Skip to content

feat: prevent processing data uri requests #675

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
m2broth merged 2 commits into from
Dec 11, 2025
Merged

feat: prevent processing data uri requests #675

m2broth merged 2 commits into from
Dec 11, 2025

Conversation

@m2broth
Copy link
Contributor

@m2broth m2broth commented Dec 11, 2025

Fix: Block Data URI Requests to Prevent FragmentError in New Relic

Problem

Bots and misconfigured clients are making HTTP requests to data URIs (e.g., /data:image/svg+xml;base64,...), causing high volumes of FragmentError logs in New Relic. Data URIs are meant for inline use in HTML/CSS and should never be requested as HTTP paths.

Impact

  • High error volume in New Relic monitoring
  • Unnecessary server load - data URI requests go through full ILC rendering pipeline
  • Poor signal-to-noise ratio in error tracking
  • Resource waste - registry config fetches, routing, fragment processing for invalid requests

Example New Relic Error

Transaction: WebTransaction/Custom/special:404
Error: FragmentError
URL: /data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4...

Root Cause

  1. Data URIs bypass the isStaticFile() check (only validates .js, .js.map extensions)
  2. Requests enter the full ILC pipeline: onRequest → registry → i18n → router → Tailor
  3. Router fails to parse data URI, returns special:404 route
  4. 404 template attempts to render with fragments
  5. Fragments fail to load in data URI context
  6. FragmentError is thrown and logged to New Relic

Solution

Implement early rejection of data URI requests at the onRequest hook level with a 400 Bad Request response.

Key features:

  • Handles case variations (DATA:, Data:, dAtA:)
  • Handles URL encoding (data%3A, %64ata:)
  • Handles multiple leading slashes (//data:, ///data:)
  • Handles whitespace ( data:, \tdata:)
  • Handles combined bypass attempts

2. Early validation in onRequest hook (ilc/server/app.js:48-53)

Placement rationale:

  • Positioned immediately after method validation
  • Before registry config fetch (saves network call)
  • Before i18n processing
  • Before routing and fragment processing
  • Consistent with existing request validation pattern

Before/After Comparison

Before (FragmentError)

Request → onRequest → Registry → i18n → Router → Tailor → Fragment → FragmentError
                                                                      ↓
                                                               Logged to NR as ERROR ❌

After (Early Rejection)

Request → onRequest → [BLOCKED] 400 Bad Request

@m2broth m2broth marked this pull request as ready for review December 11, 2025 10:43
@m2broth m2broth requested review from blackrabbit99 and stas-nc and removed request for stas-nc December 11, 2025 10:43
stas-nc
stas-nc reviewed Dec 11, 2025
View reviewed changes
ilc/server/utils/utils.spec.js Outdated
Copy link
Member

@stas-nc stas-nc Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggesting to use .ts for new files.

