
|
+
}
|
|
2138
|
+
let host = new URL(request.url).host;
|
|
2139
|
+
if (originDomain && originDomain !== host) {
|
|
2140
|
+
if (!isAllowedOrigin(originDomain, allowedActionOrigins)) throw new Error("The `request.url` host does not match `origin` header from a forwarded action request. Aborting the action.");
|
|
2141
|
+
}
|
|
2142
|
+
}
|
|
2143
|
+
function matchWildcardDomain(domain, pattern) {
|
|
2144
|
+
const domainParts = domain.split(".");
|
|
2145
|
+
const patternParts = pattern.split(".");
|
|
2146
|
+
if (patternParts.length < 1) return false;
|
|
2147
|
+
if (domainParts.length < patternParts.length) return false;
|
|
2148
|
+
while (patternParts.length) {
|
|
2149
|
+
const patternPart = patternParts.pop();
|
|
2150
|
+
const domainPart = domainParts.pop();
|
|
2151
|
+
switch (patternPart) {
|
|
2152
|
+
case "": return false;
|
|
2153
|
+
case "*": if (domainPart) continue;
|
|
2154
|
+
else return false;
|
|
2155
|
+
case "**":
|
|
2156
|
+
if (patternParts.length > 0) return false;
|
|
2157
|
+
return domainPart !== void 0;
|
|
2158
|
+
case void 0:
|
|
2159
|
+
default: if (domainPart !== patternPart) return false;
|
|
2160
|
+
}
|
|
2161
|
+
}
|
|
2162
|
+
return domainParts.length === 0;
|
|
2163
|
+
}
|
|
2164
|
+
function isAllowedOrigin(originDomain, allowedActionOrigins = []) {
|
|
2165
|
+
return allowedActionOrigins.some((allowedOrigin) => allowedOrigin && (allowedOrigin === originDomain || matchWildcardDomain(originDomain, allowedOrigin)));
|
|
2166
|
+
}
|
|
2148
2167
|
//#endregion
|
|
2149
2168
|
//#region lib/server-runtime/urls.ts
|
|
2150
|
-
function getNormalizedPath(request
|
|
2151
|
-
basename = basename || "/";
|
|
2169
|
+
function getNormalizedPath(request) {
|
|
2152
2170
|
let url = new URL(request.url);
|
|
2153
2171
|
let pathname = url.pathname;
|
|
2154
2172
|
if (pathname.endsWith("/_.data")) pathname = pathname.replace(/_\.data$/, "");
|
|
2155
2173
|
else pathname = pathname.replace(/\.data$/, "");
|
|
2156
|
-
if (stripBasename(pathname, basename) !== "/" && pathname.endsWith("/")) pathname = pathname.slice(0, -1);
|
|
2157
2174
|
let searchParams = new URLSearchParams(url.search);
|
|
2158
2175
|
searchParams.delete("_routes");
|
|
2159
2176
|
let search = searchParams.toString();
|
|
@@ -2318,6 +2335,11 @@ async function matchRSCServerRequest({ allowedActionOrigins, createTemporaryRefe
|
|
|
2318
2335
|
return response;
|
|
2319
2336
|
}
|
|
2320
2337
|
async function generateManifestResponse(routes, basename, request, generateResponse, temporaryReferences, routeDiscovery) {
|
|
2338
|
+
let url = new URL(request.url);
|
|
2339
|
+
if (url.toString().length > 7680) return new Response(null, {
|
|
2340
|
+
statusText: "Bad Request",
|
|
2341
|
+
status: 400
|
|
2342
|
+
});
|
|
2321
2343
|
if (routeDiscovery?.mode === "initial") {
|
|
2322
2344
|
let payload = {
|
|
2323
2345
|
type: "manifest",
|
|
@@ -2335,7 +2357,6 @@ async function generateManifestResponse(routes, basename, request, generateRespo
|
|
|
2335
2357
|
onError: defaultOnError
|
|
2336
2358
|
});
|
|
2337
2359
|
}
|
|
2338
|
-
let url = new URL(request.url);
|
|
2339
2360
|
let pathParam = url.searchParams.get("paths");
|
|
2340
2361
|
let pathnames = pathParam ? pathParam.split(",").filter(Boolean) : [url.pathname.replace(/\.manifest$/, "")];
|
|
2341
2362
|
let routeIds = /* @__PURE__ */ new Set();
|
|
@@ -2436,7 +2457,7 @@ async function generateResourceResponse(request, routes, basename, routeId, requ
|
|
|
2436
2457
|
return generateErrorResponse(error);
|
|
2437
2458
|
}
|
|
2438
2459
|
},
|
|
2439
|
-
normalizePath: (r) => getNormalizedPath(r
|
|
2460
|
+
normalizePath: (r) => getNormalizedPath(r)
|
|
2440
2461
|
});
|
|
2441
2462
|
} catch (error) {
|
|
2442
2463
|
return generateErrorResponse(error);
|
|
@@ -2483,13 +2504,13 @@ async function generateRenderResponse(request, routes, basename, isDataRequest,
