UNPKG

koa-csp

Version:

Used to set respose header: Content-Security-Policy

48 lines (47 loc) 1.78 kB
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.default = default_1; const validate_policy_js_1 = __importDefault(require("./validate-policy.js")); const format_policy_js_1 = __importDefault(require("./format-policy.js")); // default config const defaultParams = { // 是否显示警告信息 enableWarn: true, policy: { 'default-src': ['self'], }, }; /** * @desc Set Content-Security-Policy * @param {Object} param * @param {boolean} param.enableWarn enable warn log * @param {Object} param.policy csp policy * @param {string[]} param.policy.defaultSrc * @param {string[]} param.policy.childSrc * @param {string[]} param.policy.connectSrc * @param {string[]} param.policy.fontSrc * @param {string[]} param.policy.frameSrc * @param {string[]} param.policy.imgSrc * @param {string[]} param.policy.frameAncestors * @param {string[]} param.policy.manifestSrc * @param {string[]} param.policy.mediaSrc * @param {string[]} param.policy.objectSrc * @param {string[]} param.policy.prefetchSrc * @param {string[]} param.policy.styleSrc * @param {string[]} param.policy.webrtcSrc * @param {string[]} param.policy.workerSrc */ function default_1({ enableWarn = defaultParams.enableWarn, policy = defaultParams.policy } = defaultParams) { return (ctx, next) => { if (enableWarn) (0, validate_policy_js_1.default)(policy); const policyStr = (0, format_policy_js_1.default)(policy) .map((directive) => directive.join(' ')) .join(';'); ctx.set('Content-Security-Policy', policyStr); return next(); }; }