🚀. Socket Launch Week Day 3:Socket Firewall Now Blocks Malicious VS Code and Open VSX Extensions.Learn more
Sign In

@remix-run/server-runtime

Package Overview
Dependencies
Maintainers
2
Versions
1104
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@remix-run/server-runtime - npm Package Compare versions

Comparing version
2.17.2
 to
2.17.3
+1
dist/actions.d.ts
export declare function throwIfPotentialCSRFAttack(headers: Headers): void;
+43
dist/actions.js
/**
* @remix-run/server-runtime v2.17.3
*
* Copyright (c) Remix Software Inc.
*
* This source code is licensed under the MIT license found in the
* LICENSE.md file in the root directory of this source tree.
*
* @license MIT
*/
'use strict';
Object.defineProperty(exports, '__esModule', { value: true });
function throwIfPotentialCSRFAttack(headers) {
let originHeader = headers.get("origin");
let originDomain = typeof originHeader === "string" && originHeader !== "null" ? new URL(originHeader).host : originHeader;
let host = parseHostHeader(headers);
if (originDomain && (!host || originDomain !== host.value)) {
if (host) {
// This seems to be an CSRF attack. We should not proceed with the action.
throw new Error(`${host.type} header does not match \`origin\` header from a forwarded ` + `action request. Aborting the action.`);
} else {
// This is an attack. We should not proceed with the action.
throw new Error("`x-forwarded-host` or `host` headers are not provided. One of these " + "is needed to compare the `origin` header from a forwarded action " + "request. Aborting the action.");
}
}
}
function parseHostHeader(headers) {
var _forwardedHostHeader$;
let forwardedHostHeader = headers.get("x-forwarded-host");
let forwardedHostValue = forwardedHostHeader === null || forwardedHostHeader === void 0 ? void 0 : (_forwardedHostHeader$ = forwardedHostHeader.split(",")[0]) === null || _forwardedHostHeader$ === void 0 ? void 0 : _forwardedHostHeader$.trim();
let hostHeader = headers.get("host");
return forwardedHostValue ? {
type: "x-forwarded-host",
value: forwardedHostValue
} : hostHeader ? {
type: "host",
value: hostHeader
} : undefined;
}
exports.throwIfPotentialCSRFAttack = throwIfPotentialCSRFAttack;
+39
dist/esm/actions.js
/**
* @remix-run/server-runtime v2.17.3
*
* Copyright (c) Remix Software Inc.
*
* This source code is licensed under the MIT license found in the
* LICENSE.md file in the root directory of this source tree.
*
* @license MIT
*/
function throwIfPotentialCSRFAttack(headers) {
let originHeader = headers.get("origin");
let originDomain = typeof originHeader === "string" && originHeader !== "null" ? new URL(originHeader).host : originHeader;
let host = parseHostHeader(headers);
if (originDomain && (!host || originDomain !== host.value)) {
if (host) {
// This seems to be an CSRF attack. We should not proceed with the action.
throw new Error(`${host.type} header does not match \`origin\` header from a forwarded ` + `action request. Aborting the action.`);
} else {
// This is an attack. We should not proceed with the action.
throw new Error("`x-forwarded-host` or `host` headers are not provided. One of these " + "is needed to compare the `origin` header from a forwarded action " + "request. Aborting the action.");
}
}
}
function parseHostHeader(headers) {
var _forwardedHostHeader$;
let forwardedHostHeader = headers.get("x-forwarded-host");
let forwardedHostValue = forwardedHostHeader === null || forwardedHostHeader === void 0 ? void 0 : (_forwardedHostHeader$ = forwardedHostHeader.split(",")[0]) === null || _forwardedHostHeader$ === void 0 ? void 0 : _forwardedHostHeader$.trim();
let hostHeader = headers.get("host");
return forwardedHostValue ? {
type: "x-forwarded-host",
value: forwardedHostValue
} : hostHeader ? {
type: "host",
value: hostHeader
} : undefined;
}
export { throwIfPotentialCSRFAttack };
+1
-1
dist/cookies.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/data.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/deprecations.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/dev.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/entry.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/errors.d.ts