|
|
|
2483
2504
|
skipLoaderErrorBubbling: isDataRequest,
|
|
2484
2505
|
skipRevalidation: isSubmission,
|
|
2485
2506
|
...routeIdsToLoad ? { filterMatchesToLoad: (m) => routeIdsToLoad.includes(m.route.id) } : {},
|
|
2486
|
-
normalizePath: (r) => getNormalizedPath(r
|
|
2507
|
+
normalizePath: (r) => getNormalizedPath(r),
|
|
2487
2508
|
async generateMiddlewareResponse(query) {
|
|
2488
2509
|
let formState;
|
|
2489
2510
|
let skipRevalidation = false;
|
|
2490
2511
|
let potentialCSRFAttackError;
|
|
2491
2512
|
if (isMutationMethod(request.method)) try {
|
|
2492
|
-
throwIfPotentialCSRFAttack(request
|
|
2513
|
+
throwIfPotentialCSRFAttack(request, allowedActionOrigins);
|
|
2493
2514
|
ctx.runningAction = true;
|
|
2494
2515
|
let result = await processServerAction(request, basename, decodeReply, loadServerAction, decodeAction, decodeFormState, onError, temporaryReferences).finally(() => {
|
|
2495
2516
|
ctx.runningAction = false;
|
|
@@ -2604,7 +2625,7 @@ async function getRenderPayload(baseRenderPayload, routes, basename, routeIdsToL
|
|
|
2604
2625
|
parentId
|
|
2605
2626
|
});
|
|
2606
2627
|
}));
|
|
2607
|
-
let patches = routeDiscovery?.mode === "initial" && !isDataRequest ? getAllRoutePatches(routes, basename).then((patches) => patches.filter((patch) => !staticContext.matches.some((m) => m.route.id === patch.id))) : getAdditionalRoutePatches([staticContext.location.pathname], routes, basename, staticContext.matches.map((m) => m.route.id));
|
|
2628
|
+
let patches = routeDiscovery?.mode === "initial" && !isDataRequest ? getAllRoutePatches(routes, basename).then((patches) => patches.filter((patch) => !staticContext.matches.some((m) => m.route.id === patch.id))) : getAdditionalRoutePatches(getPathsWithAncestors([staticContext.location.pathname]), routes, basename, staticContext.matches.map((m) => m.route.id));
|
|
2608
2629
|
return {
|
|
2609
2630
|
...baseRenderPayload,
|
|
2610
2631
|
matches: await matchesPromise,
|
|
@@ -2712,23 +2733,14 @@ async function getAdditionalRoutePatches(pathnames, routes, basename, matchedRou
|
|
|
2712
2733
|
let patchRouteMatches = /* @__PURE__ */ new Map();
|
|
2713
2734
|
let matchedPaths = /* @__PURE__ */ new Set();
|
|
2714
2735
|
for (const pathname of pathnames) {
|
|
2715
|
-
|
|
2716
|
-
|
|
2717
|
-
|
|
2718
|
-
|
|
2719
|
-
|
|
2720
|
-
|
|
2721
|
-
|
|
2722
|
-
|
|
2723
|
-
if (matchedPaths.has(path)) return;
|
|
2724
|
-
matchedPaths.add(path);
|
|
2725
|
-
let matches = matchRoutes(routes, path, basename) || [];
|
|
2726
|
-
matches.forEach((m, i) => {
|
|
2727
|
-
if (patchRouteMatches.get(m.route.id)) return;
|
|
2728
|
-
patchRouteMatches.set(m.route.id, {
|
|
2729
|
-
...m.route,
|
|
2730
|
-
parentId: matches[i - 1]?.route.id
|
|
2731
|
-
});
|
|
2736
|
+
if (matchedPaths.has(pathname)) continue;
|
|
2737
|
+
matchedPaths.add(pathname);
|
|
2738
|
+
let matches = matchRoutes(routes, pathname, basename) || [];
|
|
2739
|
+
matches.forEach((m, i) => {
|
|
2740
|
+
if (patchRouteMatches.get(m.route.id)) return;
|
|
2741
|
+
patchRouteMatches.set(m.route.id, {
|
|
2742
|
+
...m.route,
|
|
2743
|
+
parentId: matches[i - 1]?.route.id
|
|
2732
2744
|
});
|
|
2733
2745
|
});
|
|
2734
2746
|
}
|
|
@@ -2827,15 +2839,6 @@ function byteStringToUint8Array(byteString) {
|
|
|
2827
2839
|
return array;
|
|
2828
2840
|
}
|
|
2829
2841
|
//#endregion
|
|
2830
|
-
//#region lib/server-runtime/warnings.ts
|
|
2831
|
-
const alreadyWarned = {};
|
|
2832
|
-
function warnOnce(condition, message) {
|
|
2833
|
-
if (!condition && !alreadyWarned[message]) {
|
|
2834
|
-
alreadyWarned[message] = true;
|
|
2835
|
-
console.warn(message);
|
|
2836
|
-
}
|
|
2837
|
-
}
|
|
2838
|
-
//#endregion
|
|
2839
2842
|
//#region lib/server-runtime/cookies.ts
|
|
2840
2843
|
/**
|
|
2841
2844
|
* Creates a logical container for managing a browser cookie from the server.
