koa-csp
Version:
Used to set respose header: Content-Security-Policy
42 lines (41 loc) • 1.45 kB
JavaScript
import validatePolicy from './validate-policy.js';
import formatPolicy from './format-policy.js';
// default config
const defaultParams = {
// 是否显示警告信息
enableWarn: true,
policy: {
'default-src': ['self'],
},
};
/**
* @desc Set Content-Security-Policy
* @param {Object} param
* @param {boolean} param.enableWarn enable warn log
* @param {Object} param.policy csp policy
* @param {string[]} param.policy.defaultSrc
* @param {string[]} param.policy.childSrc
* @param {string[]} param.policy.connectSrc
* @param {string[]} param.policy.fontSrc
* @param {string[]} param.policy.frameSrc
* @param {string[]} param.policy.imgSrc
* @param {string[]} param.policy.frameAncestors
* @param {string[]} param.policy.manifestSrc
* @param {string[]} param.policy.mediaSrc
* @param {string[]} param.policy.objectSrc
* @param {string[]} param.policy.prefetchSrc
* @param {string[]} param.policy.styleSrc
* @param {string[]} param.policy.webrtcSrc
* @param {string[]} param.policy.workerSrc
*/
export default function ({ enableWarn = defaultParams.enableWarn, policy = defaultParams.policy } = defaultParams) {
return (ctx, next) => {
if (enableWarn)
validatePolicy(policy);
const policyStr = formatPolicy(policy)
.map((directive) => directive.join(' '))
.join(';');
ctx.set('Content-Security-Policy', policyStr);
return next();
};
}