@@ -44,3 +44,3 @@ import type { StaticHandlerContext } from "@remix-run/router";

*/
export declare function sanitizeError<T = unknown>(error: T, serverMode: ServerMode): T | Error;
export declare function sanitizeError<T = unknown>(error: T, serverMode: ServerMode): Error | T;
export declare function sanitizeErrors(errors: NonNullable<StaticHandlerContext["errors"]>, serverMode: ServerMode): {};

@@ -47,0 +47,0 @@ export type SerializedError = {

+1
-1
dist/errors.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/esm/cookies.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/esm/data.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/esm/deprecations.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/esm/dev.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/esm/entry.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/esm/errors.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/esm/formData.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/esm/headers.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/esm/index.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/esm/invariant.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/esm/markup.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/esm/mode.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/esm/responses.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/esm/routeMatching.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/esm/routes.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+5
-1
dist/esm/server.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -24,2 +24,3 @@ * Copyright (c) Remix Software Inc.

import { resourceRouteJsonWarning } from './deprecations.js';
import { throwIfPotentialCSRFAttack } from './actions.js';

@@ -310,2 +311,5 @@ // Do not include a response body if the status code is one of these,

try {
if (request.method === "POST") {
throwIfPotentialCSRFAttack(request.headers);
}
context = await staticHandler.query(request, {

@@ -312,0 +316,0 @@ requestContext: loadContext

+1
-1
dist/esm/serverHandoff.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/esm/sessions.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/esm/sessions/cookieStorage.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/esm/sessions/memoryStorage.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+3
-1
dist/esm/single-fetch.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -17,2 +17,3 @@ * Copyright (c) Remix Software Inc.

import { isResponse, isRedirectStatusCode } from './responses.js';
import { throwIfPotentialCSRFAttack } from './actions.js';

@@ -49,2 +50,3 @@ const SingleFetchRedirectSymbol = Symbol("SingleFetchRedirect");

try {
throwIfPotentialCSRFAttack(request.headers);
let handlerRequest = new Request(handlerUrl, {

@@ -51,0 +53,0 @@ method: request.method,

+1
-1
dist/esm/upload/errors.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/esm/upload/memoryUploadHandler.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/esm/warnings.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/formData.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/headers.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/index.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/invariant.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/markup.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/mode.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/responses.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/routeMatching.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/routes.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+5
-1
dist/server.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -28,2 +28,3 @@ * Copyright (c) Remix Software Inc.

var deprecations = require('./deprecations.js');
var actions = require('./actions.js');

@@ -314,2 +315,5 @@ // Do not include a response body if the status code is one of these,

try {
if (request.method === "POST") {
actions.throwIfPotentialCSRFAttack(request.headers);
}
context = await staticHandler.query(request, {

@@ -316,0 +320,0 @@ requestContext: loadContext

+1
-1
dist/serverHandoff.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/sessions.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/sessions/cookieStorage.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/sessions/memoryStorage.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+3
-1
dist/single-fetch.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -21,2 +21,3 @@ * Copyright (c) Remix Software Inc.

var responses = require('./responses.js');
var actions = require('./actions.js');

@@ -53,2 +54,3 @@ const SingleFetchRedirectSymbol = Symbol("SingleFetchRedirect");

try {
actions.throwIfPotentialCSRFAttack(request.headers);
let handlerRequest = new Request(handlerUrl, {

@@ -55,0 +57,0 @@ method: request.method,

+1
-1
dist/upload/errors.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/upload/memoryUploadHandler.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
dist/warnings.js
/**
* @remix-run/server-runtime v2.17.2
* @remix-run/server-runtime v2.17.3
*

@@ -4,0 +4,0 @@ * Copyright (c) Remix Software Inc.

+1
-1
package.json
{
"name": "@remix-run/server-runtime",
"version": "2.17.2",
"version": "2.17.3",
"description": "Server runtime for Remix",

@@ -5,0 +5,0 @@ "bugs": {