|
|
@@ -26,7 +26,6 @@ import { DecodeActionFunction, DecodeFormStateFunction, DecodeReplyFunction, Loa
|
|
|
26
26
|
import { BrowserCreateFromReadableStreamFunction, EncodeReplyFunction, RSCHydratedRouterProps } from "./lib/rsc/browser.js";
|
|
27
27
|
import { RSCStaticRouter, RSCStaticRouterProps, SSRCreateFromReadableStreamFunction, routeRSCServerRequest } from "./lib/rsc/server.ssr.js";
|
|
28
28
|
import { RSCDefaultRootErrorBoundary } from "./lib/rsc/errorBoundaries.js";
|
|
29
|
-
import { deserializeErrors } from "./lib/dom/ssr/errors.js";
|
|
30
29
|
import { RemixErrorBoundary } from "./lib/dom/ssr/errorBoundaries.js";
|
|
31
30
|
import { getPatchRoutesOnNavigationFunction, useFogOFWarDiscovery } from "./lib/dom/ssr/fog-of-war.js";
|
|
32
31
|
import { getHydrationData } from "./lib/dom/ssr/hydration.js";
|
|
@@ -43,4 +42,4 @@ import { ClientInstrumentation, InstrumentRequestHandlerFunction, InstrumentRout
|
|
|
43
42
|
declare const unstable_getRequest: typeof getRequest;
|
|
44
43
|
declare const unstable_matchRSCServerRequest: typeof matchRSCServerRequest;
|
|
45
44
|
//#endregion
|
|
46
|
-
export { type ActionFunction, type ActionFunctionArgs, type AppLoadContext, Await, type AwaitProps, type BaseRouteObject, type Blocker, type BlockerFunction, BrowserRouter, type BrowserRouterProps, type ClientActionFunction, type ClientActionFunctionArgs, type ClientInstrumentation, type ClientLoaderFunction, type ClientLoaderFunctionArgs, type ClientOnErrorFunction, type Cookie, type CookieOptions, type CookieParseOptions, type CookieSerializeOptions, type CookieSignatureOptions, type CreateRequestHandlerFunction, type DOMRouterOpts, type DataRouteMatch, type DataRouteObject, type Router as DataRouter, type DataStrategyFunction, type DataStrategyFunctionArgs, type DataStrategyMatch, type DataStrategyResult, type DiscoverBehavior, type EntryContext, type ErrorResponse, type Fetcher, type FetcherFormProps, type FetcherSubmitFunction, type FetcherSubmitOptions, type FetcherWithComponents, type FlashSessionData, Form, type FormEncType, type FormMethod, type FormProps, type Future, type GetScrollPositionFunction, type GetScrollRestorationKeyFunction, type HTMLFormMethod, type HandleDataRequestFunction, type HandleDocumentRequestFunction, type HandleErrorFunction, HashRouter, type HashRouterProps, type HeadersArgs, type HeadersFunction, type HistoryRouterProps, type HtmlLinkDescriptor, type HydrationState, IDLE_BLOCKER, IDLE_FETCHER, IDLE_NAVIGATION, type IndexRouteObject, type IndexRouteProps, type InitialEntry, type InstrumentRequestHandlerFunction, type InstrumentRouteFunction, type InstrumentRouterFunction, type InstrumentationHandlerResult, type IsCookieFunction, type IsSessionFunction, type LayoutRouteProps, type LazyRouteFunction, Link, type LinkDescriptor, type LinkProps, Links, type LinksFunction, type LinksProps, type LoaderFunction, type LoaderFunctionArgs, type Location, MemoryRouter, type MemoryRouterOpts, type MemoryRouterProps, Meta, type MetaArgs, type MetaDescriptor, type MetaFunction, type MiddlewareFunction, NavLink, type NavLinkProps, type NavLinkRenderProps, Navigate, type NavigateFunction, type NavigateOptions, type NavigateProps, type Navigation, type NavigationStates, Action as NavigationType, type Navigator, type NonIndexRouteObject, Outlet, type OutletProps, type PageLinkDescriptor, type ParamKeyValuePair, type ParamParseKey, type Params, type PatchRoutesOnNavigationFunction, type PatchRoutesOnNavigationFunctionArgs, type Path, type PathMatch, type PathParam, type PathPattern, type PathRouteProps, type