veryfront 0.1.124 → 0.1.127
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/esm/deno.js +1 -1
- package/esm/src/html/hydration-script-builder/templates/router.d.ts.map +1 -1
- package/esm/src/html/hydration-script-builder/templates/router.js +9 -0
- package/esm/src/react/components/Head.d.ts.map +1 -1
- package/esm/src/react/components/Head.js +5 -0
- package/esm/src/react/components/ai/chat/composition/chat-root.d.ts.map +1 -1
- package/esm/src/react/components/ai/chat/composition/chat-root.js +3 -1
- package/esm/src/react/components/ai/chat-with-sidebar.d.ts.map +1 -1
- package/esm/src/react/components/ai/chat-with-sidebar.js +3 -1
- package/esm/src/react/components/ai/csp-nonce.d.ts +6 -0
- package/esm/src/react/components/ai/csp-nonce.d.ts.map +1 -0
- package/esm/src/react/components/ai/csp-nonce.js +13 -0
- package/esm/src/security/http/response/security-handler.d.ts.map +1 -1
- package/esm/src/security/http/response/security-handler.js +12 -4
- package/esm/src/server/handlers/dev/framework-candidates.generated.d.ts.map +1 -1
- package/esm/src/server/handlers/dev/framework-candidates.generated.js +186 -0
- package/esm/src/transforms/mdx/esm-module-loader/import-transformer.js +1 -1
- package/esm/src/transforms/mdx/esm-module-loader/jsx-cache.js +1 -1
- package/esm/src/transforms/mdx/esm-module-loader/module-fetcher/import-rewriter.d.ts +1 -14
- package/esm/src/transforms/mdx/esm-module-loader/module-fetcher/import-rewriter.d.ts.map +1 -1
- package/esm/src/transforms/mdx/esm-module-loader/module-fetcher/import-rewriter.js +50 -8
- package/esm/src/transforms/mdx/esm-module-loader/module-fetcher/index.js +1 -1
- package/esm/src/transforms/pipeline/stages/ssr-vf-modules/path-resolver.d.ts.map +1 -1
- package/esm/src/transforms/pipeline/stages/ssr-vf-modules/path-resolver.js +18 -17
- package/esm/src/utils/version-constant.d.ts +1 -1
- package/esm/src/utils/version-constant.js +1 -1
- package/package.json +1 -1
- package/src/deno.js +1 -1
- package/src/src/html/hydration-script-builder/templates/router.ts +9 -0
- package/src/src/react/components/Head.tsx +5 -0
- package/src/src/react/components/ai/chat/composition/chat-root.tsx +3 -1
- package/src/src/react/components/ai/chat-with-sidebar.tsx +3 -1
- package/src/src/react/components/ai/csp-nonce.ts +13 -0
- package/src/src/security/http/response/security-handler.ts +12 -4
- package/src/src/server/handlers/dev/framework-candidates.generated.ts +186 -0
- package/src/src/transforms/mdx/esm-module-loader/import-transformer.ts +1 -1
- package/src/src/transforms/mdx/esm-module-loader/jsx-cache.ts +1 -1
- package/src/src/transforms/mdx/esm-module-loader/module-fetcher/import-rewriter.ts +54 -12
- package/src/src/transforms/mdx/esm-module-loader/module-fetcher/index.ts +1 -1
- package/src/src/transforms/pipeline/stages/ssr-vf-modules/path-resolver.ts +17 -13
- package/src/src/utils/version-constant.ts +1 -1
package/esm/deno.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"router.d.ts","sourceRoot":"","sources":["../../../../../src/src/html/hydration-script-builder/templates/router.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,eAAe,
|
|
1
|
+
{"version":3,"file":"router.d.ts","sourceRoot":"","sources":["../../../../../src/src/html/hydration-script-builder/templates/router.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,eAAe,cAsqB3B,CAAC"}
|
|
