New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@locker/internal-policy

Package Overview
Dependencies
Maintainers
8
Versions
68
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@locker/internal-policy - npm Package Compare versions

Comparing version 0.19.7 to 0.19.8

23

dist/index.cjs.js

@@ -18,8 +18,25 @@ /*!

const controller$LWS = new sharedDom$LWS.AbortControllerCtor();
inflightRequests$LWS.set(targetElement$LWS, controller$LWS);
// The error "The value of the 'Access-Control-Allow-Origin' header in the
// response must not be the wildcard '*' when the request's credentials mode
// is 'include'" occurs when the Access-Control-Allow-Credentials header is
// set to true and the Access-Control-Allow-Origin header is set to an asterisk *.
//
// The error may be resolved in one of two ways:
// 1) Set the Access-Control-Allow-Credentials header to 'false' and keep
// the Access-Control-Allow-Origin header as an asterisk * to allow all
// origins to access your server.
// 2) Set the Access-Control-Allow-Origin header to a specific origin,
// e.g. 'http://localhost:3000' or a list of allowlisted origins that
// are allowed to access your server. Note that the origin must specify
// the protocol, domain and port.
const hostname$LWS = shared$LWS.ReflectApply(sharedDom$LWS.HTMLAnchorElementProtoHostnameGetter, sharedUrl$LWS.normalizerAnchor, []);
// To avoid the CORS error above without burdening users with header adjustments
// we limit credentials mode of 'include' to "trusted" domains.
const credentials$LWS = shared$LWS.ReflectApply(shared$LWS.RegExpProtoTest, sharedUrl$LWS.TRUSTED_DOMAINS_REG_EXP, [hostname$LWS]) ? 'include' : 'same-origin';
const signal$LWS = shared$LWS.ReflectApply(sharedDom$LWS.AbortControllerProtoSignalGetter, controller$LWS, []);
inflightRequests$LWS.set(targetElement$LWS, controller$LWS);
const response$LWS = await sharedDom$LWS.WindowFetch(resourceURL$LWS, {
__proto__: null,
method: 'GET',
credentials: 'include',
credentials: credentials$LWS,
signal: signal$LWS

@@ -190,2 +207,2 @@ });

exports.lwsInternalPolicy = lwsInternalPolicy$LWS;
/*! version: 0.19.7 */
/*! version: 0.19.8 */

29

dist/index.mjs.js

@@ -5,5 +5,5 @@ /*!

