Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@mashroom/mashroom-helmet

Package Overview
Dependencies
Maintainers
1
Versions
85
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@mashroom/mashroom-helmet - npm Package Versions

1
9

1.9.3

Diff

Changelog

Source

1.9.3 (January 11, 2022)

  • Portal: Added i18n title to MashroomPortalAppService.getAvailableApps()
  • Background Jobs: The cronSchedule property is now optional for backend jobs. If you omit it the job will be executed exactly once at startup. Which is useful if you want to do something during startup.
  • Core: When the build fails, also info gathered from stdout is logged. Tools like eslint use this channel to provide more detailed info about the failure
jkofler
published 1.9.2 •

Changelog

Source

1.9.2 (December 11, 2021)

  • Security: The security providers that rely on the Express Session (Simple, LDAP, OpenID-Connect) are going to log an error now if the session configuration is not suitable (e.g. when the access token lives longer than the session that stores it).
  • Browser Cache: Increased the default TTL to 30d to improve the Lighthouse score. Make sure all your resources in the Theme use cache busting or set a lower TTL value for your server like this:
     {
       "plugins": {
         "Mashroom Cache Control Services": {
           "maxAgeSec": 86400
         }
       }
     }
    
  • Portal Default Theme: Fixed setting and updating meta description and keywords
  • Portal Default Theme: Fixed crawlability (some hrefs were missing)
  • MongoDB Session Provider: Fixed startup and detecting connected state
  • Admin Toolbar: Works now if the site path is "/" (because the /portal/my-site is mapped to / via vhost path mapper)
  • Portal: Made sure the MashroomPortalStateService works with dynamic routing (when paths are updated via History API)
jkofler
published 1.9.1 •

Changelog

Source

1.9.1 (November 8, 2021)

  • Portal: Fixed loading multiple instances of an App on the same page (was broken due to a caching issue, see issue #89)
  • LDAP Security Provider: Fixed searching for groups if the distinguished name contains special characters (as defined in RFC 2253)
jkofler
published 1.9.0 •

Changelog

Source

1.9.0 (October 18, 2021)

  • Portal: BREAKING CHANGE: Removed portalBasePath from the page render model because it doesn't make sense in combination with the vhost path mapper. Only use siteBasePath.
  • Portal: Client log messages contain now the path of the page where they were generated
  • K8S Remote App Registry: Added the possibility to filter services by label selectors Example:
      "k8sNamespacesLabelSelector": "environment=development,tier=frontend",
      "k8sNamespaces": null,
      "k8sServiceLabelSelector": "microfrontend=true,channel!=alpha"
    
  • K8S Remote App Registry: Added the possibility to scan in namespaces identified by a labelSelector. Example: Scan all services in namespaces with label environment=development and microfrontend in the name:
      "k8sNamespacesLabelSelector": "environment=development",
      "k8sNamespaces": null,
      "serviceNameFilter": "(microfrontend-)",
    
  • Portal: BREAKING CHANGE: Removed MashroomRestService from client services because it is only intended for internal use. Portal Apps should use fetch directly.
  • Default Theme: Added an SPA mode where the theme will try to operate like an SPA and loads new page content via AJAX and replaces the DOM. This only works until the user does not navigate on a page with a different theme or different page enhancements, in that case a full page load is triggered.
  • Portal: Added an API endpoint to just fetch the page content without header, navigation, page enhancements and so on. This can be used for themes that work like an SPA. Example: http://localhost:5050/portal/web/___/api/pages/test2/content?currentPageId=subpage1 Means: Give me the content (and scripts to launch/hydrate the Apps) for page test2, and I'm currently on page subpage1, tell me if I need a full page load because the theme or something else outside the content area is different.
  • Portal: Initial pages are now completely rendered on the server side (including the App wrapper). To make it more clear that not only the layout is rendered anymore, the property portalLayout in the render model has been deprecated and the new property pageContent should be used instead.
  • Portal: It is now possible to define how to render an App and errors during App loading are rendered in the theme. You just need to add the new views appWrapper and appError. The content of appWrapper could look like this (when using Handlebars):
    <div id="portal-app-{{appId}}" class="mashroom-portal-app-wrapper portal-app-{{safePluginName}}">
      <div class="mashroom-portal-app-header">
        <div class="mashroom-portal-app-header-title" data-replace-content="title">{{title}}</div>
      </div>
      <div class="mashroom-portal-app-host" data-replace-content="app">
       {{#if appSSRHtml}}
         {{{appSSRHtml}}}
       {{else}}
         <div class="mashroom-portal-app-loading"><span/></div>
       {{/if}}
     </div>
    </div>
    