@@ -42,6 +42,13 @@ export const getRouterScript = () => `
|
|
|
42
42
|
const log = DEBUG ? console.log.bind(console, '[Veryfront]') : () => {};
|
|
43
43
|
const logError = console.error.bind(console, '[Veryfront]');
|
|
44
44
|
|
|
45
|
+
function getDocumentNonce() {
|
|
46
|
+
const element = document.querySelector('script[nonce], style[nonce], link[nonce]');
|
|
47
|
+
if (!element) return undefined;
|
|
48
|
+
|
|
49
|
+
return element.nonce || element.getAttribute('nonce') || undefined;
|
|
50
|
+
}
|
|
51
|
+
|
|
45
52
|
// ============================================
|
|
46
53
|
// Version tracking for cache invalidation
|
|
47
54
|
// ============================================
|
|
@@ -417,6 +424,8 @@ export const getRouterScript = () => `
|
|
|
417
424
|
existingStyle.textContent = pageData.css;
|
|
418
425
|
} else {
|
|
419
426
|
const styleEl = document.createElement('style');
|
|
427
|
+
const nonce = getDocumentNonce();
|
|
428
|
+
if (nonce) styleEl.setAttribute('nonce', nonce);
|
|
420
429
|
styleEl.id = 'veryfront-spa-css';
|
|
421
430
|
styleEl.textContent = pageData.css;
|
|
422
431
|
document.head.appendChild(styleEl);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Head.d.ts","sourceRoot":"","sources":["../../../../src/src/react/components/Head.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,OAAO,4BAA4B,CAAC;AAEpC,OAAO,KAA4B,MAAM,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"Head.d.ts","sourceRoot":"","sources":["../../../../src/src/react/components/Head.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,OAAO,4BAA4B,CAAC;AAEpC,OAAO,KAA4B,MAAM,OAAO,CAAC;AAKjD,wBAAgB,IAAI,CAAC,EAAE,QAAQ,EAAE,EAAE;IAAE,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAA;CAAE,GAAG,KAAK,CAAC,YAAY,CAwJpF"}
|
|
@@ -24,6 +24,7 @@ import "../../../_dnt.polyfills.js";
|
|
|
24
24
|
import React, { useEffect, useRef } from "react";
|
|
25
25
|
import { collectHead } from "../head-collector.js";
|
|
26
26
|
import { isServerEnvironment } from "../../platform/compat/runtime.js";
|
|
27
|
+
import { getDocumentNonce } from "./ai/csp-nonce.js";
|
|
27
28
|
export function Head({ children }) {
|
|
28
29
|
const mountedRef = useRef(false);
|
|
29
30
|
const isSSR = isServerEnvironment();
|
|
@@ -91,6 +92,7 @@ export function Head({ children }) {
|
|
|
91
92
|
if (!children)
|
|
92
93
|
return;
|
|
93
94
|
const addedElements = [];
|
|
95
|
+
const nonce = getDocumentNonce();
|
|
94
96
|
React.Children.forEach(children, (child) => {
|
|
95
97
|
if (!React.isValidElement(child))
|
|
96
98
|
return;
|
|
@@ -104,6 +106,9 @@ export function Head({ children }) {
|
|
|
104
106
|
return;
|
|
105
107
|
}
|
|
106
108
|
const element = document.createElement(type);
|
|
109
|
+
if ((type === "style" || type === "script") && !props.nonce && nonce) {
|
|
110
|
+
element.setAttribute("nonce", nonce);
|
|
111
|
+
}
|
|
107
112
|
// For scripts, check if already SSR'd via <Head> to avoid double execution
|
|
108
113
|
if (type === "script") {
|
|
109
114
|
