Initial commit: New MoreminiMore website with fresh design
This commit is contained in:
MoreminiMore
21
node_modules/astro/dist/vite-plugin-astro-server/sec-fetch.d.ts
generated
vendored
Normal file
21
node_modules/astro/dist/vite-plugin-astro-server/sec-fetch.d.ts
generated
vendored
Normal file
@@ -0,0 +1,21 @@
|
||||
import type { RemotePattern } from '@astrojs/internal-helpers/remote';
|
||||
import type * as vite from 'vite';
|
||||
import type { AstroLogger } from '../core/logger/core.js';
|
||||
/**
|
||||
* Middleware that validates Sec-Fetch metadata headers on incoming requests
|
||||
* to block cross-origin subresource requests (e.g. `<script>` tags from
|
||||
* another origin loading dev server modules).
|
||||
*
|
||||
* Navigation requests (`Sec-Fetch-Mode: navigate`) are always allowed through
|
||||
* because browsers enforce their own security model for top-level navigations.
|
||||
*
|
||||
* Requests without `Sec-Fetch-Site` (e.g. from non-browser clients like curl,
|
||||
* or older browsers that don't send Fetch Metadata) are also allowed through
|
||||
* to avoid breaking legitimate development workflows.
|
||||
*
|
||||
* When `security.allowedDomains` is configured, requests whose `Origin` header
|
||||
* matches one of the allowed patterns are also permitted. This supports proxied
|
||||
* dev server setups (e.g. ngrok, Cloudflare Tunnel) where the browser sees a
|
||||
* different origin than the dev server itself.
|
||||
*/
|
||||
export declare function secFetchMiddleware(logger: AstroLogger, allowedDomains?: Partial<RemotePattern>[]): vite.Connect.NextHandleFunction;
|
||||
Reference in New Issue
Block a user