@github-actions
Copy link

github-actions bot commented Dec 11, 2025

Coverage Report

Ilc/server

Commit SHA:7b8b0ea9f75a37c3408fadf6bd94890027e9264c

Test coverage results 🧪

Code coverage diff between base branch:master and head branch: feat/NPF-3160-prevent-accessing-datauri
File details
Status File % Stmts % Branch % Funcs % Lines
🟢 total 91.46 (0.08) 86.34 (0.12) 88.84 (0.04) 91.37 (0.08)
/codebase/common/DefaultCacheWrapper.ts 100 100 100 100
/codebase/common/Environment.js 100 100 100 100
/codebase/common/EvictingCacheStorage.ts 100 100 100 100
/codebase/common/SdkOptions.js 100 100 100 100
/codebase/common/UrlProcessor.js 100 100 100 100
/codebase/common/constants.js 0 100 100 0
/codebase/common/i18nCookie.js 100 100 100 100
/codebase/common/utils.ts 81.25 42.85 78.57 77.5
/codebase/common/Slot/Slot.js 87.5 100 75 87.5
/codebase/common/Slot/SlotCollection.js 88.88 0 100 88.88
/codebase/common/Slot/SpaSlot.js 0 100 0 0
/codebase/common/Slot/SpaSlotCollection.js 0 0 0 0
/codebase/common/Slot/test/fixture.js 100 100 100 100
/codebase/common/router/Router.ts 98 91.66 100 98
/codebase/common/router/errors.ts 100 100 100 100
/codebase/common/transition-hooks/ActionType.ts 100 100 100 100
/codebase/common/transition-hooks/errors.ts 100 100 100 100
/codebase/server/TransitionHooksExecutor.ts 90.9 81.81 100 90.9
🟢 /codebase/server/app.js 97.26 (0.12) 81.81 (1.81) 100 (0) 97.22 (0.12)
/codebase/server/i18n.js 97.95 95.83 100 97.82
/codebase/server/index.js 0 100 100 0
/codebase/server/objectToBase64.js 100 100 100 100
/codebase/server/serveStatic.js 40 100 100 40
/codebase/server/server.js 0 0 0 0
/codebase/server/application/application.js 90 50 100 90
/codebase/server/context/context.js 100 100 100 100
/codebase/server/errorHandler/ErrorHandler.ts 97.1 83.33 100 97.05
/codebase/server/errorHandler/factory.js 100 100 100 100
/codebase/server/logger/accessLogger.js 89.47 50 100 89.47
/codebase/server/logger/enhanceLogger.js 94.73 83.33 100 94.73
/codebase/server/plugins/PluginsLoader.js 76.92 50 50 76.92
/codebase/server/plugins/pluginManager.js 100 100 100 100
/codebase/server/plugins/reportingPlugin.js 100 50 100 100
/codebase/server/registry/Registry.js 94.53 82.5 90.9 95.23
/codebase/server/registry/TemplateParser.js 100 100 100 100
/codebase/server/registry/errors.ts 100 100 100 100
/codebase/server/registry/factory.ts 100 100 100 100
/codebase/server/registry/isTemplateValid.js 100 100 100 100
/codebase/server/routes/pingPluginFactory.ts 75 100 66.66 75
/codebase/server/routes/renderTemplateHandlerFactory.ts 28.57 0 50 28.57
/codebase/server/routes/wildcardRequestHandlerFactory.ts 100 100 100 100
/codebase/server/services/CanonicalTagService.ts 100 100 100 100
/codebase/server/services/CspBuilderService.js 100 91.66 100 100
/codebase/server/services/HrefLangService.js 92.85 62.5 100 92.85
/codebase/server/tailor/configs-injector.js 99.09 94.44 100 99.06
/codebase/server/tailor/error-handler.js 86.95 80 100 86.95
/codebase/server/tailor/errors.js 100 100 100 100
/codebase/server/tailor/factory.js 94.11 0 66.66 94.11
/codebase/server/tailor/fetch-template.js 100 100 100 100
/codebase/server/tailor/filter-headers.js 100 83.33 100 100
/codebase/server/tailor/fragment-hooks.js 94.11 95 100 94.11
/codebase/server/tailor/merge-configs.ts 100 89.65 100 100
/codebase/server/tailor/parse-override-config.js 100 100 100 100
/codebase/server/tailor/process-fragment-response.js 100 93.75 100 100
/codebase/server/tailor/request-fragment.js 91.86 76.19 90 91.86
/codebase/server/tailor/server-router.js 98.57 96.15 100 98.55
/codebase/server/types/FastifyReply.ts 100 100 100 100
/codebase/server/types/IlcRequest.ts 100 50 100 100
/codebase/server/types/PatchedHttpRequest.ts 100 100 100 100
/codebase/server/utils/helpers.ts 100 100 100 100
/codebase/server/utils/utils.js 100 100 100 100