PrefetchBehavior, PrefetchPageLinks, type RedirectFunction, type Register, type RelativeRoutingType, type RequestHandler, type RevalidationState, Route, type RouteMatch, type RouteObject, type RouteProps, Router$1 as Router, type RouterContext, RouterContextProvider, type RouterFetchOptions, type RouterInit, type RouterNavigateOptions, type RouterProps, RouterProvider, type RouterProviderProps, type RouterState, type RouterSubscriber, Routes, type RoutesProps, type RoutesTestStubProps, Scripts, type ScriptsProps, ScrollRestoration, type ScrollRestorationProps, type ServerBuild, type ServerEntryModule, type ServerInstrumentation, ServerRouter, type ServerRouterProps, type Session, type SessionData, type SessionIdStorageStrategy, type SessionStorage, type SetURLSearchParams, type ShouldRevalidateFunction, type ShouldRevalidateFunctionArgs, type StaticHandler, type StaticHandlerContext, StaticRouter, type StaticRouterProps, StaticRouterProvider, type StaticRouterProviderProps, type SubmitFunction, type SubmitOptions, type SubmitTarget, type To, type UIMatch, type AssetsManifest as UNSAFE_AssetsManifest, AwaitContextProvider as UNSAFE_AwaitContextProvider, DataRouterContext as UNSAFE_DataRouterContext, DataRouterStateContext as UNSAFE_DataRouterStateContext, type DataWithResponseInit as UNSAFE_DataWithResponseInit, ErrorResponseImpl as UNSAFE_ErrorResponseImpl, FetchersContext as UNSAFE_FetchersContext, FrameworkContext as UNSAFE_FrameworkContext, LocationContext as UNSAFE_LocationContext, NavigationContext as UNSAFE_NavigationContext, RSCDefaultRootErrorBoundary as UNSAFE_RSCDefaultRootErrorBoundary, RemixErrorBoundary as UNSAFE_RemixErrorBoundary, RouteContext as UNSAFE_RouteContext, type RouteModules as UNSAFE_RouteModules, ServerMode as UNSAFE_ServerMode, SingleFetchRedirectSymbol as UNSAFE_SingleFetchRedirectSymbol, ViewTransitionContext as UNSAFE_ViewTransitionContext, WithComponentProps as UNSAFE_WithComponentProps, WithErrorBoundaryProps as UNSAFE_WithErrorBoundaryProps, WithHydrateFallbackProps as UNSAFE_WithHydrateFallbackProps, createBrowserHistory as UNSAFE_createBrowserHistory, createClientRoutes as UNSAFE_createClientRoutes, createClientRoutesWithHMRRevalidationOptOut as UNSAFE_createClientRoutesWithHMRRevalidationOptOut, createHashHistory as UNSAFE_createHashHistory, createMemoryHistory as UNSAFE_createMemoryHistory, createRouter as UNSAFE_createRouter, decodeViaTurboStream as UNSAFE_decodeViaTurboStream, defaultMapRouteProperties as UNSAFE_defaultMapRouteProperties,
|
|
45
|
+
export { type ActionFunction, type ActionFunctionArgs, type AppLoadContext, Await, type AwaitProps, type BaseRouteObject, type Blocker, type BlockerFunction, BrowserRouter, type BrowserRouterProps, type ClientActionFunction, type ClientActionFunctionArgs, type ClientInstrumentation, type ClientLoaderFunction, type ClientLoaderFunctionArgs, type ClientOnErrorFunction, type Cookie, type CookieOptions, type CookieParseOptions, type CookieSerializeOptions, type CookieSignatureOptions, type CreateRequestHandlerFunction, type DOMRouterOpts, type DataRouteMatch, type DataRouteObject, type Router as DataRouter, type DataStrategyFunction, type DataStrategyFunctionArgs, type DataStrategyMatch, type DataStrategyResult, type DiscoverBehavior, type EntryContext, type ErrorResponse, type Fetcher, type FetcherFormProps, type FetcherSubmitFunction, type FetcherSubmitOptions, type FetcherWithComponents, type FlashSessionData, Form, type FormEncType, type FormMethod, type FormProps, type Future, type GetScrollPositionFunction, type GetScrollRestorationKeyFunction, type HTMLFormMethod, type