clerk/javascript @clerk/nextjs@6.14.0

on GitHub

Minor Changes

• Update useAuth to handle pending sessions as signed-out by default, with opt-out via useAuth({ treatPendingAsSignedOut: false }) or <ClerkProvider treatPendingAsSignedOut={false} /> (#5507) by @LauraBeatris

• • Introduce auth().redirectToSignUp() that can be used in API routes and pages. Originally effort by @sambarnes (#5533) by @panteliselef

  import { clerkMiddleware } from '@clerk/nextjs/server';
  
  export default clerkMiddleware(async auth => {
    const { userId, redirectToSignUp } = await auth();
  
    if (!userId) {
      return redirectToSignUp();
    }
  });

• Added Content Security Policy (CSP) header generation functionality to clerkMiddleware with support for both standard and strict-dynamic modes. Key features: (#5493) by @jacekradko

  • Automatic generation of CSP headers with default security policies compatible with Clerk requirements
  • Support for both standard and strict-dynamic CSP modes
  • Automatic nonce generation for strict-dynamic mode
  • Ability to add custom directives to match project requirements

  Example

  export default clerkMiddleware(
    async (auth, request) => {
      if (!isPublicRoute(request)) {
        await auth.protect();
      }
    },
    {
      contentSecurityPolicy: {
        mode: "strict-dynamic",
        directives: {
          "connect-src": ["external.api.com"],
          "script-src": ["external.scripts.com"]
        }
      }
    }
  );
  

Patch Changes

• Updated dependencies [e1ec52b, bebb6d8, a8180ce, d0d5203, 6112420, 2cceeba, 026ad57, 9b25e31]:
  • @clerk/clerk-react@5.26.0
  • @clerk/types@4.51.0
  • @clerk/backend@1.27.0
  • @clerk/shared@3.4.0