import { getSanitizerForConfig as getSanitizerForConfig$LWS } from '@locker/html-sanitizer';
import { toSafeWeakMap as toSafeWeakMap$LWS, WeakMapCtor as WeakMapCtor$LWS, ReflectApply as ReflectApply$LWS, ErrorCtor as ErrorCtor$LWS, toSafeWeakSet as toSafeWeakSet$LWS, WeakSetCtor as WeakSetCtor$LWS, LockerSecurityError as LockerSecurityError$LWS, ERR_INVALID_SANDBOX_KEY as ERR_INVALID_SANDBOX_KEY$LWS, PromiseProtoThen as PromiseProtoThen$LWS, ReflectDefineProperty as ReflectDefineProperty$LWS, FunctionProtoBind as FunctionProtoBind$LWS, ReflectDeleteProperty as ReflectDeleteProperty$LWS } from '@locker/shared';
import { AbortControllerCtor as AbortControllerCtor$LWS, AbortControllerProtoSignalGetter as AbortControllerProtoSignalGetter$LWS, WindowFetch as WindowFetch$LWS, ResponseProtoOkGetter as ResponseProtoOkGetter$LWS, ResponseProtoText as ResponseProtoText$LWS, AbortControllerProtoAbort as AbortControllerProtoAbort$LWS, DocumentProtoCreateElement as DocumentProtoCreateElement$LWS, ElementProtoInnerHTMLSetter as ElementProtoInnerHTMLSetter$LWS, DocumentProtoCreateElementNS as DocumentProtoCreateElementNS$LWS, NAMESPACE_SVG as NAMESPACE_SVG$LWS, NodeProtoFirstChildGetter as NodeProtoFirstChildGetter$LWS, ElementProtoInnerHTMLGetter as ElementProtoInnerHTMLGetter$LWS, HTMLTemplateElementProtoContentGetter as HTMLTemplateElementProtoContentGetter$LWS, NodeProtoIsConnectedGetter as NodeProtoIsConnectedGetter$LWS, URLCreateObjectURL as URLCreateObjectURL$LWS, BlobCtor as BlobCtor$LWS, ElementProtoGetAttribute as ElementProtoGetAttribute$LWS, ElementProtoHasAttribute as ElementProtoHasAttribute$LWS, ElementProtoNamespaceURIGetter as ElementProtoNamespaceURIGetter$LWS, ElementProtoSetAttributeNS as ElementProtoSetAttributeNS$LWS, URLRevokeObjectURL as URLRevokeObjectURL$LWS, EventTargetProtoAddEventListener as EventTargetProtoAddEventListener$LWS, HTMLScriptElementCtor as HTMLScriptElementCtor$LWS, NAMESPACE_XHTML as NAMESPACE_XHTML$LWS, NAMESPACE_XLINK as NAMESPACE_XLINK$LWS, EventTargetProtoRemoveEventListener as EventTargetProtoRemoveEventListener$LWS } from '@locker/shared-dom';
import { resolveURL as resolveURL$LWS } from '@locker/shared-url';
import { toSafeWeakMap as toSafeWeakMap$LWS, WeakMapCtor as WeakMapCtor$LWS, ReflectApply as ReflectApply$LWS, RegExpProtoTest as RegExpProtoTest$LWS, ErrorCtor as ErrorCtor$LWS, toSafeWeakSet as toSafeWeakSet$LWS, WeakSetCtor as WeakSetCtor$LWS, LockerSecurityError as LockerSecurityError$LWS, ERR_INVALID_SANDBOX_KEY as ERR_INVALID_SANDBOX_KEY$LWS, PromiseProtoThen as PromiseProtoThen$LWS, ReflectDefineProperty as ReflectDefineProperty$LWS, FunctionProtoBind as FunctionProtoBind$LWS, ReflectDeleteProperty as ReflectDeleteProperty$LWS } from '@locker/shared';
import { AbortControllerCtor as AbortControllerCtor$LWS, HTMLAnchorElementProtoHostnameGetter as HTMLAnchorElementProtoHostnameGetter$LWS, AbortControllerProtoSignalGetter as AbortControllerProtoSignalGetter$LWS, WindowFetch as WindowFetch$LWS, ResponseProtoOkGetter as ResponseProtoOkGetter$LWS, ResponseProtoText as ResponseProtoText$LWS, AbortControllerProtoAbort as AbortControllerProtoAbort$LWS, DocumentProtoCreateElement as DocumentProtoCreateElement$LWS, ElementProtoInnerHTMLSetter as ElementProtoInnerHTMLSetter$LWS, DocumentProtoCreateElementNS as DocumentProtoCreateElementNS$LWS, NAMESPACE_SVG as NAMESPACE_SVG$LWS, NodeProtoFirstChildGetter as NodeProtoFirstChildGetter$LWS, ElementProtoInnerHTMLGetter as ElementProtoInnerHTMLGetter$LWS, HTMLTemplateElementProtoContentGetter as HTMLTemplateElementProtoContentGetter$LWS, NodeProtoIsConnectedGetter as NodeProtoIsConnectedGetter$LWS, URLCreateObjectURL as URLCreateObjectURL$LWS, BlobCtor as BlobCtor$LWS, ElementProtoGetAttribute as ElementProtoGetAttribute$LWS, ElementProtoHasAttribute as ElementProtoHasAttribute$LWS, ElementProtoNamespaceURIGetter as ElementProtoNamespaceURIGetter$LWS, ElementProtoSetAttributeNS as ElementProtoSetAttributeNS$LWS, URLRevokeObjectURL as URLRevokeObjectURL$LWS, EventTargetProtoAddEventListener as EventTargetProtoAddEventListener$LWS, HTMLScriptElementCtor as HTMLScriptElementCtor$LWS, NAMESPACE_XHTML as NAMESPACE_XHTML$LWS, NAMESPACE_XLINK as NAMESPACE_XLINK$LWS, EventTargetProtoRemoveEventListener as EventTargetProtoRemoveEventListener$LWS } from '@locker/shared-dom';
import { normalizerAnchor as normalizerAnchor$LWS, TRUSTED_DOMAINS_REG_EXP as TRUSTED_DOMAINS_REG_EXP$LWS, resolveURL as resolveURL$LWS } from '@locker/shared-url';
import { createPolicy as createPolicy$LWS, trusted as trusted$LWS } from '@locker/trusted-types';

