csprefabricate
Version:
Generate valid and secure Content Security Policies (CSP) with TypeScript.
53 lines (52 loc) • 1.93 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.create = exports.processRules = void 0;
const helpers_1 = require("./helpers");
const processRules = (rules) => {
// Flatten and deduplicate rules
const seen = new Set();
for (const rule of rules) {
if (typeof rule === "object") {
for (const [domain, tlds] of Object.entries(rule)) {
for (const tld of tlds) {
seen.add(`${domain}${tld}`);
}
}
}
else {
seen.add((0, helpers_1.formatRule)(rule));
}
}
return Array.from(seen).join(" ");
};
exports.processRules = processRules;
/**
* Creates a CSP string from a ContentSecurityPolicy object.
* Filters out invalid directives and formats the CSP string.
* @param obj - The ContentSecurityPolicy object.
* @returns The formatted CSP string.
*/
const create = (obj, warningOptions) => {
(0, helpers_1.warnOnCspIssues)(obj, warningOptions);
const entries = Object.entries(obj);
const cspString = entries
.filter(([directive, _rules]) => {
const isValid = (0, helpers_1.isValidDirective)(directive);
if (!isValid) {
console.warn(`[CSPrefabricate] "${directive}" is not a valid CSP directive and has been ignored.`);
}
return isValid;
})
.map(([directive, rules]) => {
if (Array.isArray(rules)) {
// Filter out non-string/object values at runtime
const filtered = rules.filter((r) => typeof r === "string" ||
(typeof r === "object" && r !== null));
const processed = (0, exports.processRules)(filtered);
return processed ? `${directive} ${processed}` : `${directive}`;
}
return `${directive}`;
});
return cspString.length > 0 ? `${cspString.join("; ")};` : "";
};
exports.create = create;