Ilc/client

Commit SHA:7b8b0ea9f75a37c3408fadf6bd94890027e9264c

Test coverage results 🧪

Code coverage diff between base branch:master and head branch: feat/NPF-3160-prevent-accessing-datauri
File details
Status File % Stmts % Branch % Funcs % Lines
total 85.64 77.43 83.67 85.65
/codebase/client.plugins.manifest.js 100 100 100 100
/codebase/client/AsyncBootUp.js 100 82.14 100 100
/codebase/client/BundleLoader.ts 93.1 97.06 81.25 92.86
/codebase/client/CanonicalTagHandler.ts 100 93.75 100 100
/codebase/client/Client.js 52.07 16 29.41 51.67
/codebase/client/ClientRouter.js 95.24 90.53 95.65 95.03
/codebase/client/CssTrackedApp.ts 94.19 88.57 92.31 96.25
/codebase/client/HrefLangHandler.js 57.14 50 60 57.14
/codebase/client/ParcelApi.js 97.06 87.5 100 96.97
/codebase/client/PluginsLoader.js 55.56 25 33.33 62.5
/codebase/client/TransitionHooksExecutor.js 96.15 88.89 100 96.15
/codebase/client/WrapApp.js 97.18 76.47 93.75 98.53
/codebase/client/composeAppSlotPairsToRegister.js 100 100 100 100
/codebase/client/dispatchSynchronizedEvent.js 96.97 100 100 96.55
/codebase/client/i18n.js 90.91 80 90.91 90.48
/codebase/client/initIlcState.js 50 50 100 50
/codebase/client/registerSpaApps.js 6.67 0 7.69 6.78
/codebase/client/utils.js 88 71.43 90 91.67
/codebase/client/ErrorHandlerManager/ErrorHandlerManager.js 100 90 100 100
/codebase/client/Sdk/SdkAdapterFactory.js 33.33 0 33.33 33.33
/codebase/client/Sdk/SdkFactoryBuilder.js 25 100 25 25
/codebase/client/TransitionManager/TransitionBlocker.js 93.94 87.5 100 93.94
/codebase/client/TransitionManager/TransitionBlockerList.js 94.74 50 100 93.33
/codebase/client/TransitionManager/TransitionManager.js 92.2 81.48 89.29 92.14
/codebase/client/TransitionManager/GlobalSpinner/GlobalSpinner.js 100 100 100 100
/codebase/client/TransitionManager/ScrollController/ScrollController.js 95.83 100 100 95.83
/codebase/client/TransitionManager/SlotRenderObserver/SlotRenderObserver.js 85.19 79.17 100 84.62
/codebase/client/TransitionManager/TransitionHooks/BaseTransitionHook.js 0 100 0 0
/codebase/client/TransitionManager/TransitionHooks/PerformanceTransitionHook.js 81.82 50 66.67 81.82
/codebase/client/TransitionManager/TransitionHooks/TitleCheckerTransitionHook.js 76.92 40 66.67 76.92
/codebase/client/TransitionManager/TransitionHooks/TransitionHooks.js 52.38 25 71.43 52.38
/codebase/client/TransitionManager/errors/CriticalSlotTransitionError.js 100 100 100 100
/codebase/client/configuration/IlcConfigRoot.js 84.62 50 92.31 84.62
/codebase/client/configuration/SystemJSImportMap.js 86.67 75 100 86.67
/codebase/client/configuration/getIlcConfigRoot.js 100 100 100 100
/codebase/client/constants/ilcEvents.js 100 100 100 100
/codebase/client/errors/BaseError.js 100 80 100 100
/codebase/client/errors/CorsError.js 100 100 100 100
/codebase/client/errors/CriticalFragmentError.js 100 100 100 100
/codebase/client/errors/CriticalInternalError.js 100 100 100 100
/codebase/client/errors/CriticalRuntimeError.js 100 100 100 100
/codebase/client/errors/FetchTemplateError.js 100 100 100 100
/codebase/client/errors/FragmentError.js 100 100 100 100
/codebase/client/errors/InternalError.js 100 100 100 100
/codebase/client/errors/NavigationError.js 100 100 100 100
/codebase/client/errors/RuntimeError.js 100 100 100 100
/codebase/client/errors/UnhandledError.js 100 100 100 100
/codebase/client/navigationEvents/index.js 100 100 100 100
/codebase/client/navigationEvents/setupEvents.js 87.8 83.33 94.12 87.5
/codebase/client/registry/BrowserCacheStorage.ts 100 100 100 100
/codebase/client/registry/Registry.js 90 50 100 90
/codebase/client/registry/errors.js 100 100 100 100
/codebase/client/registry/factory.ts 100 100 100 100
/codebase/client/utils/exponentialRetry.ts 100 100 100 100
/codebase/common/DefaultCacheWrapper.ts 96.61 95.45 100 96.43
/codebase/common/Environment.js 100 100 100 100
/codebase/common/EvictingCacheStorage.ts 100 100 100 100
/codebase/common/SdkOptions.js 100 100 100 100
/codebase/common/UrlProcessor.js 100 100 100 100
/codebase/common/constants.js 100 100 100 100
/codebase/common/i18nCookie.js 100 100 100 100
/codebase/common/utils.ts 68.75 31.25 57.14 65
/codebase/common/Slot/Slot.js 83.33 100 75 83.33
/codebase/common/Slot/SlotCollection.js 87.5 50 100 87.5
/codebase/common/Slot/SpaSlot.js 92.31 100 83.33 92.31
/codebase/common/Slot/SpaSlotCollection.js 88.89 100 66.67 94.12
/codebase/common/Slot/test/fixture.js 100 100 100 100
/codebase/common/router/Router.ts 98 93.55 100 98
/codebase/common/router/errors.ts 100 100 100 100
/codebase/common/transition-hooks/ActionType.ts 100 100 100 100
/codebase/common/transition-hooks/errors.ts 100 100 100 100

