middlewares.ts — astro Source File
Architecture documentation for middlewares.ts, a typescript file in the astro codebase. 2 imports, 0 dependents.
Entity Profile
Dependency Diagram
graph LR 2708f5c4_261d_e0b9_a0f9_f2b98541fcf7["middlewares.ts"] 135a8084_d596_67c2_9209_cca6693604e6["../types/public/common.js"] 2708f5c4_261d_e0b9_a0f9_f2b98541fcf7 --> 135a8084_d596_67c2_9209_cca6693604e6 2f137c79_e098_e0b1_ec7d_fe3ae33551ac["./defineMiddleware.js"] 2708f5c4_261d_e0b9_a0f9_f2b98541fcf7 --> 2f137c79_e098_e0b1_ec7d_fe3ae33551ac style 2708f5c4_261d_e0b9_a0f9_f2b98541fcf7 fill:#6366f1,stroke:#818cf8,color:#fff
Relationship Graph
Source Code
import type { MiddlewareHandler } from '../../types/public/common.js';
import { defineMiddleware } from '../middleware/defineMiddleware.js';
/**
* Content types that can be passed when sending a request via a form
*
* https://developer.mozilla.org/en-US/docs/Web/API/HTMLFormElement/enctype
* @private
*/
const FORM_CONTENT_TYPES = [
'application/x-www-form-urlencoded',
'multipart/form-data',
'text/plain',
];
// Note: TRACE is unsupported by undici/Node.js
const SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS'];
/**
* Returns a middleware function in charge to check the `origin` header.
*
* @private
*/
export function createOriginCheckMiddleware(): MiddlewareHandler {
return defineMiddleware((context, next) => {
const { request, url, isPrerendered } = context;
// Prerendered pages should be excluded
if (isPrerendered) {
return next();
}
// Safe methods don't require origin check
if (SAFE_METHODS.includes(request.method)) {
return next();
}
const isSameOrigin = request.headers.get('origin') === url.origin;
const hasContentType = request.headers.has('content-type');
if (hasContentType) {
const formLikeHeader = hasFormLikeHeader(request.headers.get('content-type'));
if (formLikeHeader && !isSameOrigin) {
return new Response(`Cross-site ${request.method} form submissions are forbidden`, {
status: 403,
});
}
} else {
if (!isSameOrigin) {
return new Response(`Cross-site ${request.method} form submissions are forbidden`, {
status: 403,
});
}
}
return next();
});
}
function hasFormLikeHeader(contentType: string | null): boolean {
if (contentType) {
for (const FORM_CONTENT_TYPE of FORM_CONTENT_TYPES) {
if (contentType.toLowerCase().includes(FORM_CONTENT_TYPE)) {
return true;
}
}
}
return false;
}
Domain
Subdomains
Dependencies
- ../types/public/common.js
- ./defineMiddleware.js
Source
Frequently Asked Questions
What does middlewares.ts do?
middlewares.ts is a source file in the astro codebase, written in typescript. It belongs to the CoreAstro domain, CoreMiddleware subdomain.
What functions are defined in middlewares.ts?
middlewares.ts defines 2 function(s): createOriginCheckMiddleware, hasFormLikeHeader.
What does middlewares.ts depend on?
middlewares.ts imports 2 module(s): ../types/public/common.js, ./defineMiddleware.js.
Where is middlewares.ts in the architecture?
middlewares.ts is located at packages/astro/src/core/app/middlewares.ts (domain: CoreAstro, subdomain: CoreMiddleware, directory: packages/astro/src/core/app).
Analyze Your Own Codebase
Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.
Try Supermodel Free