const src = props.src;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"chat-root.d.ts","sourceRoot":"","sources":["../../../../../../../src/src/react/components/ai/chat/composition/chat-root.tsx"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,qCAAqC,CAAC;AACrE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"chat-root.d.ts","sourceRoot":"","sources":["../../../../../../../src/src/react/components/ai/chat/composition/chat-root.tsx"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,qCAAqC,CAAC;AACrE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAGhD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mCAAmC,CAAC;AACvE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qCAAqC,CAAC;AAItE,MAAM,WAAW,aAAc,SAAQ,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,cAAc,CAAC,EAAE,UAAU,CAAC;IAC3F,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAG1B,QAAQ,EAAE,SAAS,EAAE,CAAC;IACtB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,KAAK,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC;IAGrB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;IAGnC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,SAAS,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACzD,MAAM,CAAC,EAAE,MAAM,IAAI,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,IAAI,CAAC;IAGtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,WAAW,EAAE,CAAC;IACvB,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IAG1C,WAAW,CAAC,EAAE,cAAc,EAAE,CAAC;IAC/B,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,KAAK,IAAI,CAAC;IACrC,kBAAkB,CAAC,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,IAAI,CAAC;IAG1C,WAAW,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpE,WAAW,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,UAAU,CAAC;IAChD,YAAY,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,KAAK,IAAI,CAAC;IAGhE,UAAU,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,KAAK,IAAI,CAAC;IAGlE,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,aAAa,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;IAGxD,KAAK,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,eAAO,MAAM,QAAQ,KAkHpB,CAAC"}
|
|
@@ -8,10 +8,12 @@
|
|
|
8
8
|
*/
|
|
9
9
|
import * as React from "react";
|
|
10
10
|
import { ChatContainer } from "../../../../primitives/index.js";
|
|
11
|
+
import { getDocumentNonce } from "../../csp-nonce.js";
|
|
11
12
|
import { cn, defaultChatTheme, generateTokenCSS, mergeThemes } from "../../theme.js";
|
|
12
13
|
import { ChatContextProvider } from "../contexts/chat-context.js";
|
|
13
14
|
export const ChatRoot = React.forwardRef(function ChatRoot({ children, messages, isLoading = false, error = null, input, setInput, onSubmit, onStop, onReload, model, models = [], onModelChange, attachments = [], onAttach, onRemoveAttachment, editMessage, getBranches, switchBranch, onFeedback, showSources = false, onSourceClick, theme: userTheme, maxHeight = "100%", className, style, ...containerProps }, ref) {
|
|
14
15
|
const theme = React.useMemo(() => mergeThemes(defaultChatTheme, userTheme), [userTheme]);
|
|
16
|
+
const nonce = getDocumentNonce();
|
|
15
17
|
const tokenCSS = React.useMemo(() => generateTokenCSS(), []);
|
|
16
18
|
const [isAtBottom, _setIsAtBottom] = React.useState(true);
|
|
17
19
|
const scrollAreaRef = React.useRef(null);
|
|
@@ -72,7 +74,7 @@ export const ChatRoot = React.forwardRef(function ChatRoot({ children, messages,
|
|
|
72
74
|
theme,
|
|
73
75
|
]);
|
|
74
76
|
return (React.createElement(ChatContextProvider, { value: contextValue },
|
|
75
|
-
React.createElement("style", { dangerouslySetInnerHTML: { __html: tokenCSS } }),
|
|
77
|
+
React.createElement("style", { nonce: nonce, dangerouslySetInnerHTML: { __html: tokenCSS } }),
|
|
76
78
|