    BREAKING CHANGE: Previously it was possible to customize the App wrapper and error message using the client side functions MashroomPortalCreateAppWrapperFunc and MashroomPortalCreateLoadingErrorFunc - those are ignored now.
  • Default Theme: Added a flag (showPortalAppHeaders) to the config to be able to hide the App headers
  • Admin App: Show/Hide App Control is now persisted during page navigation
  • Added a demo Composite App: Demonstrates the possibility to use existing Apps as building blocks within other Apps. Basically it uses the MashroomPortalAppService to tell the Portal where it should place an App with a given name and a custom appConfig. Additional it demonstrates how such a Composite App can have a "private" message bus.
  • Portal: BREAKING CHANGE: Removed sendUserHeaders and addHeaders from the proxy config of Portal Apps because both should be done via HTTP Proxy Interceptor now. If you were using sendUserHeaders just add mashroom-http-proxy-add-user-headers to your plugins.
  • Added a plugin to add the ID/JWT token to backend requests if OpenID connect is used (mashroom-http-proxy-add-id-token)
  • Added a plugin to add user data as headers to backend requests (mashroom-http-proxy-add-user-headers)
  • HTTP Proxy: The HTTP interceptor can now also process WebSocket upgrade requests (added optional method interceptWsRequest())
  • MongoDB client upgraded to v4 BREAKING CHANGE: If you use mashroom-session-provider-mongodb or mashroom-storage-provider-mongodb please check your connection options since they have changed. E.g. poolSize and useUnifiedTopology no longer exist. Check out https://mongodb.github.io/node-mongodb-native/4.1/classes/MongoClient.html#options
  • Admin App: Bundle size cut in halve, loads now faster
  • Sandbox App: It is possible now to search for Apps (autocomplete)
  • Portal: Fixed the problem that pages with special characters (like Umlaute) in their path didn't work
jkofler
published 1.8.3 •

Changelog

Source

1.8.3 (September 11, 2021)

  • HTTP Proxy: The default implementation forwards now query parameters correctly if the base path already contains query parameters - fixes #85
  • Sandbox App: Shows only Apps which are available for the authenticated user now (previously it also showed Apps that could not be loaded by the user)
  • Admin App: Fixed broken autocomplete of roles
  • Sandbox App: Apps are sorted by their name now
jkofler
published 1.8.2 •

Changelog

Source

1.8.2 (September 6, 2021)

  • Legacy Browser Support: Added a polyfill for document.currentScript to support lazy loading via webpack 5 automatic public path
  • Portal: Improved client side error handling; console errors are also logged to the server now and errors are serialized properly
  • HTTP Proxy: Added additional metrics such as the served requests, connection errors and timeouts
  • HTTP Proxy: Fixed the error handling in the node-http-proxy based (default) proxy implementation; this fixes #77
  • WebSocket Demo Portal App: Switched to a working WebSocket echo server
  • Portal: Fixed caching problem in IE11 that confused the auth expiration check
jkofler
published 1.8.1 •

Changelog

Source

1.8.1 (August 23, 2021)

  • Portal: Allow proxies to cache shared resources such as Theme assets and shared page enhancement assets (by setting "public" in the Cache-Control header)
  • Portal IFrame App: Waiting until the iframe content is available works now in Chrome also (prevents an empty iframe from being shown)
jkofler
published 1.8.0 •

Changelog

Source

1.8.0 (August 9, 2021)

  • Portal: Fixed login failures due to "ENOENT: no such file or directory" errors when using mashroom-session-provider-filestore under Windows
  • Portal: Reduced the number of session expiration checks to the server
  • OpenID Connect Security Provider: Allowed multiple parallel auth requests. This fixes the problem that the login failed if multiple browser tabs were open and triggered the login at the same time.
  • OpenID Connect Security Provider: Reduced the number of token refreshes
  • Added a demo App for WebSocket proxy usage (@mashroom/mashroom-portal-demo-websocket-proxy-app)
  • Portal: The App proxy supports now WebSocket. This means, that Apps (Microfrontends) can open WebSocket connections to servers "behind" the Portal. The usual (optional) Security headers going to be sent with the initial upgrade/handshake request. Proxy interceptors are ignored for WebSocket connections.
  • HTTP Proxy: Added WebSocket support
  • HTTP Proxy: Fixed rewriting the host header, so forwarding works even if the target server uses virtual hosting
  • HTTP Proxy: The node-http-proxy based implementation is now default
  • Added HTTP/2 support for HTTPS - this currently uses the node-spdy modules which has a known problem with compressed data. So, don't use this if your API server compresses responses. Also, don't use this if you rely on WebSocket or SSE. To enable it add this to you your server config:
    {
       "enableHttp2": true
    }
    
