New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@toddledev/ssr
Advanced tools
@toddledev/ssr - npm Package Compare versions
Comparing version 0.0.3-alpha.17 to 0.0.3-alpha.18
@@ -69,5 +69,11 @@ "use strict"; | ||
| route.type === 'redirect' ? requestUrl.origin : undefined); | ||
| // Rewrites are not allowed from the same origin as the source | ||
| // This prevents potential recursive fetch calls from the server to itself | ||
| if (route.type === 'redirect' && | ||
| requestUrl.origin === url.origin && | ||
| requestUrl.pathname === url.pathname) { | ||
| // Redirects are not allowed to redirect to the same URL as their source | ||
| return; | ||
| } | ||
| if (route.type === 'rewrite' && requestUrl.origin === url.origin) { | ||
| // Rewrites are not allowed from the same origin as the source | ||
| // This prevents potential recursive fetch calls from the server to itself | ||
| return; | ||
@@ -74,0 +80,0 @@ } |
@@ -15,7 +15,7 @@ { | ||
| "dependencies": { | ||
| "@toddledev/core": "0.0.3-alpha.17", | ||
| "@toddledev/core": "0.0.3-alpha.18", | ||
| "cookie": "1.0.2", | ||
| "xss": "1.0.15" | ||
| }, | ||
| "version": "0.0.3-alpha.17" | ||
| "version": "0.0.3-alpha.18" | ||
| } |
@@ -112,5 +112,13 @@ import { getUrl } from '@toddledev/core/dist/api/api' | ||
| ) | ||
| // Rewrites are not allowed from the same origin as the source | ||
| // This prevents potential recursive fetch calls from the server to itself | ||
| if ( | ||
| route.type === 'redirect' && | ||
| requestUrl.origin === url.origin && | ||
| requestUrl.pathname === url.pathname | ||
| ) { | ||
| // Redirects are not allowed to redirect to the same URL as their source | ||
| return | ||
| } | ||
| if (route.type === 'rewrite' && requestUrl.origin === url.origin) { | ||
| // Rewrites are not allowed from the same origin as the source | ||
| // This prevents potential recursive fetch calls from the server to itself | ||
| return | ||
@@ -117,0 +125,0 @@ } |
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
- increased by0.34%
195306
- Lines of code
- increased by0.35%
4042
Dependency changes
+ Added@toddledev/core@0.0.3-alpha.18(transitive)
- Removed@toddledev/core@0.0.3-alpha.17(transitive)