React.createElement(ChatContainer, { ref: ref, "data-vf-chat": "", className: cn(theme.container, "relative", className), style: { maxHeight, ...style }, ...containerProps }, children)));
|
|
77
79
|
});
|
|
78
80
|
ChatRoot.displayName = "ChatRoot";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"chat-with-sidebar.d.ts","sourceRoot":"","sources":["../../../../../src/src/react/components/ai/chat-with-sidebar.tsx"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"chat-with-sidebar.d.ts","sourceRoot":"","sources":["../../../../../src/src/react/components/ai/chat-with-sidebar.tsx"],"names":[],"mappings":"AAGA,OAAO,EAAQ,KAAK,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAMvD,KAAK,iBAAiB,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,UAAU,CAAC,KAAK,IAAI,CAAC;AAKnE,KAAK,gBAAgB,GAAG,WAAW,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC;AAE9D,MAAM,WAAW,6BAA6B;IAC5C,QAAQ,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC;IAChC,KAAK,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC;IAC1B,QAAQ,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC;IAChC,QAAQ,CAAC,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC;IACjC,IAAI,CAAC,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IACzB,MAAM,CAAC,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC7B,QAAQ,CAAC,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC;IACjC,SAAS,CAAC,EAAE,SAAS,CAAC,WAAW,CAAC,CAAC;IACnC,KAAK,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC;IAC3B,KAAK,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC;IAC3B,WAAW,CAAC,EAAE,SAAS,CAAC,aAAa,CAAC,CAAC;IACvC,aAAa,CAAC,EAAE,SAAS,CAAC,eAAe,CAAC,CAAC;IAC3C,aAAa,CAAC,EAAE,SAAS,CAAC,eAAe,CAAC,CAAC;IAC3C,aAAa,CAAC,EAAE,SAAS,CAAC,eAAe,CAAC,CAAC;IAC3C,WAAW,CAAC,EAAE,SAAS,CAAC,aAAa,CAAC,CAAC;IACvC,WAAW,CAAC,EAAE,SAAS,CAAC,aAAa,CAAC,CAAC;IACvC,YAAY,CAAC,EAAE,SAAS,CAAC,cAAc,CAAC,CAAC;IACzC,WAAW,EAAE,iBAAiB,CAAC;CAChC;AAED,UAAU,gCAAgC;IACxC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,MAAM,4BAA4B,GACpC,CAAC,gCAAgC,GAAG;IACpC,IAAI,EAAE,OAAO,CAAC;IACd,QAAQ,EAAE,MAAM,IAAI,CAAC;CACtB,CAAC,GACA,CAAC,gCAAgC,GAAG;IACpC,IAAI,CAAC,EAAE,SAAS,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,IAAI,CAAC;CACvB,CAAC,CAAC;AAEL,MAAM,WAAW,0BAA0B;IACzC,OAAO,CAAC,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC;CAC/B;AAED,MAAM,WAAW,+BAA+B;IAC9C,MAAM,CAAC,EAAE,SAAS,CAAC,cAAc,CAAC,CAAC;IACnC,KAAK,CAAC,EAAE,SAAS,CAAC,aAAa,CAAC,CAAC;IACjC,OAAO,CAAC,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;IAC/B,QAAQ,CAAC,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC;IACjC,MAAM,CAAC,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC7B,YAAY,CAAC,EAAE,SAAS,CAAC,oBAAoB,CAAC,CAAC;IAC/C,cAAc,CAAC,EAAE,SAAS,CAAC,gBAAgB,CAAC,CAAC;CAC9C;AAED,MAAM,WAAW,iCAAiC;IAChD,WAAW,CAAC,EAAE,SAAS,CAAC,aAAa,CAAC,CAAC;IACvC,iBAAiB,CAAC,EAAE,SAAS,CAAC,mBAAmB,CAAC,CAAC;IACnD,OAAO,CAAC,EAAE,SAAS,CAAC,cAAc,CAAC,CAAC;IACpC,QAAQ,CAAC,EAAE,SAAS,CAAC,eAAe,CAAC,CAAC;CACvC;AAED,MAAM,WAAW,4BAA4B;IAC3C,MAAM,CAAC,EAAE,SAAS,CAAC,eAAe,CAAC,CAAC;IACpC,UAAU,CAAC,EAAE,SAAS,CAAC,YAAY,CAAC,CAAC;IACrC,UAAU,CAAC,EAAE,SAAS,CAAC,YAAY,CAAC,CAAC;IACrC,aAAa,CAAC,EAAE,SAAS,CAAC,eAAe,CAAC,CAAC;CAC5C;AAED,MAAM,WAAW,4BAA4B;IAC3C,KAAK,CAAC,EAAE,SAAS,CAAC,WAAW,CAAC,CAAC;IAC/B,IAAI,CAAC,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC;IAC7B,OAAO,CAAC,EAAE,SAAS,CAAC,aAAa,CAAC,CAAC;IACnC,MAAM,CAAC,EAAE,SAAS,CAAC,YAAY,