koa-csp
Version:
Used to set respose header: Content-Security-Policy
48 lines (47 loc) • 1.78 kB
JavaScript
;
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.default = default_1;
const validate_policy_js_1 = __importDefault(require("./validate-policy.js"));
const format_policy_js_1 = __importDefault(require("./format-policy.js"));
// default config
const defaultParams = {
// 是否显示警告信息
enableWarn: true,
policy: {
'default-src': ['self'],
},
};
/**
* @desc Set Content-Security-Policy
* @param {Object} param
* @param {boolean} param.enableWarn enable warn log
* @param {Object} param.policy csp policy
* @param {string[]} param.policy.defaultSrc
* @param {string[]} param.policy.childSrc
* @param {string[]} param.policy.connectSrc
* @param {string[]} param.policy.fontSrc
* @param {string[]} param.policy.frameSrc
* @param {string[]} param.policy.imgSrc
* @param {string[]} param.policy.frameAncestors
* @param {string[]} param.policy.manifestSrc
* @param {string[]} param.policy.mediaSrc
* @param {string[]} param.policy.objectSrc
* @param {string[]} param.policy.prefetchSrc
* @param {string[]} param.policy.styleSrc
* @param {string[]} param.policy.webrtcSrc
* @param {string[]} param.policy.workerSrc
*/
function default_1({ enableWarn = defaultParams.enableWarn, policy = defaultParams.policy } = defaultParams) {
return (ctx, next) => {
if (enableWarn)
(0, validate_policy_js_1.default)(policy);
const policyStr = (0, format_policy_js_1.default)(policy)
.map((directive) => directive.join(' '))
.join(';');
ctx.set('Content-Security-Policy', policyStr);
return next();
};
}