  • Added TLS support (HTTPS). Can be enabled like this in the server config:
    {
       "httpsPort": 5443,
       "tlsOptions": {
           "key": "./certs/key.pem",
           "cert": "./certs/cert.pem"
       }
    }
    
    The tlsOptions are passed to https://nodejs.org/api/tls.html#tls_tls_createserver_options_secureconnectionlistener
  • Remote App Registry and Remote App Registry Kubernetes: Added support external plugin definitions. The need to be in JSON format and also expose on / by the server.
  • Core: Mashroom supports now "external" plugin definition files, so the "mashroom" node in package.json can be in a separate file, by default mashroom.json or mashroom.js. E.g.:
    {
        "$schema": "https://www.mashroom-server.com/schemas/mashroom-plugins.json",
        "devModeBuildScript": "build",
        "plugins": [
            {
                "name": "Mashroom Portal Demo React App",
                "type": "portal-app",
                "bootstrap": "startReactDemoApp",
                "resources": {
                    "js": [
                        "bundle.js"
                    ],
                    "css": []
                },
                "defaultConfig": {
                    "resourcesRoot": "./dist"
                }
            }
        ]
    }
    
    The possible file name can be changed in the server config via the externalPluginConfigFileNames config property.
  • Introduced JSON Schemas for all config files:
    • package.json: schemas/mashroom-packagejson-extension.json
    • mashroom.json (Server config): schemas/mashroom-server-config.json
    • acl.json: schemas/mashroom-security-acl.json
    • groupToRoleMapping.json: schemas/mashroom-security-ldap-provider-group-to-role-mapping.json
    • userToRoleMapping.json: schemas/mashroom-security-ldap-provider-user-to-role-mapping.json
    • users.json: schemas/mashroom-security-simple-provider-users.json
    • topicACL.json: schemas/mashroom-security-topic-acl.json
    • remotePortalApps.json: schemas/mashroom-portal-remote-apps.json The schema can be applied by adding @mashroom/mashroom-json-schemas to your dependencies:
    {
       "$schema": "./node_modules/@mashroom/mashroom-json-schemas/schemas/mashroom-packagejson-extension.json",
       "name": "my-package"
    }
    
    or by using the remote location:
    {
       "$schema": "https://www.mashroom-server.com/schemas/mashroom-packagejson-extension.json",
       "name": "my-package"
    }
    
  • BREAKING CHANGE: All default config file names are now in camel case. The following config files had been renamed:
    • remote-portal-apps.json -> remotePortalApps.json
    • topic_acl.json -> topicACL.json
  • Tabify App: Added the possibility to have fixed titles for the tabs (appConfig.fixedTabTitles)
  • Portal: Added metaInfo and screenshots to MashroomPortalAppService.getAvailableApps() response. This allows an App to launch another App based on metadata and could be used to show a preview image.
  • OpenID Connect Security Provider: Allow mapping arbitrary claims to user.extraData
  • OpenID Connect Security Provider: Allow configuring HTTP timeout and number of retries when contacting the Authorization Server
jkofler
published 1.7.10 •

Changelog

Source

1.7.10 (June 22, 2021)

  • Sandbox App: Fixed App container style
jkofler
published 1.7.9 •

Changelog

Source

1.7.9 (June 19, 2021)

  • Core: Added a new property devModeNpmExecutionTimeoutSec to the server config to increase the npm execution timeout in dev mode on slow computers (default is 180)
  • Sandbox App: The sandbox now uses the "real" message bus and therefore supports Apps that use the message bus interceptor, and can also simulate communication with other Apps on the same page. Also, the Sandbox can now load itself properly ;-)
  • Portal: MashroomPortalRemoteLogger improved:
    • Added an info() method
    • Fixed client side error serialisation
  • Virtual host path mapper: Make sure the reverse mapped location header is never empty (fixes #79)
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc