UNPKG

@jackdbd/permissions-policy

Version:

Define your `Permissions-Policy` in JavaScript and let this library generate the header for you.

github.com/jackdbd/permissions-policy/tree/main

jackdbd/permissions-policy

71 lines 2.89 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
import { options as options_schema } from './options.js'; import { validatedResult } from './validation.js'; export { allow_item, allowlist } from './allowlist.js'; export { feature } from './feature.js'; export { options } from './options.js'; export const permissionsPolicy = (options) => { const result = validatedResult(options, options_schema); if (result.error) { const detail = 'If you are trying to configure Permissions-Policy with one or more features not implemented in this library, you can opt out of the schema validation by setting the environment variable `SKIP_VALIDATION` to `1`.'; const error = new Error(`${result.error.message}. ${detail}`); return { error }; } if (!result.value) { return { error: new Error(`options not set`) }; } if (!result.value.features) { return { error: new Error(`features not set`) }; } const { features, reportingEndpoint } = result.value; const directives = []; Object.entries(features).map(([feature, arr]) => { const allowlist = arr === undefined || arr.length === 0 ? '' : arr .map((s) => { return s.includes('http') ? `"${s}"` : s; }) .join(' '); if (allowlist === '*') { directives.push(`${feature}=*`); } else { directives.push(`${feature}=(${allowlist})`); } }); directives.sort(); const value = reportingEndpoint ? `${directives.join(', ')}; report-to="${reportingEndpoint}"` : directives.join(', '); return { value }; }; export const featurePolicy = (options) => { const result = validatedResult(options, options_schema); if (result.error) { const detail = 'If you are trying to configure Feature-Policy with one or more features not implemented in this library, you can opt out of the schema validation by setting the environment variable `SKIP_VALIDATION` to `1`.'; const error = new Error(`${result.error.message}. ${detail}`); return { error }; } if (!result.value) { return { error: new Error(`options not set`) }; } if (!result.value.features) { return { error: new Error(`features not set`) }; } const { features } = result.value; const directives = []; Object.entries(features).map(([feature, arr]) => { const allowlist = arr === undefined || arr.length === 0 ? `'none'` : arr .map((s) => { return s.includes('http') || s === '*' ? s : `'${s}'`; }) .join(' '); directives.push(`${feature} ${allowlist}`); }); directives.sort(); // I don't think report-to is available to Feature-Policy return { value: directives.join('; ') }; }; //# sourceMappingURL=index.js.map