csp-builder/dist-web/index.js

A builder tool to help generate Content Security Policies in a type-safe way

var PredefinedSource;
(function (PredefinedSource) {
    PredefinedSource["None"] = "'none'";
    PredefinedSource["ReportSample"] = "'report-sample'";
    PredefinedSource["Self"] = "'self'";
    PredefinedSource["StrictDynamic"] = "'strict-dynamic'";
    PredefinedSource["UnsafeEval"] = "'unsafe-eval'";
    PredefinedSource["UnsafeInline"] = "'unsafe-inline'";
})(PredefinedSource || (PredefinedSource = {}));
var SchemaSource;
(function (SchemaSource) {
    SchemaSource["Blob"] = "blob:";
    SchemaSource["Data"] = "data:";
    SchemaSource["Filesystem"] = "filesystem:";
    SchemaSource["Http"] = "http:";
    SchemaSource["Https"] = "https:";
    SchemaSource["MediaStream"] = "mediastream:";
})(SchemaSource || (SchemaSource = {}));
var DirectiveType;
(function (DirectiveType) {
    DirectiveType["Fetch"] = "fetch";
    DirectiveType["Document"] = "document";
    DirectiveType["Navigation"] = "navigation";
    DirectiveType["Reporting"] = "reporting";
    DirectiveType["Other"] = "other";
})(DirectiveType || (DirectiveType = {}));

class AbstractMultiValueDirective {
    constructor() {
        this.state = new Set();
    }
    addValue(value) {
        const values = Array.isArray(value) ? value : [value];
        this.state = new Set([...this.state, ...values]);
        return this;
    }
    serialize() {
        const sources = Array.from(this.state).join(' ');
        return `${this.getDirectiveName()} ${sources};`;
    }
    getMinimumCspVersion() {
        return 1;
    }
}

class ConnectSource extends AbstractMultiValueDirective {
    getDirectiveName() {
        return 'connect-src';
    }
    getDirectiveType() {
        return DirectiveType.Fetch;
    }
}

class DefaultSource extends AbstractMultiValueDirective {
    getDirectiveName() {
        return 'default-src';
    }
    getDirectiveType() {
        return DirectiveType.Fetch;
    }
}

class FontSource extends AbstractMultiValueDirective {
    getDirectiveName() {
        return 'font-src';
    }
    getDirectiveType() {
        return DirectiveType.Fetch;
    }
}

class FrameSource extends AbstractMultiValueDirective {
    getDirectiveName() {
        return 'frame-src';
    }
    getDirectiveType() {
        return DirectiveType.Fetch;
    }
}

class ImageSource extends AbstractMultiValueDirective {
    getDirectiveName() {
        return 'img-src';
    }
    getDirectiveType() {
        return DirectiveType.Fetch;
    }
}

class ManifestSource extends AbstractMultiValueDirective {
    getDirectiveName() {
        return 'manifest-src';
    }
    getDirectiveType() {
        return DirectiveType.Fetch;
    }
    getMinimumCspVersion() {
        return 3;
    }
}

class MediaSource extends AbstractMultiValueDirective {
    getDirectiveName() {
        return 'media-src';
    }
    getDirectiveType() {
        return DirectiveType.Fetch;
    }
}

class ObjectSource extends AbstractMultiValueDirective {
    getDirectiveName() {
        return 'object-src';
    }
    getDirectiveType() {
        return DirectiveType.Fetch;
    }
}

class PrefetchSource extends AbstractMultiValueDirective {
    getDirectiveName() {
        return 'prefetch-src';
    }
    getDirectiveType() {
        return DirectiveType.Fetch;
    }
    getMinimumCspVersion() {
        return 3;
    }
}

class ScriptSource extends AbstractMultiValueDirective {
    getDirectiveName() {
        return 'script-src';
    }
    getDirectiveType() {
        return DirectiveType.Fetch;
    }
}

class StyleSource extends AbstractMultiValueDirective {
    getDirectiveName() {
        return 'style-src';
    }
    getDirectiveType() {
        return DirectiveType.Fetch;
    }
}