Registry

Commit SHA:7b8b0ea9f75a37c3408fadf6bd94890027e9264c

Test coverage results 🧪

Code coverage diff between base branch:master and head branch: feat/NPF-3160-prevent-accessing-datauri
File details
Status File % Stmts % Branch % Funcs % Lines
total 90.14 77.74 81.21 90.22
/codebase/newrelic.js 100 50 100 100
/codebase/server.plugins.manifest.ts 100 100 100 100
/codebase/lde/oauth-server.ts 0 100 0 0
/codebase/server/app.ts 100 50 100 100
/codebase/server/index.ts 0 100 0 0
/codebase/server/runnerAssetsDiscovery.ts 0 0 0 0
/codebase/server/server.ts 0 0 0 0
/codebase/server/appRoutes/interfaces/index.ts 100 100 100 100
/codebase/server/appRoutes/routes/RoutesService.ts 100 100 100 100
/codebase/server/appRoutes/routes/createAppRoute.ts 97.05 100 100 97.05
/codebase/server/appRoutes/routes/deleteAppRoute.ts 100 100 100 100
/codebase/server/appRoutes/routes/getAppRoute.ts 100 100 100 100
/codebase/server/appRoutes/routes/getAppRoutes.ts 95.83 87.5 100 95.83
/codebase/server/appRoutes/routes/index.ts 100 100 100 100
/codebase/server/appRoutes/routes/updateAppRoute.ts 100 100 100 100
/codebase/server/appRoutes/services/prepareAppRoute.ts 100 60 100 100
/codebase/server/appRoutes/services/transformSpecialRoutes.ts 100 100 100 100
/codebase/server/apps/interfaces/index.ts 93.75 100 66.66 93.75
/codebase/server/apps/repositories/AppsRepository.ts 97.36 86.66 100 97.36
/codebase/server/apps/routes/createApp.ts 100 100 100 100
/codebase/server/apps/routes/deleteApp.ts 100 100 100 100
/codebase/server/apps/routes/getApp.ts 100 100 100 100
/codebase/server/apps/routes/getApps.ts 100 50 100 100
/codebase/server/apps/routes/index.ts 100 100 100 100
/codebase/server/apps/routes/updateApp.ts 96.29 85.71 100 96.29
/codebase/server/auth/index.ts 97.5 0 100 97.5
/codebase/server/auth/handlers/availableMethodsHandler.ts 100 100 100 100
/codebase/server/auth/handlers/localLoginHandler.ts 100 100 100 100
/codebase/server/auth/handlers/logoutHandler.ts 75 25 100 81.81
/codebase/server/auth/handlers/openIdAuthCallbackHandler.ts 94.44 66.66 100 94.44
/codebase/server/auth/middleware/bearerAuthenticationMiddleware.ts 100 100 100 100
/codebase/server/auth/middleware/initializeOpenIdMiddleware.ts 92.85 66.66 100 92.85
/codebase/server/auth/middleware/rolesMiddleware.ts 100 100 100 100
/codebase/server/auth/services/AuthService.ts 100 100 100 100
/codebase/server/auth/services/OpenIdService.ts 100 100 100 100
/codebase/server/auth/strategies/CustomOIDCStrategy.ts 88.88 60 100 88.88
/codebase/server/auth/strategies/bearer.ts 100 100 100 100
/codebase/server/auth/strategies/local.ts 100 100 100 100
/codebase/server/auth/strategies/oidc.ts 94.11 73.07 100 93.93
/codebase/server/authEntities/interfaces.ts 100 100 100 100
/codebase/server/authEntities/routes/create.ts 100 100 100 100
/codebase/server/authEntities/routes/deleteRoute.ts 100 100 100 100
/codebase/server/authEntities/routes/get.ts 100 100 100 100
/codebase/server/authEntities/routes/getAll.ts 100 100 100 100
/codebase/server/authEntities/routes/index.ts 100 100 100 100
/codebase/server/authEntities/routes/update.ts 100 100 100 100
/codebase/server/common/services/json.ts 81.81 84 91.66 80
/codebase/server/common/services/preProcessResponse.ts 85.71 100 0 85.71
/codebase/server/common/services/validateRequest.ts 92.59 80 100 92.3
/codebase/server/common/services/assets/AssetsDiscovery.ts 95 76.47 93.33 95
/codebase/server/common/services/assets/AssetsDiscoveryProcessor.ts 94.11 66.66 100 94.11
/codebase/server/common/services/assets/AssetsDiscoveryWhiteLists.ts 100 100 100 100