@@ -14,8 +14,25 @@ const inflightRequests$LWS = toSafeWeakMap$LWS(new WeakMapCtor$LWS());

const controller$LWS = new AbortControllerCtor$LWS();
inflightRequests$LWS.set(targetElement$LWS, controller$LWS);
// The error "The value of the 'Access-Control-Allow-Origin' header in the
// response must not be the wildcard '*' when the request's credentials mode
// is 'include'" occurs when the Access-Control-Allow-Credentials header is
// set to true and the Access-Control-Allow-Origin header is set to an asterisk *.
//
// The error may be resolved in one of two ways:
// 1) Set the Access-Control-Allow-Credentials header to 'false' and keep
// the Access-Control-Allow-Origin header as an asterisk * to allow all
// origins to access your server.
// 2) Set the Access-Control-Allow-Origin header to a specific origin,
// e.g. 'http://localhost:3000' or a list of allowlisted origins that
// are allowed to access your server. Note that the origin must specify
// the protocol, domain and port.
const hostname$LWS = ReflectApply$LWS(HTMLAnchorElementProtoHostnameGetter$LWS, normalizerAnchor$LWS, []);
// To avoid the CORS error above without burdening users with header adjustments
// we limit credentials mode of 'include' to "trusted" domains.
const credentials$LWS = ReflectApply$LWS(RegExpProtoTest$LWS, TRUSTED_DOMAINS_REG_EXP$LWS, [hostname$LWS]) ? 'include' : 'same-origin';
const signal$LWS = ReflectApply$LWS(AbortControllerProtoSignalGetter$LWS, controller$LWS, []);
inflightRequests$LWS.set(targetElement$LWS, controller$LWS);
const response$LWS = await WindowFetch$LWS(resourceURL$LWS, {
__proto__: null,
method: 'GET',
credentials: 'include',
credentials: credentials$LWS,
signal: signal$LWS

@@ -186,2 +203,2 @@ });

export { ContentType$LWS as ContentType, lwsInternalPolicy$LWS as lwsInternalPolicy };
/*! version: 0.19.7 */
/*! version: 0.19.8 */

12

package.json
{
"name": "@locker/internal-policy",
"version": "0.19.7",
"version": "0.19.8",
"license": "SEE LICENSE IN LICENSE.txt",

@@ -22,8 +22,8 @@ "author": "Salesforce UI Security Team",

"dependencies": {
"@locker/html-sanitizer": "0.19.7",
"@locker/shared": "0.19.7",
"@locker/shared-dom": "0.19.7",
"@locker/shared-url": "0.19.7",
"@locker/trusted-types": "0.19.7"
"@locker/html-sanitizer": "0.19.8",
"@locker/shared": "0.19.8",
"@locker/shared-dom": "0.19.8",
"@locker/shared-url": "0.19.8",
"@locker/trusted-types": "0.19.8"
}
}

2

README.md

@@ -13,1 +13,3 @@ # @locker/internal-policy

```
NOTE: if polyfills are needed to support additional trustedTypes functionality, such as getAttributeType or getPropertyType, the code at https://github.com/w3c/trusted-types/blob/main/src/trustedtypes.js is a great resource to get started.
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc