veryfront 0.1.120 → 0.1.122

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/esm/deno.js +1 -1
  2. package/esm/src/security/client/html-sanitizer.js +1 -1
  3. package/esm/src/security/http/response/security-handler.js +3 -3
  4. package/esm/src/utils/version-constant.d.ts +1 -1
  5. package/esm/src/utils/version-constant.js +1 -1
  6. package/package.json +1 -1
  7. package/src/deno.js +1 -1
  8. package/src/src/security/client/html-sanitizer.ts +1 -1
  9. package/src/src/security/http/response/security-handler.ts +3 -3
  10. package/src/src/utils/version-constant.ts +1 -1
package/esm/deno.js CHANGED
@@ -1,6 +1,6 @@
1
1
  export default {
2
2
  "name": "veryfront",
3
- "version": "0.1.120",
3
+ "version": "0.1.122",
4
4
  "license": "Apache-2.0",
5
5
  "nodeModulesDir": "auto",
6
6
  "exclude": [
package/esm/src/security/client/html-sanitizer.js CHANGED
@@ -8,7 +8,7 @@
8
8
  */
9
9
  import * as dntShim from "../../../_dnt.shims.js";
10
10
  import { escapeHtml } from "../../html/html-escape.js";
11
- import { SECURITY_VIOLATION } from "../../errors/index.js";
11
+ import { SECURITY_VIOLATION } from "../../errors/error-registry.js";
12
12
  export { escapeHtml };
13
13
  /**
14
14
  * Patterns that RSC should never generate.
package/esm/src/security/http/response/security-handler.js CHANGED
@@ -12,8 +12,8 @@ export function generateNonce() {
12
12
  /**
13
13
  * Build a default CSP that works for typical veryfront apps.
14
14
  *
15
- * - Scripts: nonce-based + cdn.jsdelivr.net (Scalar API docs, html2canvas,
16
- * React UMD, browser inference)
15
+ * - Scripts: nonce-based + cdn.jsdelivr.net + esm.sh (Scalar API docs,
16
+ * html2canvas, legacy/browser ESM hydration)
17
17
  * - Styles: 'self' + 'unsafe-inline' + nonce + Google Fonts + cdn.veryfront.com
18
18
  * plus style-src-attr 'unsafe-inline' so React style="" attributes remain
19
19
  * compatible while inline <style> tags continue to use the nonce
@@ -28,7 +28,7 @@ export function generateNonce() {
28
28
  function buildDefaultCSP(nonce) {
29
29
  return [
30
30
  `default-src 'self'`,
31
- `script-src 'self' 'nonce-${nonce}' https://cdn.jsdelivr.net`,
31
+ `script-src 'self' 'nonce-${nonce}' https://cdn.jsdelivr.net https://esm.sh`,
32
32
  `style-src 'self' 'unsafe-inline' 'nonce-${nonce}' https://fonts.googleapis.com https://cdn.veryfront.com`,
33
33
  `style-src-attr 'unsafe-inline'`,
34
34
  `img-src 'self' data: https:`,
package/esm/src/utils/version-constant.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- export declare const VERSION = "0.1.120";
1
+ export declare const VERSION = "0.1.122";
2
2
  //# sourceMappingURL=version-constant.d.ts.map
package/esm/src/utils/version-constant.js CHANGED
@@ -1,3 +1,3 @@
1
1
  // Keep in sync with deno.json version.
2
2
  // scripts/release.ts updates this constant during releases.
3
- export const VERSION = "0.1.120";
3
+ export const VERSION = "0.1.122";
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "veryfront",
3
- "version": "0.1.120",
3
+ "version": "0.1.122",
4
4
  "description": "The simplest way to build AI-powered apps",
5
5
  "keywords": [
6
6
  "react",
package/src/deno.js CHANGED
@@ -1,6 +1,6 @@
1
1
  export default {
2
2
  "name": "veryfront",
3
- "version": "0.1.120",
3
+ "version": "0.1.122",
4
4
  "license": "Apache-2.0",
5
5
  "nodeModulesDir": "auto",
6
6
  "exclude": [
package/src/src/security/client/html-sanitizer.ts CHANGED
@@ -10,7 +10,7 @@ import * as dntShim from "../../../_dnt.shims.js";
10
10
 
11
11
 
12
12
  import { escapeHtml } from "../../html/html-escape.js";
13
- import { SECURITY_VIOLATION } from "../../errors/index.js";
13
+ import { SECURITY_VIOLATION } from "../../errors/error-registry.js";
14
14
 
15
15
  export { escapeHtml };
16
16
 
package/src/src/security/http/response/security-handler.ts CHANGED
@@ -18,8 +18,8 @@ export function generateNonce(): string {
18
18
  /**
19
19
  * Build a default CSP that works for typical veryfront apps.
20
20
  *
21
- * - Scripts: nonce-based + cdn.jsdelivr.net (Scalar API docs, html2canvas,
22
- * React UMD, browser inference)
21
+ * - Scripts: nonce-based + cdn.jsdelivr.net + esm.sh (Scalar API docs,
22
+ * html2canvas, legacy/browser ESM hydration)
23
23
  * - Styles: 'self' + 'unsafe-inline' + nonce + Google Fonts + cdn.veryfront.com
24
24
  * plus style-src-attr 'unsafe-inline' so React style="" attributes remain
25
25
  * compatible while inline <style> tags continue to use the nonce
@@ -34,7 +34,7 @@ export function generateNonce(): string {
34
34
  function buildDefaultCSP(nonce: string): string {
35
35
  return [
36
36
  `default-src 'self'`,
37
- `script-src 'self' 'nonce-${nonce}' https://cdn.jsdelivr.net`,
37
+ `script-src 'self' 'nonce-${nonce}' https://cdn.jsdelivr.net https://esm.sh`,
38
38
  `style-src 'self' 'unsafe-inline' 'nonce-${nonce}' https://fonts.googleapis.com https://cdn.veryfront.com`,
39
39
  `style-src-attr 'unsafe-inline'`,
40
40
  `img-src 'self' data: https:`,
package/src/src/utils/version-constant.ts CHANGED
@@ -1,3 +1,3 @@
1
1
  // Keep in sync with deno.json version.
2
2
  // scripts/release.ts updates this constant during releases.
3
- export const VERSION = "0.1.120";
3
+ export const VERSION = "0.1.122";