UNPKG

csp-typed-directives

Version:

Provides type information for all CSP directives and related headers' directives; as well as a basic utility funtion that helps convert the typed properties to the header content's policy string.

3 lines (2 loc) 6.13 kB
var b=Object.defineProperty;var H=e=>b(e,"__esModule",{value:!0});var N=typeof require!="undefined"?require:e=>{throw new Error('Dynamic require of "'+e+'" is not supported')};var x=(e,r)=>{H(e);for(var o in r)b(e,o,{get:r[o],enumerable:!0})};x(exports,{CspDirectives:()=>T,DirectiveMap:()=>$,ValidCrypto:()=>w,ValidHashes:()=>O,directiveNamesList:()=>D,referrerHeaderOptionsList:()=>M});var P=typeof document=="undefined"?new(require("url")).URL("file:"+__filename).href:document.currentScript&&document.currentScript.src||new URL("main.js",document.baseURI).href;var v=["http:","https:","data:","mediastream:","blob:","filesystem:"],l=["sha256","sha384","sha512"],p=["nonce",...l],C=["/","?","#","\\"],a=["self","unsafe-eval","unsafe-hashes","unsafe-inline","none","*"],B=[...a,...v],i=["no-referrer","no-referrer-when-downgrade","origin","origin-when-cross-origin","same-origin","strict-origin","strict-origin-when-cross-origin","unsafe-url","none"],y=["allow-downloads-without-user-activation","allow-forms","allow-modals","allow-orientation-lock","allow-pointer-lock","allow-popups","allow-popups-to-escape-sandbox","allow-presentation","allow-same-origin","allow-scripts","allow-storage-access-by-user-activation","allow-top-navigation","allow-top-navigation-by-user-activation"],S=["strict-dynamic","report-sample"],m=["script"],h=["none","allow-duplicates","*"],f=["script","style","script style"],R={hostSource:[{displayName:"Hostname/URL Source",consumes:{Port:"number",Hostname:"string",Protocol:"string://"},compose:e=>((e==null?void 0:e.Protocol)||"")+((e==null?void 0:e.Hostname)||"")+((e==null?void 0:e.Port)?":"+(e==null?void 0:e.Port):"")}],schemeSource:v,cryptoSource:[{displayName:"Crypto Nonce/Hash Source",consumes:{Hash:"string",Algorithm:p},compose:e=>`${e.Algorithm}-${e.Hash}`}],baseSources:a,primitiveSourceBool:[!0,!1],primitiveSourceString:[{displayName:"Any String",consumes:{String:"string"},compose:e=>e.String}],trustedTypesPolicy:h,requireTrustedTypePolicy:m,sriPolicy:f,referrerHeaderOptions:i,uriPath:[{displayName:"URI Source",consumes:{"Beginning Delineator":C,"Remaining Path":"string"},compose:e=>`${e["Beginning Delineator"]}${e["Remaining Path"]}`}],actionSource:S,pluginSource:[{displayName:"Plugin MIME Type Source",consumes:{"MIME Category":"string","MIME Implementation":"string"},compose:e=>`${e["MIME Category"]}/${e["MIME Implementation"]}`},"none"],frameSource:["self","none"],sandboxDirectives:y},d={"child-src":["hostSource","schemeSource","cryptoSource","baseSources"],"default-src":["hostSource","schemeSource","cryptoSource","baseSources","actionSource"],"frame-src":["hostSource","schemeSource","cryptoSource","baseSources"],"worker-src":["hostSource","schemeSource","cryptoSource","baseSources"],"connect-src":["hostSource","schemeSource","cryptoSource","baseSources"],"font-src":["hostSource","schemeSource","cryptoSource","baseSources"],"img-src":["hostSource","schemeSource","cryptoSource","baseSources"],"manifest-src":["hostSource","schemeSource","cryptoSource","baseSources"],"media-src":["hostSource","schemeSource","cryptoSource","baseSources"],"object-src":["hostSource","schemeSource","cryptoSource","baseSources"],"prefetch-src":["hostSource","schemeSource","cryptoSource","baseSources"],"script-src":["hostSource","schemeSource","cryptoSource","baseSources","actionSource"],"script-src-elem":["hostSource","schemeSource","cryptoSource","baseSources"],"script-src-attr":["hostSource","schemeSource","cryptoSource","baseSources"],"style-src":["hostSource","schemeSource","cryptoSource","baseSources"],"style-src-elem":["hostSource","schemeSource","cryptoSource","baseSources"],"style-src-attr":["hostSource","schemeSource","cryptoSource","baseSources"],"base-uri":["hostSource","schemeSource","cryptoSource","baseSources","actionSource"],"plugin-types":["pluginSource"],sandbox:["sandboxDirectives"],"form-action":["hostSource","schemeSource","cryptoSource","baseSources","actionSource"],"frame-ancestors":["hostSource","schemeSource","frameSource"],"navigate-to":["hostSource","schemeSource","cryptoSource","baseSources","actionSource"],"report-uri":["uriPath"],"report-to":["primitiveSourceString"],"block-all-mixed-content":["primitiveSourceBool"],referrer:["referrerHeaderOptions"],"require-sri-for":["sriPolicy"],"require-trusted-types-for":["requireTrustedTypePolicy"],"trusted-types":["trustedTypesPolicy","primitiveSourceString"],"upgrade-insecure-requests":["primitiveSourceBool"]};function g(e){return Array.isArray(e)?e:[e]}var O=l,w=p,D=Object.keys(d),$=new Map(Object.entries(d).map(e=>{let[r,o]=e;return[r,{get values(){return this.categories.map(t=>R[t]).flat(1)},categories:o}]})),M=i,A=new Set([...S,...a,...h,...m,...f,...i,...S,...y]);function V(e){return e==="*"?!1:!!(A.has(e)||p.some(r=>e.startsWith(`${r}-`)))}var T=class{constructor(r,o,t,c){this.CSP=r||{},this.ReportOnly=t||!1,this.ReportTo=o||[],this.ReferrerHeader=c||"strict-origin-when-cross-origin";function n(u){return i.some(s=>s===u)}!c&&(r==null?void 0:r.referrer)&&n(r.referrer)&&(this.ReferrerHeader=r.referrer)}checkReportTo(){var o;let r=(o=this.CSP)==null?void 0:o["report-to"];if(r!==void 0&&!g(this.ReportTo).some(c=>c.group===r))throw Error('Undefined ReportTo group specified in policy "report-to"')}getHeaders(){this.checkReportTo();let r={"Content-Security-Policy-Report-Only":"","Content-Security-Policy":"","Report-To":g(this.ReportTo).length?JSON.stringify(this.ReportTo):"","Referrer-Policy":this.ReferrerHeader};return D.forEach(o=>{let t="",c=n=>{let u="";typeof n[o]!="boolean"&&(u=g(n[o]).map(s=>{if(typeof s=="string")return V(s)?` '${s}'`:` ${s}`}).join("")),t=` ${o}${u};`};this.CSP[o]&&(c(this.CSP),r["Content-Security-Policy"]+=t),this.ReportOnly&&this.ReportOnly[o]&&(r["Content-Security-Policy-Report-Only"]+=t||(c(this.ReportOnly),t))}),r["Content-Security-Policy-Report-Only"]=r["Content-Security-Policy-Report-Only"].trim(),r["Content-Security-Policy"]=r["Content-Security-Policy"].trim(),r}};0&&(module.exports={CspDirectives,DirectiveMap,ValidCrypto,ValidHashes,directiveNamesList,referrerHeaderOptionsList}); //# sourceMappingURL=index.cjs.map