phongpham/Laca-City
Template
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
c65cc97a3312deab4cbe77061ef8e91c4f5962aa
Laca-City/frontend/node_modules/next/dist/server/lib/router-utils/block-cross-site.js
PhongPham c65cc97a33 🎯 MapView v2.0 - Global Deployment Ready 
 MAJOR FEATURES:
• Auto-zoom intelligence với smart bounds fitting
• Enhanced 3D GPS markers với pulsing effects
• Professional route display với 6-layer rendering
• Status-based parking icons với availability indicators
• Production-ready build optimizations

🗺️ AUTO-ZOOM FEATURES:
• Smart bounds fitting cho GPS + selected parking
• Adaptive padding (50px) cho visual balance
• Max zoom control (level 16) để tránh quá gần
• Dynamic centering khi không có selection

🎨 ENHANCED VISUALS:
• 3D GPS marker với multi-layer pulse effects
• Advanced parking icons với status colors
• Selection highlighting với animation
• Dimming system cho non-selected items

🛣️ ROUTE SYSTEM:
• OpenRouteService API integration
• Multi-layer route rendering (glow, shadow, main, animated)
• Real-time distance & duration calculation
• Visual route info trong popup

📱 PRODUCTION READY:
• SSR safe với dynamic imports
• Build errors resolved
• Global deployment via Vercel
• Optimized performance

🌍 DEPLOYMENT:
• Vercel: https://whatever-ctk2auuxr-phong12hexdockworks-projects.vercel.app
• Bundle size: 22.8 kB optimized
• Global CDN distribution
• HTTPS enabled

💾 VERSION CONTROL:
• MapView-v2.0.tsx backup created
• MAPVIEW_VERSIONS.md documentation
• Full version history tracking
2025-07-20 19:52:16 +07:00

76 lines
3.2 KiB
JavaScript
Raw Blame History

"use strict";
Object.defineProperty(exports, "__esModule", {
value: true
});
Object.defineProperty(exports, "blockCrossSite", {
enumerable: true,
get: function() {
return blockCrossSite;
}
});
const _url = require("../../../lib/url");
const _log = require("../../../build/output/log");
const _csrfprotection = require("../../app-render/csrf-protection");
function warnOrBlockRequest(res, origin, mode) {
const originString = origin ? `from ${origin}` : "";
if (mode === "warn") {
(0, _log.warnOnce)(`Cross origin request detected ${originString} to /_next/* resource. In a future major version of Next.js, you will need to explicitly configure "allowedDevOrigins" in next.config to allow this.\nRead more: https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins`);
return false;
}
(0, _log.warnOnce)(`Blocked cross-origin request ${originString} to /_next/* resource. To allow this, configure "allowedDevOrigins" in next.config\nRead more: https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins`);
if ("statusCode" in res) {
res.statusCode = 403;
}
res.end("Unauthorized");
return true;
}
function isInternalDevEndpoint(req) {
if (!req.url) return false;
try {
// TODO: We should standardize on a single prefix for this
const isMiddlewareRequest = req.url.includes("/__nextjs");
const isInternalAsset = req.url.includes("/_next");
// Static media requests are excluded, as they might be loaded via CSS and would fail
// CORS checks.
const isIgnoredRequest = req.url.includes("/_next/image") || req.url.includes("/_next/static/media");
return !isIgnoredRequest && (isInternalAsset || isMiddlewareRequest);
} catch (err) {
return false;
}
}
const blockCrossSite = (req, res, allowedDevOrigins, hostname)=>{
// in the future, these will be blocked by default when allowed origins aren't configured.
// for now, we warn when allowed origins aren't configured
const mode = typeof allowedDevOrigins === "undefined" ? "warn" : "block";
const allowedOrigins = [
"*.localhost",
"localhost",
...allowedDevOrigins || []
];
if (hostname) {
allowedOrigins.push(hostname);
}
// only process internal URLs/middleware
if (!isInternalDevEndpoint(req)) {
return false;
}
// block non-cors request from cross-site e.g. script tag on
// different host
if (req.headers["sec-fetch-mode"] === "no-cors" && req.headers["sec-fetch-site"] === "cross-site") {
return warnOrBlockRequest(res, undefined, mode);
}
// ensure websocket requests from allowed origin
const rawOrigin = req.headers["origin"];
if (rawOrigin) {
const parsedOrigin = (0, _url.parseUrl)(rawOrigin);
if (parsedOrigin) {
const originLowerCase = parsedOrigin.hostname.toLowerCase();
if (!(0, _csrfprotection.isCsrfOriginAllowed)(originLowerCase, allowedOrigins)) {
return warnOrBlockRequest(res, originLowerCase, mode);
}
}
}
return false;
};
//# sourceMappingURL=block-cross-site.js.map
Reference in New Issue View Git Blame Copy Permalink