@stacksjs/stx
Version:
A performant UI Framework. Powered by Bun.
79 lines • 2.05 kB
TypeScript
/**
* Individual CSP directive configuration
* Maps directive names to arrays of allowed sources
*/
export declare interface CspDirectives {
'default-src'?: CspSourceValue[]
'script-src'?: CspSourceValue[]
'style-src'?: CspSourceValue[]
'img-src'?: CspSourceValue[]
'font-src'?: CspSourceValue[]
'connect-src'?: CspSourceValue[]
'media-src'?: CspSourceValue[]
'object-src'?: CspSourceValue[]
'frame-src'?: CspSourceValue[]
'worker-src'?: CspSourceValue[]
'child-src'?: CspSourceValue[]
'manifest-src'?: CspSourceValue[]
'form-action'?: CspSourceValue[]
'frame-ancestors'?: CspSourceValue[]
'prefetch-src'?: CspSourceValue[]
'navigate-to'?: CspSourceValue[]
'base-uri'?: CspSourceValue[]
'report-uri'?: string[]
'report-to'?: string[]
'upgrade-insecure-requests'?: boolean
'block-all-mixed-content'?: boolean
'sandbox'?: (
| 'allow-forms'
| 'allow-modals'
| 'allow-orientation-lock'
| 'allow-pointer-lock'
| 'allow-popups'
| 'allow-popups-to-escape-sandbox'
| 'allow-presentation'
| 'allow-same-origin'
| 'allow-scripts'
| 'allow-top-navigation'
| 'allow-top-navigation-by-user-activation'
)[]
'require-trusted-types-for'?: ('script')[]
'trusted-types'?: string[]
}
/**
* CSP configuration options
*/
export declare interface CspConfig {
enabled: boolean
reportOnly?: boolean
directives: CspDirectives
useNonce?: boolean
addMetaTag?: boolean
nonceGenerator?: () => string
}
/**
* Content Security Policy Types
*/
/**
* CSP directive source values
* These are the standard source values that can be used in CSP directives
*/
export type CspSourceValue = | '\'self\''
| '\'unsafe-inline\''
| '\'unsafe-eval\''
| '\'unsafe-hashes\''
| '\'strict-dynamic\''
| '\'report-sample\''
| '\'wasm-unsafe-eval\''
| '\'none\''
| 'data:'
| 'blob:'
| 'https:'
| 'http:'
| 'ws:'
| 'wss:'
| string
/**
* Preset CSP configurations for common use cases
*/
export type CspPreset = 'strict' | 'moderate' | 'relaxed' | 'api'