HandleDataRequestFunction, type HandleDocumentRequestFunction, type HandleErrorFunction, HashRouter, type HashRouterProps, type HeadersArgs, type HeadersFunction, type HistoryRouterProps, type HtmlLinkDescriptor, type HydrationState, IDLE_BLOCKER, IDLE_FETCHER, IDLE_NAVIGATION, type IndexRouteObject, type IndexRouteProps, type InitialEntry, type InstrumentRequestHandlerFunction, type InstrumentRouteFunction, type InstrumentRouterFunction, type InstrumentationHandlerResult, type IsCookieFunction, type IsSessionFunction, type LayoutRouteProps, type LazyRouteFunction, Link, type LinkDescriptor, type LinkProps, Links, type LinksFunction, type LinksProps, type LoaderFunction, type LoaderFunctionArgs, type Location, MemoryRouter, type MemoryRouterOpts, type MemoryRouterProps, Meta, type MetaArgs, type MetaDescriptor, type MetaFunction, type MiddlewareFunction, NavLink, type NavLinkProps, type NavLinkRenderProps, Navigate, type NavigateFunction, type NavigateOptions, type NavigateProps, type Navigation, type NavigationStates, Action as NavigationType, type Navigator, type NonIndexRouteObject, Outlet, type OutletProps, type PageLinkDescriptor, type ParamKeyValuePair, type ParamParseKey, type Params, type PatchRoutesOnNavigationFunction, type PatchRoutesOnNavigationFunctionArgs, type Path, type PathMatch, type PathParam, type PathPattern, type PathRouteProps, type PrefetchBehavior, PrefetchPageLinks, type RedirectFunction, type Register, type RelativeRoutingType, type RequestHandler, type RevalidationState, Route, type RouteMatch, type RouteObject, type RouteProps, Router$1 as Router, type RouterContext, RouterContextProvider, type RouterFetchOptions, type RouterInit, type RouterNavigateOptions, type RouterProps, RouterProvider, type RouterProviderProps, type RouterState, type RouterSubscriber, Routes, type RoutesProps, type RoutesTestStubProps, Scripts, type ScriptsProps, ScrollRestoration, type ScrollRestorationProps, type ServerBuild, type ServerEntryModule, type ServerInstrumentation, ServerRouter, type ServerRouterProps, type Session, type SessionData, type SessionIdStorageStrategy, type SessionStorage, type SetURLSearchParams, type ShouldRevalidateFunction, type ShouldRevalidateFunctionArgs, type StaticHandler, type StaticHandlerContext, StaticRouter, type StaticRouterProps, StaticRouterProvider, type StaticRouterProviderProps, type SubmitFunction, type SubmitOptions, type SubmitTarget, type To, type UIMatch, type AssetsManifest as UNSAFE_AssetsManifest, AwaitContextProvider as UNSAFE_AwaitContextProvider, DataRouterContext as UNSAFE_DataRouterContext, DataRouterStateContext as UNSAFE_DataRouterStateContext, type DataWithResponseInit as UNSAFE_DataWithResponseInit, ErrorResponseImpl as UNSAFE_ErrorResponseImpl, FetchersContext as UNSAFE_FetchersContext, FrameworkContext as UNSAFE_FrameworkContext, LocationContext as UNSAFE_LocationContext, NavigationContext as UNSAFE_NavigationContext, RSCDefaultRootErrorBoundary as UNSAFE_RSCDefaultRootErrorBoundary, RemixErrorBoundary as UNSAFE_RemixErrorBoundary, RouteContext as UNSAFE_RouteContext, type RouteModules as UNSAFE_RouteModules, ServerMode as UNSAFE_ServerMode, SingleFetchRedirectSymbol as UNSAFE_SingleFetchRedirectSymbol, ViewTransitionContext as UNSAFE_ViewTransitionContext, WithComponentProps as UNSAFE_WithComponentProps, WithErrorBoundaryProps as UNSAFE_WithErrorBoundaryProps, WithHydrateFallbackProps as UNSAFE_WithHydrateFallbackProps, createBrowserHistory as UNSAFE_createBrowserHistory, createClientRoutes as UNSAFE_createClientRoutes, createClientRoutesWithHMRRevalidationOptOut as