/codebase/server/common/services/assets/AssetsManifestReader.ts 100 100 100 100
/codebase/server/common/services/assets/AssetsValidator.ts 100 100 100 100
/codebase/server/common/services/assets/assetsManifestProcessor.ts 100 100 100 100
/codebase/server/common/services/assets/errors/AssetsManifestError.ts 100 100 100 100
/codebase/server/common/services/entries/ApplicationEntry.ts 94.82 81.81 100 94.82
/codebase/server/common/services/entries/Entry.ts 0 0 0 0
/codebase/server/common/services/entries/EntryFactory.ts 95.23 80 100 95.23
/codebase/server/common/services/entries/SharedLibEntry.ts 97.56 85.71 100 97.56
/codebase/server/common/services/entries/error/EntryError.ts 100 100 100 100
/codebase/server/common/services/entries/error/IncorrectEntryError.ts 100 100 100 100
/codebase/server/common/services/entries/error/NotFoundApplicationError.ts 100 100 100 100
/codebase/server/common/services/entries/error/NotFoundFqrnError.ts 100 100 100 100
/codebase/server/common/services/entries/error/NotFoundSharedLibraryError.ts 100 100 100 100
/codebase/server/common/services/entries/error/ValidationFqrnError.ts 100 100 100 100
/codebase/server/config/ConfigService.ts 97.18 88.88 100 97.05
/codebase/server/config/getConfig.ts 100 100 100 100
/codebase/server/config/index.ts 100 100 100 100
/codebase/server/config/transformConfig.ts 95.83 80.64 100 95.34
/codebase/server/config/updateConfig.ts 93.33 100 100 93.33
/codebase/server/config/validateConfig.ts 100 100 100 100
/codebase/server/db/cascadeTruncate.ts 71.42 50 100 71.42
/codebase/server/db/index.ts 100 80 100 100
/codebase/server/db/logger.ts 100 100 100 100
/codebase/server/db/range.ts 100 100 100 100
/codebase/server/db/structure.ts 100 100 100 100
/codebase/server/db/syncSequence.ts 100 100 100 100
/codebase/server/db/versioning.ts 93.33 0 100 93.33
/codebase/server/entries/entries.ts 87.09 85.71 100 87.09
/codebase/server/errorHandler/httpErrors.ts 100 100 100 100
/codebase/server/errorHandler/index.ts 100 100 100 100
/codebase/server/errorHandler/noticeError.ts 100 0 100 100
/codebase/server/middleware/context.ts 100 66.66 100 100
/codebase/server/middleware/filters.ts 100 100 100 100
/codebase/server/middleware/unless.ts 100 75 100 100
/codebase/server/middleware/userContext.ts 100 100 100 100
/codebase/server/middleware/validatelocales.ts 95.23 66.66 100 95
/codebase/server/migrations/20191016185102_apps.ts 100 100 66.66 100
/codebase/server/migrations/20191017131220_templates.ts 100 100 66.66 100
/codebase/server/migrations/20191017131749_routes.ts 100 100 66.66 100
/codebase/server/migrations/20191017144455_route_slots.ts 100 100 66.66 100
/codebase/server/migrations/20200113141956_apps.ts 66.66 100 50 66.66
/codebase/server/migrations/20200113142437_route_slots.ts 66.66 100 50 66.66
/codebase/server/migrations/20200120162838_apps_config_selector.ts 66.66 100 50 66.66
/codebase/server/migrations/20200121110723_shared_props.ts 83.33 100 66.66 83.33
/codebase/server/migrations/20200409184919_auth_entitites.ts 100 100 66.66 100
/codebase/server/migrations/20200409190157_auth_entitites_default.ts 100 100 50 100
/codebase/server/migrations/20200410180130_sessions.ts 88.88 50 66.66 88.88
/codebase/server/migrations/20200518134531_apps_initProps_removal.ts 66.66 100 50 66.66
/codebase/server/migrations/20200729141256_settings.ts 100 100 66.66 100
/codebase/server/migrations/20201012152003_settings_meta.ts 58.33 100 50 58.33
/codebase/server/migrations/20201013140633_settings_default.ts 90.9 50 75 90.9
