@shopify/shopify-app-express/dist/esm/middlewares/csp-headers.mjs.map

Shopify Express Middleware - to simplify the building of Shopify Apps with Express

{"version":3,"file":"csp-headers.mjs","sources":["../../../../src/middlewares/csp-headers.ts"],"sourcesContent":["import {Request, Response, NextFunction} from 'express';\nimport {Shopify} from '@shopify/shopify-api';\n\nimport {CspHeadersMiddleware} from './types';\n\ninterface CspHeadersParams {\n  api: Shopify;\n}\n\nexport function cspHeaders({api}: CspHeadersParams): CspHeadersMiddleware {\n  return function cspHeaders() {\n    return async (req: Request, res: Response, next: NextFunction) => {\n      addCSPHeader(api, req, res);\n      next();\n    };\n  };\n}\n\nexport function addCSPHeader(api: Shopify, req: Request, res: Response) {\n  const shop = api.utils.sanitizeShop(req.query.shop as string);\n  if (api.config.isEmbeddedApp && shop) {\n    res.setHeader(\n      'Content-Security-Policy',\n      `frame-ancestors https://${encodeURIComponent(\n        shop,\n      )} https://admin.shopify.com https://*.spin.dev https://admin.myshopify.io https://admin.shop.dev;`,\n    );\n  } else {\n    res.setHeader('Content-Security-Policy', `frame-ancestors 'none';`);\n  }\n}\n"],"names":[],"mappings":"AASM,SAAU,UAAU,CAAC,EAAC,GAAG,EAAmB,EAAA;AAChD,IAAA,OAAO,SAAS,UAAU,GAAA;QACxB,OAAO,OAAO,GAAY,EAAE,GAAa,EAAE,IAAkB,KAAI;AAC/D,YAAA,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC;AAC3B,YAAA,IAAI,EAAE;AACR,QAAA,CAAC;AACH,IAAA,CAAC;AACH;SAEgB,YAAY,CAAC,GAAY,EAAE,GAAY,EAAE,GAAa,EAAA;AACpE,IAAA,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,IAAc,CAAC;IAC7D,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,IAAI,IAAI,EAAE;AACpC,QAAA,GAAG,CAAC,SAAS,CACX,yBAAyB,EACzB,CAAA,wBAAA,EAA2B,kBAAkB,CAC3C,IAAI,CACL,CAAA,gGAAA,CAAkG,CACpG;IACH;SAAO;AACL,QAAA,GAAG,CAAC,SAAS,CAAC,yBAAyB,EAAE,CAAA,uBAAA,CAAyB,CAAC;IACrE;AACF;;;;"}