express-msteams-host
Version:
Express utility for Microsoft Teams solutions
48 lines • 2.06 kB
JavaScript
;
// Copyright (c) Wictor Wilén. All rights reserved.
// Licensed under the MIT license.
Object.defineProperty(exports, "__esModule", { value: true });
exports.MsTeamsPageRouter = void 0;
var express_1 = require("express");
var path = require("path");
var debug = require("debug");
/**
* Express router for pages to be hosted in Microsoft Teams.
* @param options Page Router options
*/
var MsTeamsPageRouter = function (options) {
var router = (0, express_1.Router)();
var log = debug.default("msteams");
// This is used to prevent your tabs from being embedded in other systems than Microsoft Teams
router.use(function (req, res, next) {
res.setHeader("Content-Security-Policy", "frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.sharepoint.com outlook.office.com *.teams.microsoft.us local.teams.office.com *.office.com " + req.headers.host);
res.setHeader("X-Frame-Options", "ALLOW-FROM https://teams.microsoft.com/."); // IE11
next();
});
// Automatically read the pages to protect from the PreventIframe decorators
for (var app in options.components) {
if (Object.prototype.hasOwnProperty.call(options.components, app)) {
var component = options.components[app];
if (component.__addCsp) {
var arr = component.__addCsp;
if (arr.length) {
arr.forEach(function (page) {
log("Adding CSP policy for " + page);
router.get(page, function (req, res) {
res.sendFile(path.join(options.root, req.path));
});
});
}
}
}
}
// Fallback
router.use(function (req, res, next) {
res.removeHeader("Content-Security-Policy");
res.removeHeader("X-Frame-Options"); // IE11
return next();
});
return router;
};
exports.MsTeamsPageRouter = MsTeamsPageRouter;
//# sourceMappingURL=MsTeamsPageRouter.js.map