UNPKG

@tanstack/router-core

Version:

Modern and scalable routing for React applications

tanstack.com/router

TanStack/router

30 lines (29 loc) 1.34 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
import { DehydratedMatch } from './types.cjs'; import { AnyRouter } from '../router.cjs'; import { AnyRouteMatch } from '../Matches.cjs'; import { ManifestRouteAssets, ServerManifest } from '../manifest.cjs'; export declare function dehydrateMatch(match: AnyRouteMatch): DehydratedMatch; export declare function attachRouterServerSsrUtils({ router, manifest, getRequestAssets, }: { router: AnyRouter; manifest: ServerManifest | undefined; getRequestAssets?: () => ManifestRouteAssets | undefined; }): void; /** * Get the origin for the request. * * SECURITY: We intentionally do NOT trust the Origin header for determining * the router's origin. The Origin header can be spoofed by attackers, which * could lead to SSRF-like vulnerabilities where redirects are constructed * using a malicious origin (CVE-2024-34351). * * Instead, we derive the origin from request.url, which is typically set by * the server infrastructure (not client-controlled headers). * * For applications behind proxies that need to trust forwarded headers, * use the router's `origin` option to explicitly configure a trusted origin. */ export declare function getOrigin(request: Request): string; export declare function getNormalizedURL(url: string | URL, base?: string | URL): { url: URL; handledProtocolRelativeURL: boolean; };