UNPKG

alagarr

Version:

Alagarr is a request-response helper library that removes the boilerplate from your Node.js serverless functions and helps make your code portable.

github.com/adieuadieu/alagarr

adieuadieu/alagarr

30 lines (29 loc) 1.45 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
"use strict"; var __rest = (this && this.__rest) || function (s, e) { var t = {}; for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0) t[p] = s[p]; if (s != null && typeof Object.getOwnPropertySymbols === "function") for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) { if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i])) t[p[i]] = s[p[i]]; } return t; }; Object.defineProperty(exports, "__esModule", { value: true }); const DEFAULT_POLICIES = { 'default-src': "'self' https: 'unsafe-inline'", 'img-src': '* data: blob:', }; function cspHeaders(response, _, options) { const { headers = {} } = response, rest = __rest(response, ["headers"]); const cspPolicies = Object.assign({}, DEFAULT_POLICIES, options.cspPolicies); const cspPolicy = Object.keys(cspPolicies) .map((policy) => `${policy} ${cspPolicies[policy]}`) .join(';'); return Object.assign({}, rest, { headers: Object.assign({}, headers, { 'referrer-policy': 'strict-origin-when-cross-origin', 'x-content-type-options': 'nosniff', 'x-xss-protection': '1; mode=block', 'content-security-policy': cspPolicy, 'x-frame-options': { "'none'": 'DENY', "'self'": 'SAMEORIGIN', }[cspPolicies['frame-ancestors']] || undefined }) }); } exports.default = cspHeaders;