UNSAFE_createClientRoutesWithHMRRevalidationOptOut, createHashHistory as UNSAFE_createHashHistory, createMemoryHistory as UNSAFE_createMemoryHistory, createRouter as UNSAFE_createRouter, decodeViaTurboStream as UNSAFE_decodeViaTurboStream, defaultMapRouteProperties as UNSAFE_defaultMapRouteProperties, getHydrationData as UNSAFE_getHydrationData, getPatchRoutesOnNavigationFunction as UNSAFE_getPatchRoutesOnNavigationFunction, getTurboStreamSingleFetchDataStrategy as UNSAFE_getTurboStreamSingleFetchDataStrategy, hydrationRouteProperties as UNSAFE_hydrationRouteProperties, invariant as UNSAFE_invariant, shouldHydrateRouteLoader as UNSAFE_shouldHydrateRouteLoader, useFogOFWarDiscovery as UNSAFE_useFogOFWarDiscovery, useScrollRestoration as UNSAFE_useScrollRestoration, withComponentProps as UNSAFE_withComponentProps, withErrorBoundaryProps as UNSAFE_withErrorBoundaryProps, withHydrateFallbackProps as UNSAFE_withHydrateFallbackProps, type URLSearchParamsInit, createBrowserRouter, createContext, createCookie, createCookieSessionStorage, createHashRouter, createMemoryRouter, createMemorySessionStorage, createPath, createRequestHandler, createRoutesFromChildren, createRoutesFromElements, createRoutesStub, createSearchParams, createSession, createSessionStorage, createStaticHandler, createStaticRouter, data, generatePath, href, isCookie, isRouteErrorResponse, isSession, matchPath, matchRoutes, parsePath, redirect, redirectDocument, renderMatches, replace, resolvePath, type BrowserCreateFromReadableStreamFunction as unstable_BrowserCreateFromReadableStreamFunction, type DecodeActionFunction as unstable_DecodeActionFunction, type DecodeFormStateFunction as unstable_DecodeFormStateFunction, type DecodeReplyFunction as unstable_DecodeReplyFunction, type EncodeReplyFunction as unstable_EncodeReplyFunction, HistoryRouter as unstable_HistoryRouter, type LoadServerActionFunction as unstable_LoadServerActionFunction, type RSCHydratedRouterProps as unstable_RSCHydratedRouterProps, type RSCManifestPayload as unstable_RSCManifestPayload, type RSCMatch as unstable_RSCMatch, type RSCPayload as unstable_RSCPayload, type RSCRenderPayload as unstable_RSCRenderPayload, type RSCRouteConfig as unstable_RSCRouteConfig, type RSCRouteConfigEntry as unstable_RSCRouteConfigEntry, type RSCRouteManifest as unstable_RSCRouteManifest, type RSCRouteMatch as unstable_RSCRouteMatch, RSCStaticRouter as unstable_RSCStaticRouter, type RSCStaticRouterProps as unstable_RSCStaticRouterProps, type unstable_RouterState, type unstable_RouterStateActiveVariant, type unstable_RouterStatePendingVariant, type SSRCreateFromReadableStreamFunction as unstable_SSRCreateFromReadableStreamFunction, type unstable_SerializesTo, unstable_getRequest, unstable_matchRSCServerRequest, routeRSCServerRequest as unstable_routeRSCServerRequest, setDevServerHooks as unstable_setDevServerHooks, usePrompt as unstable_usePrompt, useRoute as unstable_useRoute, useRouterState as unstable_useRouterState, useActionData, useAsyncError, useAsyncValue, useBeforeUnload, useBlocker, useFetcher, useFetchers, useFormAction, useHref, useInRouterContext, useLinkClickHandler, useLoaderData, useLocation, useMatch, useMatches, useNavigate, useNavigation, useNavigationType, useOutlet, useOutletContext, useParams, useResolvedPath, useRevalidator, useRouteError, useRouteLoaderData, useRoutes, useSearchParams, useSubmit, useViewTransitionState };
|
package/dist/production/index.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* react-router v8.0.0
|
|
2
|
+
* react-router v8.0.0
|
|
3
3
|
*
|
|
4
4
|
* Copyright (c) Remix Software Inc.
