csp-typed-directives
Version:
Provides type information for all CSP directives and related headers' directives; as well as a basic utility funtion that helps convert the typed properties to the header content's policy string.
3 lines (2 loc) • 5.58 kB
JavaScript
var P=["http:","https:","data:","mediastream:","blob:","filesystem:"],y=["sha256","sha384","sha512"],p=["nonce",...y],v=["/","?","#","\\"],a=["self","unsafe-eval","unsafe-hashes","unsafe-inline","none","*"],x=[...a,...P],i=["no-referrer","no-referrer-when-downgrade","origin","origin-when-cross-origin","same-origin","strict-origin","strict-origin-when-cross-origin","unsafe-url","none"],l=["allow-downloads-without-user-activation","allow-forms","allow-modals","allow-orientation-lock","allow-pointer-lock","allow-popups","allow-popups-to-escape-sandbox","allow-presentation","allow-same-origin","allow-scripts","allow-storage-access-by-user-activation","allow-top-navigation","allow-top-navigation-by-user-activation"],S=["strict-dynamic","report-sample"],m=["script"],h=["none","allow-duplicates","*"],f=["script","style","script style"],b={hostSource:[{displayName:"Hostname/URL Source",consumes:{Port:"number",Hostname:"string",Protocol:"string://"},compose:e=>((e==null?void 0:e.Protocol)||"")+((e==null?void 0:e.Hostname)||"")+((e==null?void 0:e.Port)?":"+(e==null?void 0:e.Port):"")}],schemeSource:P,cryptoSource:[{displayName:"Crypto Nonce/Hash Source",consumes:{Hash:"string",Algorithm:p},compose:e=>`${e.Algorithm}-${e.Hash}`}],baseSources:a,primitiveSourceBool:[!0,!1],primitiveSourceString:[{displayName:"Any String",consumes:{String:"string"},compose:e=>e.String}],trustedTypesPolicy:h,requireTrustedTypePolicy:m,sriPolicy:f,referrerHeaderOptions:i,uriPath:[{displayName:"URI Source",consumes:{"Beginning Delineator":v,"Remaining Path":"string"},compose:e=>`${e["Beginning Delineator"]}${e["Remaining Path"]}`}],actionSource:S,pluginSource:[{displayName:"Plugin MIME Type Source",consumes:{"MIME Category":"string","MIME Implementation":"string"},compose:e=>`${e["MIME Category"]}/${e["MIME Implementation"]}`},"none"],frameSource:["self","none"],sandboxDirectives:l},d={"child-src":["hostSource","schemeSource","cryptoSource","baseSources"],"default-src":["hostSource","schemeSource","cryptoSource","baseSources","actionSource"],"frame-src":["hostSource","schemeSource","cryptoSource","baseSources"],"worker-src":["hostSource","schemeSource","cryptoSource","baseSources"],"connect-src":["hostSource","schemeSource","cryptoSource","baseSources"],"font-src":["hostSource","schemeSource","cryptoSource","baseSources"],"img-src":["hostSource","schemeSource","cryptoSource","baseSources"],"manifest-src":["hostSource","schemeSource","cryptoSource","baseSources"],"media-src":["hostSource","schemeSource","cryptoSource","baseSources"],"object-src":["hostSource","schemeSource","cryptoSource","baseSources"],"prefetch-src":["hostSource","schemeSource","cryptoSource","baseSources"],"script-src":["hostSource","schemeSource","cryptoSource","baseSources","actionSource"],"script-src-elem":["hostSource","schemeSource","cryptoSource","baseSources"],"script-src-attr":["hostSource","schemeSource","cryptoSource","baseSources"],"style-src":["hostSource","schemeSource","cryptoSource","baseSources"],"style-src-elem":["hostSource","schemeSource","cryptoSource","baseSources"],"style-src-attr":["hostSource","schemeSource","cryptoSource","baseSources"],"base-uri":["hostSource","schemeSource","cryptoSource","baseSources","actionSource"],"plugin-types":["pluginSource"],sandbox:["sandboxDirectives"],"form-action":["hostSource","schemeSource","cryptoSource","baseSources","actionSource"],"frame-ancestors":["hostSource","schemeSource","frameSource"],"navigate-to":["hostSource","schemeSource","cryptoSource","baseSources","actionSource"],"report-uri":["uriPath"],"report-to":["primitiveSourceString"],"block-all-mixed-content":["primitiveSourceBool"],referrer:["referrerHeaderOptions"],"require-sri-for":["sriPolicy"],"require-trusted-types-for":["requireTrustedTypePolicy"],"trusted-types":["trustedTypesPolicy","primitiveSourceString"],"upgrade-insecure-requests":["primitiveSourceBool"]};function g(e){return Array.isArray(e)?e:[e]}var V=y,N=p,R=Object.keys(d),k=new Map(Object.entries(d).map(e=>{let[r,o]=e;return[r,{get values(){return this.categories.map(t=>b[t]).flat(1)},categories:o}]})),q=i,D=new Set([...S,...a,...h,...m,...f,...i,...S,...l]);function T(e){return e==="*"?!1:!!(D.has(e)||p.some(r=>e.startsWith(`${r}-`)))}var H=class{constructor(r,o,t,s){this.CSP=r||{},this.ReportOnly=t||!1,this.ReportTo=o||[],this.ReferrerHeader=s||"strict-origin-when-cross-origin";function n(u){return i.some(c=>c===u)}!s&&(r==null?void 0:r.referrer)&&n(r.referrer)&&(this.ReferrerHeader=r.referrer)}checkReportTo(){var o;let r=(o=this.CSP)==null?void 0:o["report-to"];if(r!==void 0&&!g(this.ReportTo).some(s=>s.group===r))throw Error('Undefined ReportTo group specified in policy "report-to"')}getHeaders(){this.checkReportTo();let r={"Content-Security-Policy-Report-Only":"","Content-Security-Policy":"","Report-To":g(this.ReportTo).length?JSON.stringify(this.ReportTo):"","Referrer-Policy":this.ReferrerHeader};return R.forEach(o=>{let t="",s=n=>{let u="";typeof n[o]!="boolean"&&(u=g(n[o]).map(c=>{if(typeof c=="string")return T(c)?` '${c}'`:` ${c}`}).join("")),t=` ${o}${u};`};this.CSP[o]&&(s(this.CSP),r["Content-Security-Policy"]+=t),this.ReportOnly&&this.ReportOnly[o]&&(r["Content-Security-Policy-Report-Only"]+=t||(s(this.ReportOnly),t))}),r["Content-Security-Policy-Report-Only"]=r["Content-Security-Policy-Report-Only"].trim(),r["Content-Security-Policy"]=r["Content-Security-Policy"].trim(),r}};export{H as CspDirectives,k as DirectiveMap,N as ValidCrypto,V as ValidHashes,R as directiveNamesList,q as referrerHeaderOptionsList};
//# sourceMappingURL=index.js.map