/codebase/server/migrations/20201027180112_settings_globalSpinner.ts 80 100 50 80
/codebase/server/migrations/20201028142200_settings_i18n.ts 80 100 50 80
/codebase/server/migrations/20201029122727_settings_AuthOpenIdUniqueIdentifierClaimName.ts 80 100 50 80
/codebase/server/migrations/20201105155522_versioning.ts 90.9 100 66.66 90.9
/codebase/server/migrations/20201130141801_i18n_enabled_by_default.ts 80 100 50 80
/codebase/server/migrations/20201228201314_route_meta.ts 66.66 100 50 66.66
/codebase/server/migrations/20210125185210_app_wrapper_kind.ts 66.66 25 75 66.66
/codebase/server/migrations/20210125185211_apps_wrappedWith.ts 66.66 100 50 66.66
/codebase/server/migrations/20210219174348_settings_overrideConfigTrustedOrigins.ts 80 100 50 80
/codebase/server/migrations/20210226191151_apps_ssrProps.ts 66.66 100 50 66.66
/codebase/server/migrations/20210226191205_shared_props_ssrProps.ts 66.66 100 50 66.66
/codebase/server/migrations/20210405164831_router_domains.ts 85.71 100 66.66 85.71
/codebase/server/migrations/20210405182655_routes_domainId.ts 63.46 37.5 59.09 63.46
/codebase/server/migrations/20210426163602_routes_orderPosIsNullable.ts 66 37.5 54.16 66
/codebase/server/migrations/20210430154258_routes_uniqfromSpecialRoleToRoute.ts 62.5 100 50 62.5
/codebase/server/migrations/20210430154639_routes_moveSpecialRolesToRoute.ts 35.29 0 37.5 35.29
/codebase/server/migrations/20210430155514_routes_removeColumnSpecialRole.ts 66.66 100 50 66.66
/codebase/server/migrations/20210505151225_routes_domainIdIdxble.ts 46.15 40 33.33 46.15
/codebase/server/migrations/20210505181754_routes_orderPos_unique_per_domain.ts 62.5 100 50 62.5
/codebase/server/migrations/20210505182004_routes_route_unique_per_domain.ts 62.5 100 50 62.5
/codebase/server/migrations/20210505182425_old_tbls_cleanup.ts 80 50 50 80
/codebase/server/migrations/20210521125202_routes_drop_unique_route.ts 66.66 100 50 66.66
/codebase/server/migrations/20210607160910_apps_discoveryMetadata.ts 66.66 100 50 66.66
/codebase/server/migrations/20210607161242_apps_adminNotes.ts 66.66 100 50 66.66
/codebase/server/migrations/20210625150840_roles_userToReadonly.ts 50 50 50 50
/codebase/server/migrations/20210701183133_auth_entity_readonly.ts 80 100 50 80
/codebase/server/migrations/20210826144904_shared_libs.ts 88.88 100 66.66 88.88
/codebase/server/migrations/20220121115756_settings_onPropsUpdate.ts 80 100 50 80
/codebase/server/migrations/20220315155008_increase-template-size.ts 66.66 100 50 66.66
/codebase/server/migrations/20220316133143_versioning-text-update.ts 62.5 100 50 62.5
/codebase/server/migrations/20220323123155_add-locale-to-template.ts 88.88 100 66.66 88.88
/codebase/server/migrations/20220520083801_apps_enforceDomain.ts 66.66 100 50 66.66
/codebase/server/migrations/20220815164948_l20nManifest.ts 66.66 100 50 66.66
/codebase/server/migrations/20220819204836_rename-use-l10n.ts 66.66 100 50 66.66
/codebase/server/migrations/20220928161155_shared-lib-add-localization.ts 66.66 100 50 66.66
/codebase/server/migrations/20221118164122_add_csp_settings.ts 80 100 50 80
/codebase/server/migrations/20221123163817_csp-available-host-for-local.ts 80 100 50 80
/codebase/server/migrations/20221201191407_csp_enable_scrict_mode.ts 100 100 50 100
/codebase/server/migrations/20230303174003_settings-add-primary-key.ts 66.66 100 50 66.66
/codebase/server/migrations/20230303175443_settings-domain-value-table.ts 90 100 66.66 90
/codebase/server/migrations/20230703130802_remove-spa-bundle-constraint.ts 66.66 100 50 66.66
/codebase/server/migrations/20231003103643_routes_meta.ts 44.44 0 25 44.44
