UNPKG

@tsdiapi/server

Version:

A fully ESM-based, modular TypeScript server built on Fastify

tsdiapi.com

unbywyd/tsdiapi-server

42 lines (39 loc) 1.54 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
import helmet, { FastifyHelmetOptions } from '@fastify/helmet'; import { AppOptions } from "./types.js"; const defaultHelmet: FastifyHelmetOptions = { contentSecurityPolicy: { directives: { defaultSrc: [ "'self'", /** @by-us - adds graphiql support over helmet's default CSP */ "'unsafe-inline'", ], baseUri: ["'self'"], blockAllMixedContent: [], fontSrc: ["'self'", 'https:', 'data:'], frameAncestors: ["'self'", '*'], imgSrc: ["'self'", 'data:'], objectSrc: ["'none'"], scriptSrc: [ "'self'", /** @by-us - adds graphiql support over helmet's default CSP */ "'unsafe-inline'", /** @by-us - adds graphiql support over helmet's default CSP */ "'unsafe-eval'", ], upgradeInsecureRequests: [], }, }, crossOriginResourcePolicy: { policy: 'cross-origin' }, crossOriginOpenerPolicy: { policy: 'same-origin-allow-popups' }, } export function setupHelmet(helmetOptions?: AppOptions['helmetOptions']) { let options: FastifyHelmetOptions = defaultHelmet; if (helmetOptions === false) return false; if ('function' === typeof helmetOptions) { options = helmetOptions(defaultHelmet); } else if ('object' === typeof helmetOptions) { options = helmetOptions } return options; }