CAAC,CAAC;IACjC,YAAY,CAAC,EAAE,SAAS,CAAC,kBAAkB,CAAC,CAAC;IAC7C,cAAc,CAAC,EAAE,SAAS,CAAC,oBAAoB,CAAC,CAAC;CAClD;AAED,MAAM,MAAM,yBAAyB,GACjC;IACA,MAAM,EAAE,SAAS,CAAC,WAAW,CAAC,CAAC;IAC/B,QAAQ,EAAE,gBAAgB,CAAC;CAC5B,GACC;IACA,MAAM,CAAC,EAAE,SAAS,CAAC;IACnB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;CAC7B,CAAC;AAEJ,MAAM,WAAW,0BAA0B;IACzC,OAAO,CAAC,EAAE,SAAS,CAAC,aAAa,CAAC,CAAC;IACnC,OAAO,CAAC,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;CAChC;AAED,MAAM,WAAW,2BAA2B;IAC1C,IAAI,EAAE,6BAA6B,CAAC;IACpC,OAAO,CAAC,EAAE,4BAA4B,CAAC;IACvC,MAAM,CAAC,EAAE,0BAA0B,CAAC;IACpC,WAAW,CAAC,EAAE,+BAA+B,CAAC;IAC9C,YAAY,CAAC,EAAE,iCAAiC,CAAC;IACjD,OAAO,CAAC,EAAE,4BAA4B,CAAC;IACvC,QAAQ,CAAC,EAAE,4BAA4B,CAAC;IACxC,IAAI,CAAC,EAAE,yBAAyB,CAAC;IACjC,KAAK,CAAC,EAAE,0BAA0B,CAAC;IACnC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,SAAS,CAAC,WAAW,CAAC,CAAC;IACnC,KAAK,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC;IAC3B,WAAW,CAAC,EAAE,SAAS,CAAC,aAAa,CAAC,CAAC;IACvC,UAAU,CAAC,EAAE,SAAS,CAAC,YAAY,CAAC,CAAC;IACrC,QAAQ,CAAC,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC;CAClC;AAED,MAAM,MAAM,oBAAoB,GAAG,2BAA2B,CAAC;AAE/D,eAAO,MAAM,eAAe,KAsP3B,CAAC"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import * as React from "react";
|
|
2
|
+
import { getDocumentNonce } from "./csp-nonce.js";
|
|
2
3
|
import { cn, generateTokenCSS } from "./theme.js";
|
|
3
4
|
import { Chat } from "./chat/index.js";
|
|
4
5
|
import { ChatSidebar } from "./chat/components/sidebar.js";
|
|
@@ -6,6 +7,7 @@ import { TabSwitcher } from "./chat/components/tab-switcher.js";
|
|
|
6
7
|
import { useThreads } from "./chat/hooks/use-threads.js";
|
|
7
8
|
import { PanelLeftIcon } from "./icons/index.js";
|
|
8
9
|
export const ChatWithSidebar = React.forwardRef(function ChatWithSidebar({ chat, sidebar, models, attachments, quickActions, message, features, tabs, voice, className, maxHeight, theme, placeholder, emptyState, children, }, ref) {
|
|
10
|
+
const nonce = getDocumentNonce();
|
|
9
11
|
const storageKey = sidebar?.storageKey;
|
|
10
12
|
const controlledOpen = sidebar?.open;
|
|
11
13
|
const onSidebarToggle = sidebar?.onToggle;
|
|
@@ -147,7 +149,7 @@ export const ChatWithSidebar = React.forwardRef(function ChatWithSidebar({ chat,
|
|
|
147
149
|
}
|
|
148
150
|
const tokenCSS = React.useMemo(() => generateTokenCSS(), []);
|
|
149
151
|
return (React.createElement("div", { ref: ref, className: cn("flex h-full bg-[var(--background)]", className), "data-vf-chat": "" },
|
|
150
|
-
React.createElement("style", { dangerouslySetInnerHTML: { __html: tokenCSS } }),
|
|
152
|
+
React.createElement("style", { nonce: nonce, dangerouslySetInnerHTML: { __html: tokenCSS } }),
|
|
151
153
|
sidebarOpen && (React.createElement(ChatSidebar, { threads: threads, activeThreadId: activeThreadId, onSelectThread: handleSelectThread, onDeleteThread: (id) => {
|
|
152
154
|
deleteThread(id);
|
|
153
155
|
const next = threadsRef.current.find((t) => t.id !== id);
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"csp-nonce.d.ts","sourceRoot":"","sources":["../../../../../src/src/react/components/ai/csp-nonce.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,GAAG,SAAS,CAQrD"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Reuse the server-issued CSP nonce for client-created style/script elements
|
|
3
|
+
* during hydration and SPA updates.