/codebase/server/migrations/20240315141721_pg_versioning_idx.ts 57.14 0 50 57.14
/codebase/server/migrations/20250225163431_unique_route.ts 70 100 50 70
/codebase/server/migrations/20250227154210_unique_app.ts 70 100 50 70
/codebase/server/migrations/20250303125703_orderpos_sequence.ts 30.76 0 25 30.76
/codebase/server/migrations/20250313162453_unique_route_v2.ts 63.63 50 50 63.63
/codebase/server/migrations/20250331085251_routeIdCascadeDelete.ts 62.5 100 50 62.5
/codebase/server/migrations/20250404133940_orderpos_sequence_revert.ts 30.76 0 25 30.76
/codebase/server/migrations/20250618105344_add_props_to_router_domains.ts 62.5 100 50 62.5
/codebase/server/migrations/20250818155232_canonical_domain_to_router_domain.ts 66.66 100 50 66.66
/codebase/server/public/interfaces.ts 0 0 0 0
/codebase/server/public/routes/appDiscovery.ts 100 100 100 100
/codebase/server/public/routes/index.ts 100 100 100 100
/codebase/server/routerDomains/interfaces/index.ts 93.33 100 100 92.85
/codebase/server/routerDomains/routes/createRouterDomains.ts 100 100 100 100
/codebase/server/routerDomains/routes/deleteRouterDomains.ts 94.11 100 100 94.11
/codebase/server/routerDomains/routes/getAllRouterDomains.ts 100 100 100 100
/codebase/server/routerDomains/routes/getRouterDomains.ts 100 100 100 100
/codebase/server/routerDomains/routes/index.ts 100 100 100 100
/codebase/server/routerDomains/routes/updateRouterDomains.ts 100 100 100 100
/codebase/server/routes/routes.ts 100 100 100 100
/codebase/server/seeds/00_cleanup.ts 81.81 0 100 81.81
/codebase/server/seeds/01_apps.ts 100 100 100 100
/codebase/server/seeds/02_templates.ts 100 100 100 100
/codebase/server/seeds/03_routerDomains.ts 100 100 100 100
/codebase/server/seeds/04_routes.ts 100 100 100 100
/codebase/server/seeds/05_route_slots.ts 100 100 100 100
/codebase/server/seeds/06_settings.ts 90.9 50 100 90.9
/codebase/server/seeds/07_rootPwd.ts 83.33 0 100 83.33
/codebase/server/settings/interfaces/cspSchema.ts 100 100 100 100
/codebase/server/settings/interfaces/index.ts 100 100 100 100
/codebase/server/settings/routes/createSetting.ts 100 100 100 100
/codebase/server/settings/routes/deleteDomainSetting.ts 100 100 100 100
/codebase/server/settings/routes/getSetting.ts 100 50 100 100
/codebase/server/settings/routes/getSettings.ts 100 82.35 100 100
/codebase/server/settings/routes/index.ts 100 100 100 100
/codebase/server/settings/routes/updateSetting.ts 100 100 100 100
/codebase/server/settings/services/SettingsService.ts 88.97 75.43 100 95.2
/codebase/server/sharedLibs/interfaces/index.ts 100 100 100 100
/codebase/server/sharedLibs/repositories/SharedLibsRepository.ts 100 100 100 100
/codebase/server/sharedLibs/routes/createSharedLib.ts 95 100 100 95
/codebase/server/sharedLibs/routes/deleteSharedLib.ts 100 100 100 100
/codebase/server/sharedLibs/routes/getSharedLib.ts 100 100 100 100
/codebase/server/sharedLibs/routes/getSharedLibs.ts 100 50 100 100
/codebase/server/sharedLibs/routes/index.ts 100 100 100 100
/codebase/server/sharedLibs/routes/updateSharedLib.ts 92.59 85.71 100 92.59
/codebase/server/sharedProps/interfaces/index.ts 100 100 100 100
/codebase/server/sharedProps/routes/createSharedProps.ts 100 100 100 100
/codebase/server/sharedProps/routes/deleteSharedProps.ts 100 100 100 100
/codebase/server/sharedProps/routes/getAllSharedProps.ts 100 100 100 100
/codebase/server/sharedProps/routes/getSharedProps.ts 100 100 100 100
/codebase/server/sharedProps/routes/index.ts 100 100 100 100
/codebase/server/sharedProps/routes/updateSharedProps.ts 100 100 100 100