|
|
5
5
|
*
|
|
@@ -35,7 +35,6 @@ import { createMemorySessionStorage } from "./lib/server-runtime/sessions/memory
|
|
|
35
35
|
import { href } from "./lib/href.js";
|
|
36
36
|
import { RSCDefaultRootErrorBoundary } from "./lib/rsc/errorBoundaries.js";
|
|
37
37
|
import { RSCStaticRouter, routeRSCServerRequest } from "./lib/rsc/server.ssr.js";
|
|
38
|
-
import { deserializeErrors } from "./lib/dom/ssr/errors.js";
|
|
39
38
|
import { getHydrationData } from "./lib/dom/ssr/hydration.js";
|
|
40
39
|
//#region index.ts
|
|
41
40
|
/**
|
|
@@ -43,4 +42,4 @@ import { getHydrationData } from "./lib/dom/ssr/hydration.js";
|
|
|
43
42
|
* @mergeModuleWith react-router
|
|
44
43
|
*/
|
|
45
44
|
//#endregion
|
|
46
|
-
export { Await, BrowserRouter, Form, HashRouter, IDLE_BLOCKER, IDLE_FETCHER, IDLE_NAVIGATION, Link, Links, MemoryRouter, Meta, NavLink, Navigate, Action as NavigationType, Outlet, PrefetchPageLinks, Route, Router, RouterContextProvider, RouterProvider, Routes, Scripts, ScrollRestoration, ServerRouter, StaticRouter, StaticRouterProvider, AwaitContextProvider as UNSAFE_AwaitContextProvider, DataRouterContext as UNSAFE_DataRouterContext, DataRouterStateContext as UNSAFE_DataRouterStateContext, ErrorResponseImpl as UNSAFE_ErrorResponseImpl, FetchersContext as UNSAFE_FetchersContext, FrameworkContext as UNSAFE_FrameworkContext, LocationContext as UNSAFE_LocationContext, NavigationContext as UNSAFE_NavigationContext, RSCDefaultRootErrorBoundary as UNSAFE_RSCDefaultRootErrorBoundary, RemixErrorBoundary as UNSAFE_RemixErrorBoundary, RouteContext as UNSAFE_RouteContext, ServerMode as UNSAFE_ServerMode, SingleFetchRedirectSymbol as UNSAFE_SingleFetchRedirectSymbol, ViewTransitionContext as UNSAFE_ViewTransitionContext, WithComponentProps as UNSAFE_WithComponentProps, WithErrorBoundaryProps as UNSAFE_WithErrorBoundaryProps, WithHydrateFallbackProps as UNSAFE_WithHydrateFallbackProps, createBrowserHistory as UNSAFE_createBrowserHistory, createClientRoutes as UNSAFE_createClientRoutes, createClientRoutesWithHMRRevalidationOptOut as UNSAFE_createClientRoutesWithHMRRevalidationOptOut, createHashHistory as UNSAFE_createHashHistory, createMemoryHistory as UNSAFE_createMemoryHistory, createRouter as UNSAFE_createRouter, decodeViaTurboStream as UNSAFE_decodeViaTurboStream, defaultMapRouteProperties as UNSAFE_defaultMapRouteProperties,
|
|
45
|
+
export { Await, BrowserRouter, Form, HashRouter, IDLE_BLOCKER, IDLE_FETCHER, IDLE_NAVIGATION, Link, Links, MemoryRouter, Meta, NavLink, Navigate, Action as NavigationType, Outlet, PrefetchPageLinks, Route, Router, RouterContextProvider, RouterProvider, Routes, Scripts, ScrollRestoration, ServerRouter, StaticRouter, StaticRouterProvider, AwaitContextProvider as UNSAFE_AwaitContextProvider, DataRouterContext as UNSAFE_DataRouterContext, DataRouterStateContext as UNSAFE_DataRouterStateContext, ErrorResponseImpl as UNSAFE_ErrorResponseImpl, FetchersContext as UNSAFE_FetchersContext, FrameworkContext as UNSAFE_FrameworkContext, LocationContext as UNSAFE_LocationContext, NavigationContext as UNSAFE_NavigationContext, RSCDefaultRootErrorBoundary as UNSAFE_RSCDefaultRootErrorBoundary, RemixErrorBoundary as UNSAFE_RemixErrorBoundary, RouteContext as UNSAFE_RouteContext, ServerMode as UNSAFE_ServerMode, SingleFetchRedirectSymbol as UNSAFE_SingleFetchRedirectSymbol, ViewTransitionContext as UNSAFE_ViewTransitionContext, WithComponentProps as UNSAFE_WithComponentProps, WithErrorBoundaryProps as UNSAFE_WithErrorBoundaryProps, WithHydrateFallbackProps as UNSAFE_WithHydrateFallbackProps, createBrowserHistory as UNSAFE_createBrowserHistory, createClientRoutes as UNSAFE_createClientRoutes, createClientRoutesWithHMRRevalidationOptOut as UNSAFE_createClientRoutesWithHMRRevalidationOptOut, createHashHistory as UNSAFE_createHashHistory, createMemoryHistory as UNSAFE_createMemoryHistory, createRouter as UNSAFE_createRouter, decodeViaTurboStream as UNSAFE_decodeViaTurboStream, defaultMapRouteProperties as UNSAFE_defaultMapRouteProperties, getHydrationData as UNSAFE_getHydrationData, getPatchRoutesOnNavigationFunction as