@sap/approuter - npm Package Compare versions

Comparing version 16.5.1 to 16.5.2

CHANGELOG.md

		@@ -9,2 +9,9 @@ # Change Log

		## 16.5.2 - 2024-06-09

		### Fixed
		- Use the target hostname in the 'servername' option in WS requests
		- Enable the nonce attribute by setting INCLUDE_NONCE_ATTR = true (default is nonce disabled)
		- Runtime processing of FDC technical applications

		## 16.5.1 - 2024-06-02
		@@ -11,0 +18,0 @@

lib/passport/oauth2-strategy.js

		@@ -64,3 +64,2 @@ 'use strict';
		originalUrl = req.headers['x-forwarded-path'] \|\| req.url;

		cookieUtils.signCookie(req, originalUrl, function (err, signature) {
		@@ -73,5 +72,12 @@ if (err) {
		}
		let openScriptTag = '<script>';
		let cspHeaderValue = 'script-src \'self\' \'unsafe-inline\'; frame-ancestors *';
		if (process.env.INCLUDE_NONCE_ATTR){
		const nonce = headerUtil.generateNonce();
		openScriptTag = `<script nonce="${nonce}">`;
		cspHeaderValue = `script-src 'self' 'nonce-${nonce}'; frame-ancestors *`;
		}
		req.res.statusCode = 200;
		req.res.setHeader('Content-Type', 'text/html');
		req.res.setHeader('Content-Security-Policy', 'script-src \'self\' \'unsafe-inline\'; frame-ancestors *');
		req.res.setHeader('Content-Security-Policy', cspHeaderValue);
		req.res.setHeader('Cache-Control', headerUtil.NOCACHE_HEADER_VALUE);
		@@ -87,3 +93,3 @@ let fragmentCookie = fragmentCookieName + '="+encodeURIComponent(location.hash)+";path=/";';
		'<link rel="shortcut icon" href="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" />' +
		'<script>' +
		openScriptTag +
		'document.cookie="' + cookieUtils.addAttributes(fragmentCookie, req) +
		@@ -90,0 +96,0 @@ 'document.cookie="' + cookieUtils.addAttributes(redirectCookie, req) +

lib/utils/header-util.js

		@@ -5,2 +5,3 @@ 'use strict';
		const uuid = require('uuid').v4;
		const crypto = require('crypto');

		@@ -11,2 +12,5 @@ module.exports = {

		generateNonce: function () {
		return crypto.randomBytes(16).toString('base64');
		},
		updateSapPassport: function (headers, optTargetHeaders) {
		@@ -13,0 +17,0 @@ if (process.env.SERVICE_2_APPROUTER === 'true') {

lib/utils/html5-repo-utils.js

		@@ -33,4 +33,9 @@ 'use strict';
		if (req.skipCachedApps \|\| !sapCloudServiceKeys) {
		const queryIndex = req.url.indexOf('?');
		const queries = queryIndex > -1 && req.apiName === '/applications' ? req.url.slice(queryIndex) : '';
		let queries;
		if (!req.apiName) {
		queries = '?returnTechnicalApp=true';
		} else if (req.apiName === '/applications') {
		const queryIndex = req.url.indexOf('?');
		queries = queryIndex > -1 ? req.url.slice(queryIndex) : '';
		}

		@@ -191,9 +196,6 @@ // Get applications metadata
		applicationsMetadata.forEach((app) => {
		if (app.applicationType === technicalCacheBusterApplication) {
		return;
		}
		const configuration = app.configuration && Object.assign({}, app.configuration);
		const credentials = configuration && configuration[CONFIG_CREDENTIALS];
		const destinations = configuration && configuration['destinations'];
		const html5RuntimeEnabled = configuration && configuration['HTML5Runtime_enabled'];
		const html5RuntimeEnabled = configuration && configuration['HTML5Runtime_enabled'] \|\| app.applicationType === technicalCacheBusterApplication;
		const iasDependencyName = configuration && configuration['IASDependencyName'];
		@@ -200,0 +202,0 @@ app.configuration = !!configuration;

lib/websockets/WsProxy.js

		@@ -161,2 +161,5 @@ 'use strict';
		const protocols = req.headers && req.headers['sec-websocket-protocol'] ? req.headers['sec-websocket-protocol'] : null;
		if (req.headers && req.headers.host) { // So socket does not use host header as target (allows differing host header)
		options['servername'] = targetUrl.hostname;
		}
		outgoing = new WebSocket(url,protocols, options);
		@@ -163,0 +166,0 @@ } catch (err) {

package.json

		{
		"name": "@sap/approuter",
		"description": "Node.js based application router",
		"version": "16.5.1",
		"version": "16.5.2",
		"repository": {},
		@@ -6,0 +6,0 @@ "main": "approuter.js",

New alerts