/codebase/server/templates/errors.ts 100 100 100 100
/codebase/server/templates/interfaces/index.ts 0 0 0 0
/codebase/server/templates/routes/createTemplate.ts 92.85 100 100 92.85
/codebase/server/templates/routes/deleteTemplate.ts 100 100 100 100
/codebase/server/templates/routes/deleteTemplateLocalizedVersion.ts 100 66.66 100 100
/codebase/server/templates/routes/getRenderedTemplate.ts 95.83 91.66 100 95.83
/codebase/server/templates/routes/getTemplate.ts 100 100 100 100
/codebase/server/templates/routes/getTemplates.ts 100 50 100 100
/codebase/server/templates/routes/index.ts 100 100 100 100
/codebase/server/templates/routes/partialUpdateTemplate.ts 100 66.66 100 100
/codebase/server/templates/routes/updateTemplate.ts 100 80 100 100
/codebase/server/templates/routes/upsertTemplateLocalizedVersion.ts 100 66.66 100 100
/codebase/server/templates/routes/validation.ts 93.33 0 100 93.33
/codebase/server/templates/services/parseLinkHeader.ts 100 100 100 100
/codebase/server/templates/services/renderTemplate.ts 97.33 90 100 97.1
/codebase/server/templates/services/templatesRepository.ts 98.16 86.95 100 98.11
/codebase/server/templates/services/resources/Attributes.ts 100 100 100 100
/codebase/server/templates/services/resources/Resource.ts 100 100 100 100
/codebase/server/templates/services/resources/ResourceLinkParser.ts 100 100 100 100
/codebase/server/templates/services/resources/ResourcePreload.ts 100 100 100 100
/codebase/server/templates/services/resources/ResourceScript.ts 100 100 100 100
/codebase/server/templates/services/resources/ResourceStylesheet.ts 100 100 100 100
/codebase/server/templates/services/resources/buildAttributes.ts 100 100 100 100
/codebase/server/templates/services/resources/filterObject.ts 100 100 100 100
/codebase/server/util/TemplateParser.ts 100 100 100 100
/codebase/server/util/TypedMap.ts 100 100 100 100
/codebase/server/util/axiosErrorTransformer.ts 100 50 100 100
/codebase/server/util/axiosExponentialRetry.ts 100 100 100 100
/codebase/server/util/db.ts 100 80 100 100
/codebase/server/util/exhaustiveCheck.ts 50 100 0 50
/codebase/server/util/extendError.ts 100 100 100 100
/codebase/server/util/helpers.ts 93.75 87.5 100 92.85
/codebase/server/util/hmac.ts 100 100 100 100
/codebase/server/util/isTemplateValid.ts 87.5 66.66 100 87.5
/codebase/server/util/logger.ts 73.68 84.61 40 72.97
/codebase/server/util/normalizeArray.ts 83.33 75 100 83.33
/codebase/server/util/ping.ts 100 100 100 100
/codebase/server/util/pluginManager.ts 88.88 50 100 88.88
/codebase/server/util/set.ts 100 100 100 100
/codebase/server/versioning/config.ts 100 100 100 100
/codebase/server/versioning/errors.ts 100 100 100 100
/codebase/server/versioning/interfaces.ts 100 100 100 100
/codebase/server/versioning/routes/getVersions.ts 86.66 57.14 100 85.71
/codebase/server/versioning/routes/index.ts 100 100 100 100
/codebase/server/versioning/routes/revertVersion.ts 53.33 0 100 53.33
/codebase/server/versioning/services/Versioning.ts 86.17 73.8 100 85.55
/codebase/typings/PaginatedResult.ts 0 0 0 0
/codebase/typings/User.ts 0 0 0 0

@m2broth m2broth merged commit 458662f into master Dec 11, 2025
31 of 32 checks passed
@m2broth m2broth deleted the feat/NPF-3160-prevent-accessing-datauri branch December 11, 2025 13:06
@m2broth m2broth mentioned this pull request Dec 18, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stas-nc stas-nc stas-nc approved these changes

@blackrabbit99 blackrabbit99 Awaiting requested review from blackrabbit99

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@m2broth @stas-nc