Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Version Packages #65

Merged
merged 1 commit into from
Aug 2, 2022
Merged

Version Packages #65

merged 1 commit into from
Aug 2, 2022

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Aug 1, 2022

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@next-safe/[email protected]

Minor Changes

  • #64 02ca36f Thanks @nibtime! - feat: ✨ Hash-based CSP with trusted proxy loader to support Firefox and Safari (fixes #63)

    • Avoids broken SRI validation of Firefox and Safari together with strict-dynamic

    • an important precursor for alternative configuration methods to middleware, that can't dynamically opt-out from strict-dynamic by user agent

  • #64 02ca36f Thanks @nibtime! - rebuild/refactor lib into many small modules with CSP manifest (fixes #40)

  • #64 02ca36f Thanks @nibtime! - feat(csp): new CspBuilder class with fluent interface for safe and easy CSP construction + manipulation

[email protected]

Minor Changes

  • #64 02ca36f Thanks @nibtime! - feat: CSP object Converter for converting external tool output

Patch Changes

[email protected]

Patch Changes

@vercel
Copy link

vercel bot commented Aug 1, 2022
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated
docs-next-safe-middleware ✅ Ready (Inspect) Visit Preview Sep 1, 2022 at 11:52PM (UTC)
e2e-next-safe-middleware ✅ Ready (Inspect) Visit Preview Sep 1, 2022 at 11:52PM (UTC)

@nibtime
Copy link
Owner

nibtime commented Aug 2, 2022

@middlebaws @Shamilik

this upcoming version should work with Firefox and Safari (>= 15.4)

@nibtime nibtime mentioned this pull request Aug 2, 2022
Closed
@Shamilik
Copy link

Shamilik commented Aug 2, 2022

Both previews works fine on Safari.
Thanks @nibtime!

@nibtime nibtime merged commit e931cbd into main Aug 2, 2022
@nibtime
Copy link
Owner

nibtime commented Aug 2, 2022
edited
Loading

Awesome, I manually stress-tested it again with Chrome and Firefox both with e2e and docs apps and couldn't yield any errors.

Sometimes, there a random Partytown (worker scripts) type error logs to console on page loads. But I can also produce it without this package and the test worker script runs without problems, so I suppose it's not that bad and a problem of Next, if any.

Screenshot

2022-08-02 22_24_15

So I am going to release it now, 0.10.0 is on NPM. I also recommend to upgrade Next to 12.2.4 as soon as possible, as it fixes routing bugs related to middleware

Once #66 is done, I will tackle #42. Writing the code for this was quite a hassle, there are many strange edge cases all over the place. That's why I won't release a major version before there are automated e2e tests against regressions.

@nibtime nibtime deleted the changeset-release/main branch August 2, 2022 20:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Hash-based Strict CSP by inline proxy loader (to support Firefox and Safari) Static CSP manifest
2 participants
@nibtime @Shamilik