UNSAFE_getPatchRoutesOnNavigationFunction, getTurboStreamSingleFetchDataStrategy as UNSAFE_getTurboStreamSingleFetchDataStrategy, hydrationRouteProperties as UNSAFE_hydrationRouteProperties, invariant as UNSAFE_invariant, shouldHydrateRouteLoader as UNSAFE_shouldHydrateRouteLoader, useFogOFWarDiscovery as UNSAFE_useFogOFWarDiscovery, useScrollRestoration as UNSAFE_useScrollRestoration, withComponentProps as UNSAFE_withComponentProps, withErrorBoundaryProps as UNSAFE_withErrorBoundaryProps, withHydrateFallbackProps as UNSAFE_withHydrateFallbackProps, createBrowserRouter, createContext, createCookie, createCookieSessionStorage, createHashRouter, createMemoryRouter, createMemorySessionStorage, createPath, createRequestHandler, createRoutesFromChildren, createRoutesFromElements, createRoutesStub, createSearchParams, createSession, createSessionStorage, createStaticHandler, createStaticRouter, data, generatePath, href, isCookie, isRouteErrorResponse, isSession, matchPath, matchRoutes, parsePath, redirect, redirectDocument, renderMatches, replace, resolvePath, HistoryRouter as unstable_HistoryRouter, RSCStaticRouter as unstable_RSCStaticRouter, routeRSCServerRequest as unstable_routeRSCServerRequest, setDevServerHooks as unstable_setDevServerHooks, usePrompt as unstable_usePrompt, useRoute as unstable_useRoute, useRouterState as unstable_useRouterState, useActionData, useAsyncError, useAsyncValue, useBeforeUnload, useBlocker, useFetcher, useFetchers, useFormAction, useHref, useInRouterContext, useLinkClickHandler, useLoaderData, useLocation, useMatch, useMatches, useNavigate, useNavigation, useNavigationType, useOutlet, useOutletContext, useParams, useResolvedPath, useRevalidator, useRouteError, useRouteLoaderData, useRoutes, useSearchParams, useSubmit, useViewTransitionState };
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* react-router v8.0.0
|
|
2
|
+
* react-router v8.0.0
|
|
3
3
|
*
|
|
4
4
|
* Copyright (c) Remix Software Inc.
|
|
5
5
|
*
|
|
@@ -9,18 +9,17 @@
|
|
|
9
9
|
* @license MIT
|
|
10
10
|
*/
|
|
11
11
|
//#region lib/actions.ts
|
|
12
|
-
function throwIfPotentialCSRFAttack(
|
|
13
|
-
let originHeader = headers.get("origin");
|
|
12
|
+
function throwIfPotentialCSRFAttack(request, allowedActionOrigins) {
|
|
13
|
+
let originHeader = request.headers.get("origin");
|
|
14
14
|
let originDomain = null;
|
|
15
15
|
try {
|
|
16
16
|
originDomain = typeof originHeader === "string" && originHeader !== "null" ? new URL(originHeader).host : originHeader;
|
|
17
17
|
} catch {
|
|
18
18
|
throw new Error(`\`origin\` header is not a valid URL. Aborting the action.`);
|
|
19
19
|
}
|
|
20
|
-
let host =
|
|
21
|
-
if (originDomain &&
|
|
22
|
-
if (!isAllowedOrigin(originDomain, allowedActionOrigins))
|
|
23
|
-
else throw new Error("`x-forwarded-host` or `host` headers are not provided. One of these is needed to compare the `origin` header from a forwarded action request. Aborting the action.");
|
|
20
|
+
let host = new URL(request.url).host;
|
|
21
|
+
if (originDomain && originDomain !== host) {
|
|
22
|
+
if (!isAllowedOrigin(originDomain, allowedActionOrigins)) throw new Error("The `request.url` host does not match `origin` header from a forwarded action request. Aborting the action.");
|
|
24
23
|
}
|
|
25
24
|
}
|
|
26
25
|
function matchWildcardDomain(domain, pattern) {
|
|
@@ -47,16 +46,5 @@ function matchWildcardDomain(domain, pattern) {
|
|
|
47
46
|
function isAllowedOrigin(originDomain, allowedActionOrigins = []) {
|
|
48
47
|
return allowedActionOrigins.some((allowedOrigin) => allowedOrigin && (allowedOrigin === originDomain || matchWildcardDomain(originDomain, allowedOrigin)));
|
|
49
48
|
}
|
|
50
|
-
function parseHostHeader(headers) {
|
|
51
|
-
let forwardedHostValue = headers.get("x-forwarded-host")?.split(",")[0]?.trim();
|
|
52
|
-
let hostHeader = headers.get("host");
|
|
53
|
-
return forwardedHostValue ? {
|
|
54
|
-
type: "x-forwarded-host",
|
|
55
|
-
value: forwardedHostValue
|
|
56
|
-
} : hostHeader ? {
|
|
57
|
-
type: "host",
|
|
58
|
-
value: hostHeader
|
|
59
|
-
} : void 0;
|
|
60
|
-
}
|
|
61
49
|
//#endregion
|
|
62
50
|
export { throwIfPotentialCSRFAttack };
|