veryfront 0.1.763 → 0.1.764

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/esm/deno.js CHANGED
@@ -1,6 +1,6 @@
1
1
  export default {
2
2
  "name": "veryfront",
3
- "version": "0.1.763",
3
+ "version": "0.1.764",
4
4
  "license": "Apache-2.0",
5
5
  "nodeModulesDir": "auto",
6
6
  "minimumDependencyAge": "P2D",
@@ -1 +1 @@
1
- {"version":3,"file":"security-handler.d.ts","sourceRoot":"","sources":["../../../../../src/src/security/http/response/security-handler.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AAEzE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAQjD,wBAAgB,aAAa,IAAI,MAAM,CAItC;AAyED,wBAAgB,sBAAsB,CACpC,GAAG,EAAE,cAAc,CAAC,KAAK,CAAC,EAC1B,KAAK,CAAC,EAAE,MAAM,GACb,MAAM,GAAG,IAAI,CAef;AAED,wBAAgB,QAAQ,CACtB,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,MAAM,GAAG,IAAI,EAC5B,MAAM,CAAC,EAAE,cAAc,GAAG,IAAI,EAC9B,OAAO,CAAC,EAAE,cAAc,EACxB,iBAAiB,CAAC,EAAE,OAAO,GAC1B,MAAM,CAiBR;AAED,wBAAgB,iBAAiB,CAC/B,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,EACpB,MAAM,CAAC,EAAE,cAAc,GAAG,IAAI,EAC9B,OAAO,CAAC,EAAE,cAAc,GACvB,MAAM,CAMR;AAED,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,OAAO,EAChB,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,MAAM,GAAG,IAAI,EAC5B,MAAM,CAAC,EAAE,cAAc,GAAG,IAAI,EAC9B,OAAO,CAAC,EAAE,cAAc,EACxB,iBAAiB,CAAC,EAAE,OAAO,GAC1B,IAAI,CAqEN"}
1
+ {"version":3,"file":"security-handler.d.ts","sourceRoot":"","sources":["../../../../../src/src/security/http/response/security-handler.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AAEzE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAQjD,wBAAgB,aAAa,IAAI,MAAM,CAItC;AA8ED,wBAAgB,sBAAsB,CACpC,GAAG,EAAE,cAAc,CAAC,KAAK,CAAC,EAC1B,KAAK,CAAC,EAAE,MAAM,GACb,MAAM,GAAG,IAAI,CAef;AAED,wBAAgB,QAAQ,CACtB,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,MAAM,GAAG,IAAI,EAC5B,MAAM,CAAC,EAAE,cAAc,GAAG,IAAI,EAC9B,OAAO,CAAC,EAAE,cAAc,EACxB,iBAAiB,CAAC,EAAE,OAAO,GAC1B,MAAM,CAiBR;AAED,wBAAgB,iBAAiB,CAC/B,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,EACpB,MAAM,CAAC,EAAE,cAAc,GAAG,IAAI,EAC9B,OAAO,CAAC,EAAE,cAAc,GACvB,MAAM,CAMR;AAED,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,OAAO,EAChB,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,MAAM,GAAG,IAAI,EAC5B,MAAM,CAAC,EAAE,cAAc,GAAG,IAAI,EAC9B,OAAO,CAAC,EAAE,cAAc,EACxB,iBAAiB,CAAC,EAAE,OAAO,GAC1B,IAAI,CAqEN"}
@@ -36,15 +36,19 @@ const VERYFRONT_FRAME_ANCESTORS = [
36
36
  * html2canvas, legacy/browser ESM hydration)
37
37
  * - Styles:
38
38
  * - style-src: 'self' + 'unsafe-inline' + Google Fonts + cdn.veryfront.com
39
- * so React style="" attributes and framework inline styles remain
40
- * compatible. Do not include a nonce in style-src here: browsers ignore
41
- * 'unsafe-inline' when a nonce/hash is present on the directive, which
42
- * breaks React style attributes.
43
- * - style-src-elem: nonce-based + Google Fonts + cdn.veryfront.com for
44
- * inline <style> tags and stylesheet elements
39
+ * + Video.js CDN so React style="" attributes, framework inline styles,
40
+ * and common media-player stylesheets remain compatible. Do not include a
41
+ * nonce in style directives here: browsers ignore 'unsafe-inline' when a
42
+ * nonce/hash is present, which breaks runtime-created style attributes and
43
+ * style elements.
44
+ * - style-src-elem: 'unsafe-inline' + Google Fonts + cdn.veryfront.com +
45
+ * Video.js CDN for runtime-created <style> tags and stylesheet elements
45
46
  * - style-src-attr: 'unsafe-inline' for modern browsers with directive-level
46
47
  * style attribute support
47
- * - Images/media/fonts: 'self' + data: + https: + cdn.veryfront.com
48
+ * - Images/fonts: 'self' + data: + https: + cdn.veryfront.com
49
+ * - Media: 'self' + https: + blob: where browser media pipelines require
50
+ * object URLs
51
+ * - Workers: 'self' + blob: for browser libraries that create blob workers
48
52
  * - Connections: 'self' + wss: + https: (WebSocket for HMR/live reload, API calls)
49
53
  * - Objects: 'none' (block Flash/plugins)
50
54
  * - Frames: 'self' (allows same-origin iframes; apps embedding external
@@ -63,13 +67,14 @@ function buildDefaultCSP(nonce, isVeryfrontDomain) {
63
67
  return [
64
68
  `default-src 'self'`,
65
69
  `script-src 'self' 'nonce-${nonce}' https://cdn.jsdelivr.net https://esm.sh`,
66
- `style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.veryfront.com`,
67
- `style-src-elem 'self' 'nonce-${nonce}' https://fonts.googleapis.com https://cdn.veryfront.com`,
70
+ `style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.veryfront.com https://vjs.zencdn.net`,
71
+ `style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.veryfront.com https://vjs.zencdn.net`,
68
72
  `style-src-attr 'unsafe-inline'`,
69
73
  `img-src 'self' data: https:`,
70
74
  `font-src 'self' data: https://fonts.gstatic.com https://cdn.veryfront.com`,
71
75
  `connect-src 'self' wss: https:`,
72
- `media-src 'self' https:`,
76
+ `media-src 'self' https: blob:`,
77
+ `worker-src 'self' blob:`,
73
78
  `object-src 'none'`,
74
79
  `frame-src 'self'`,
75
80
  frameAncestors,
@@ -1,3 +1,3 @@
1
1
  /** Shared version value. */
2
- export declare const VERSION = "0.1.763";
2
+ export declare const VERSION = "0.1.764";
3
3
  //# sourceMappingURL=version-constant.d.ts.map
@@ -1,4 +1,4 @@
1
1
  // Keep in sync with deno.json version.
2
2
  // scripts/release.ts updates this constant during releases.
3
3
  /** Shared version value. */
4
- export const VERSION = "0.1.763";
4
+ export const VERSION = "0.1.764";
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "veryfront",
3
- "version": "0.1.763",
3
+ "version": "0.1.764",
4
4
  "description": "The simplest way to build AI-powered apps",
5
5
  "keywords": [
6
6
  "react",