From fed7f2fa5b22454cf2873d49da870d945d9fb02d Mon Sep 17 00:00:00 2001
From: Jacob Fletcher <jacobsfletch@gmail.com>
Date: Mon, 26 Aug 2024 17:50:29 -0400
Subject: [PATCH] fix: sanitizes modifyResponseHeaders from client config
 (#7876)

---
 .../payload/src/collections/config/client.ts  |  9 ++++
 packages/payload/src/index.ts                 |  1 +
 .../Config/createClientConfig/collections.tsx | 50 +++++++++++--------
 3 files changed, 40 insertions(+), 20 deletions(-)

diff --git a/packages/payload/src/collections/config/client.ts b/packages/payload/src/collections/config/client.ts
index 6e677117e..a78f137ed 100644
--- a/packages/payload/src/collections/config/client.ts
+++ b/packages/payload/src/collections/config/client.ts
@@ -14,6 +14,15 @@ export type ServerOnlyCollectionAdminProperties = keyof Pick<
   'hidden' | 'preview'
 >
 
+export type ServerOnlyUploadProperties = keyof Pick<
+  SanitizedCollectionConfig['upload'],
+  | 'adminThumbnail'
+  | 'externalFileHeaderFilter'
+  | 'handlers'
+  | 'modifyResponseHeaders'
+  | 'withMetadata'
+>
+
 export type ClientCollectionConfig = {
   _isPreviewEnabled?: true
   admin: {
diff --git a/packages/payload/src/index.ts b/packages/payload/src/index.ts
index 680bac36a..cda588fee 100644
--- a/packages/payload/src/index.ts
+++ b/packages/payload/src/index.ts
@@ -663,6 +663,7 @@ export type { ClientCollectionConfig } from './collections/config/client.js'
 export type {
   ServerOnlyCollectionAdminProperties,
   ServerOnlyCollectionProperties,
+  ServerOnlyUploadProperties,
 } from './collections/config/client.js'
 export type {
   AfterChangeHook as CollectionAfterChangeHook,
diff --git a/packages/ui/src/providers/Config/createClientConfig/collections.tsx b/packages/ui/src/providers/Config/createClientConfig/collections.tsx
index 07695ee67..6f5ae2de4 100644
--- a/packages/ui/src/providers/Config/createClientConfig/collections.tsx
+++ b/packages/ui/src/providers/Config/createClientConfig/collections.tsx
@@ -11,6 +11,7 @@ import type {
   SanitizedCollectionConfig,
   ServerOnlyCollectionAdminProperties,
   ServerOnlyCollectionProperties,
+  ServerOnlyUploadProperties,
 } from 'payload'
 import type React from 'react'
 
@@ -18,6 +19,30 @@ import { deepCopyObjectSimple } from 'payload'
 
 import { createClientFields } from './fields.js'
 
+const serverOnlyCollectionProperties: Partial<ServerOnlyCollectionProperties>[] = [
+  'hooks',
+  'access',
+  'endpoints',
+  'custom',
+  // `upload`
+  // `admin`
+  // are all handled separately
+]
+
+const serverOnlyUploadProperties: Partial<ServerOnlyUploadProperties>[] = [
+  'adminThumbnail',
+  'externalFileHeaderFilter',
+  'handlers',
+  'modifyResponseHeaders',
+  'withMetadata',
+]
+
+const serverOnlyCollectionAdminProperties: Partial<ServerOnlyCollectionAdminProperties>[] = [
+  'hidden',
+  'preview',
+  // `livePreview` is handled separately
+]
+
 export const createClientCollectionConfig = ({
   DefaultEditView,
   DefaultListView,
@@ -46,16 +71,6 @@ export const createClientCollectionConfig = ({
     payload,
   })
 
-  const serverOnlyCollectionProperties: Partial<ServerOnlyCollectionProperties>[] = [
-    'hooks',
-    'access',
-    'endpoints',
-    'custom',
-    // `upload`
-    // `admin`
-    // are all handled separately
-  ]
-
   serverOnlyCollectionProperties.forEach((key) => {
     if (key in clientCollection) {
       delete clientCollection[key]
@@ -63,10 +78,11 @@ export const createClientCollectionConfig = ({
   })
 
   if ('upload' in clientCollection && typeof clientCollection.upload === 'object') {
-    delete clientCollection.upload.handlers
-    delete clientCollection.upload.adminThumbnail
-    delete clientCollection.upload.externalFileHeaderFilter
-    delete clientCollection.upload.withMetadata
+    serverOnlyUploadProperties.forEach((key) => {
+      if (key in clientCollection.upload) {
+        delete clientCollection.upload[key]
+      }
+    })
 
     if ('imageSizes' in clientCollection.upload && clientCollection.upload.imageSizes.length) {
       clientCollection.upload.imageSizes = clientCollection.upload.imageSizes.map((size) => {
@@ -91,12 +107,6 @@ export const createClientCollectionConfig = ({
     })
   }
 
-  const serverOnlyCollectionAdminProperties: Partial<ServerOnlyCollectionAdminProperties>[] = [
-    'hidden',
-    'preview',
-    // `livePreview` is handled separately
-  ]
-
   serverOnlyCollectionAdminProperties.forEach((key) => {
     if (key in clientCollection.admin) {
       delete clientCollection.admin[key]