class WorkerSource extends AbstractMultiValueDirective {
    getDirectiveName() {
        return 'worker-src';
    }
    getDirectiveType() {
        return DirectiveType.Fetch;
    }
    getMinimumCspVersion() {
        return 3;
    }
}

class BaseUri extends AbstractMultiValueDirective {
    getDirectiveName() {
        return 'base-uri';
    }
    getDirectiveType() {
        return DirectiveType.Document;
    }
}

class PluginTypes extends AbstractMultiValueDirective {
    getDirectiveName() {
        return 'plugin-types';
    }
    getDirectiveType() {
        return DirectiveType.Document;
    }
    getMinimumCspVersion() {
        return 2;
    }
}

class Sandbox extends AbstractMultiValueDirective {
    getDirectiveName() {
        return 'sandbox';
    }
    getDirectiveType() {
        return DirectiveType.Document;
    }
}

class FormAction extends AbstractMultiValueDirective {
    getDirectiveName() {
        return 'form-action';
    }
    getDirectiveType() {
        return DirectiveType.Navigation;
    }
    getMinimumCspVersion() {
        return 2;
    }
}

class FrameAncestors extends AbstractMultiValueDirective {
    getDirectiveName() {
        return 'frame-ancestors';
    }
    getDirectiveType() {
        return DirectiveType.Navigation;
    }
    getMinimumCspVersion() {
        return 2;
    }
}

class AbstractSingleValueDirective {
    constructor() {
        this.state = null;
    }
    setValue(value) {
        this.state = value;
        return this;
    }
    getMinimumCspVersion() {
        return 1;
    }
    serialize() {
        if (!this.state) {
            return '';
        }
        return `${this.getDirectiveName()} ${this.state};`;
    }
}

class ReportTo extends AbstractSingleValueDirective {
    getDirectiveName() {
        return 'report-to';
    }
    getDirectiveType() {
        return DirectiveType.Reporting;
    }
}

class ReportUri extends AbstractSingleValueDirective {
    getDirectiveName() {
        return 'report-uri';
    }
    getDirectiveType() {
        return DirectiveType.Reporting;
    }
}

class AbstractToggleDirective {
    constructor() {
        this.state = false;
    }
    toggle(value) {
        this.state = value;
        return this;
    }
    getMinimumCspVersion() {
        return 1;
    }
    serialize() {
        if (!this.state) {
            return '';
        }
        return `${this.getDirectiveName()};`;
    }
}

class BlockAllMixedContent extends AbstractToggleDirective {
    getDirectiveName() {
        return 'block-all-mixed-content';
    }
    getDirectiveType() {
        return DirectiveType.Other;
    }
}

class RequireSriFor extends AbstractSingleValueDirective {
    getDirectiveName() {
        return 'require-sri-for';
    }
    getDirectiveType() {
        return DirectiveType.Other;
    }
}

class UpgradeInsecureRequests extends AbstractToggleDirective {
    getDirectiveName() {
        return 'upgrade-insecure-requests';
    }
    getDirectiveType() {
        return DirectiveType.Other;
    }
}

class Builder {
    constructor(level = 3) {
        this.directives = new Map();
        this.level = level;
    }
    addDirective(directive) {
        const directiveName = directive.getDirectiveName();
        if (directive.getMinimumCspVersion() > this.level) {
            throw new Error(`Directive ${directiveName} is not supported by CSP level of ${this.level}`);
        }
        this.directives.set(directiveName, directive);
        return this;
    }
    stringify() {
        return Array.from(this.directives.values())
            .map((directive) => directive.serialize())
            .join(' ')
            .trim();
    }
}

export { AbstractMultiValueDirective, AbstractSingleValueDirective, AbstractToggleDirective, BaseUri, BlockAllMixedContent, Builder, ConnectSource, DefaultSource, DirectiveType, FontSource, FormAction, FrameAncestors, FrameSource, ImageSource, ManifestSource, MediaSource, ObjectSource, PluginTypes, PredefinedSource, PrefetchSource, ReportTo, ReportUri, RequireSriFor, Sandbox, SchemaSource, ScriptSource, StyleSource, UpgradeInsecureRequests, WorkerSource };
//# sourceMappingURL=index.js.map