|
|
4
|
+
*/
|
|
5
|
+
export function getDocumentNonce() {
|
|
6
|
+
if (typeof document === "undefined")
|
|
7
|
+
return undefined;
|
|
8
|
+
const element = document.querySelector("script[nonce], style[nonce], link[nonce]");
|
|
9
|
+
if (!element)
|
|
10
|
+
return undefined;
|
|
11
|
+
const nonce = element.nonce || element.getAttribute("nonce") || "";
|
|
12
|
+
return nonce || undefined;
|
|
13
|
+
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security-handler.d.ts","sourceRoot":"","sources":["../../../../../src/src/security/http/response/security-handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,OAAO,MAAM,2BAA2B,CAAC;AACrD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AAEzE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAQjD,wBAAgB,aAAa,IAAI,MAAM,CAItC;
|
|
1
|
+
{"version":3,"file":"security-handler.d.ts","sourceRoot":"","sources":["../../../../../src/src/security/http/response/security-handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,OAAO,MAAM,2BAA2B,CAAC;AACrD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AAEzE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAQjD,wBAAgB,aAAa,IAAI,MAAM,CAItC;AA2CD,wBAAgB,QAAQ,CACtB,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,MAAM,GAAG,IAAI,EAC5B,MAAM,CAAC,EAAE,cAAc,GAAG,IAAI,EAC9B,OAAO,CAAC,EAAE,cAAc,GACvB,MAAM,CA4BR;AAED,wBAAgB,iBAAiB,CAC/B,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,EACpB,MAAM,CAAC,EAAE,cAAc,GAAG,IAAI,EAC9B,OAAO,CAAC,EAAE,cAAc,GACvB,MAAM,CAMR;AAED,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,OAAO,CAAC,OAAO,EACxB,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,MAAM,GAAG,IAAI,EAC5B,MAAM,CAAC,EAAE,cAAc,GAAG,IAAI,EAC9B,OAAO,CAAC,EAAE,cAAc,EACxB,iBAAiB,CAAC,EAAE,OAAO,GAC1B,IAAI,CA6DN"}
|
|
@@ -14,9 +14,16 @@ export function generateNonce() {
|
|
|
14
14
|
*
|
|
15
15
|
* - Scripts: nonce-based + cdn.jsdelivr.net + esm.sh (Scalar API docs,
|
|
16
16
|
* html2canvas, legacy/browser ESM hydration)
|
|
17
|
-
* - Styles:
|
|
18
|
-
*
|
|
19
|
-
*
|
|
17
|
+
* - Styles:
|
|
18
|
+
* - style-src: 'self' + 'unsafe-inline' + Google Fonts + cdn.veryfront.com
|
|
19
|
+
* so React style="" attributes and framework inline styles remain
|
|
20
|
+
* compatible. Do not include a nonce in style-src here: browsers ignore
|
|
21
|
+
* 'unsafe-inline' when a nonce/hash is present on the directive, which
|
|
22
|
+
* breaks React style attributes.
|
|
23
|
+
* - style-src-elem: nonce-based + Google Fonts + cdn.veryfront.com for
|
|
24
|
+
* inline <style> tags and stylesheet elements
|
|
25
|
+
* - style-src-attr: 'unsafe-inline' for modern browsers with directive-level
|
|
26
|
+
* style attribute support
|
|
20
27
|
* - Images/media/fonts: 'self' + data: + https: + cdn.veryfront.com
|
|
21
28
|
* - Connections: 'self' + wss: + https: (WebSocket for HMR/live reload, API calls)
|
|
22
29
|
* - Objects: 'none' (block Flash/plugins)
|
|
@@ -29,7 +36,8 @@ function buildDefaultCSP(nonce) {
|
|
|
29
36
|
return [
|
|
30
37
|
`default-src 'self'`,
|
|
31
38
|
`script-src 'self' 'nonce-${nonce}' https://cdn.jsdelivr.net https://esm.sh`,
|
|
32
|
-
`style-src 'self' 'unsafe-inline'
|
|
39
|
+
`style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.veryfront.com`,
|
|
40
|
+
`style-src-elem 'self' 'nonce-${nonce}' https://fonts.googleapis.com https://cdn.veryfront.com`,
|
|
33
41
|
`style-src-attr 'unsafe-inline'`,
|
|
34
42
|
`img-src 'self' data: https:`,
|
|
35
43
|
`font-src 'self' data: https://fonts.gstatic.com https://cdn.veryfront.com`,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"framework-candidates.generated.d.ts","sourceRoot":"","sources":["../../../../../src/src/server/handlers/dev/framework-candidates.generated.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,eAAO,MAAM,oBAAoB,EAAE,SAAS,MAAM,
|
|
1
|
+
{"version":3,"file":"framework-candidates.generated.d.ts","sourceRoot":"","sources":["../../../../../src/src/server/handlers/dev/framework-candidates.generated.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,eAAO,MAAM,oBAAoB,EAAE,SAAS,MAAM,EA2wKjD,CAAC"}
|