UNPKG

next-secure-headers

Version:

Sets secure response headers for Next.js.

github.com/jagaapple/next-secure-headers

jagaapple/next-secure-headers

84 lines (83 loc) 5.1 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
import type { ResponseHeader } from "../shared"; declare type DirectiveSource = string | string[]; declare type PluginTypes = string | string[]; declare type Sandbox = true | "allow-downloads-without-user-activation" | "allow-forms" | "allow-modals" | "allow-orientation-lock" | "allow-pointer-lock" | "allow-popups" | "allow-popups-to-escape-sandbox" | "allow-presentation" | "allow-same-origin" | "allow-scripts" | "allow-storage-access-by-user-activation" | "allow-top-navigation" | "allow-top-navigation-by-user-activation"; declare type FetchDirective = { childSrc: DirectiveSource; "child-src": DirectiveSource; connectSrc: DirectiveSource; "connect-src": DirectiveSource; defaultSrc: DirectiveSource; "default-src": DirectiveSource; fontSrc: DirectiveSource; "font-src": DirectiveSource; frameSrc: DirectiveSource; "frame-src": DirectiveSource; imgSrc: DirectiveSource; "img-src": DirectiveSource; manifestSrc: DirectiveSource; "manifest-src": DirectiveSource; mediaSrc: DirectiveSource; "media-src": DirectiveSource; prefetchSrc: DirectiveSource; "prefetch-src": DirectiveSource; objectSrc: DirectiveSource; "object-src": DirectiveSource; scriptSrc: DirectiveSource; "script-src": DirectiveSource; scriptSrcElem: DirectiveSource; "script-src-elem": DirectiveSource; scriptSrcAttr: DirectiveSource; "script-src-attr": DirectiveSource; styleSrc: DirectiveSource; "style-src": DirectiveSource; styleSrcElem: DirectiveSource; "style-src-elem": DirectiveSource; styleSrcAttr: DirectiveSource; "style-src-attr": DirectiveSource; workerSrc: DirectiveSource; "worker-src": DirectiveSource; }; declare type DocumentDirective = { baseURI: DirectiveSource; "base-uri": DirectiveSource; pluginTypes: PluginTypes; "plugin-types": PluginTypes; sandbox: Sandbox; }; declare type NavigationDirective = { formAction: DirectiveSource; "form-action": DirectiveSource; frameAncestors: DirectiveSource; "frame-ancestors": DirectiveSource; navigateTo: DirectiveSource; "navigate-to": DirectiveSource; }; declare type ReportingDirective = { reportURI: string | URL | (string | URL)[]; "report-uri": string | URL | (string | URL)[]; reportTo: string; "report-to": string; }; export declare type ContentSecurityPolicyOption = false | { directives: Partial<FetchDirective> & Partial<DocumentDirective> & Partial<NavigationDirective> & Partial<ReportingDirective>; reportOnly?: boolean; }; export declare const getProperHeaderName: (reportOnly?: boolean) => "Content-Security-Policy" | "Content-Security-Policy-Report-Only"; export declare const createDirectiveValue: <T>(directiveName: string, value: T | T[], arrayWrapper?: <T_1>(value: T_1 | T_1[]) => T_1[]) => string; export declare const convertFetchDirectiveToString: (directive?: Partial<FetchDirective> | undefined) => string; export declare const convertDocumentDirectiveToString: (directive?: Partial<DocumentDirective> | undefined) => string; export declare const convertNavigationDirectiveToString: (directive?: Partial<NavigationDirective> | undefined) => string; export declare const convertReportingDirectiveToString: (directive?: Partial<ReportingDirective> | undefined) => string; export declare const createContentSecurityPolicyOptionHeaderValue: (option?: false | { directives: Partial<FetchDirective> & Partial<DocumentDirective> & Partial<NavigationDirective> & Partial<ReportingDirective>; reportOnly?: boolean | undefined; } | undefined, fetchDirectiveToStringConverter?: (directive?: Partial<FetchDirective> | undefined) => string, documentDirectiveToStringConverter?: (directive?: Partial<DocumentDirective> | undefined) => string, navigationDirectiveToStringConverter?: (directive?: Partial<NavigationDirective> | undefined) => string, reportingDirectiveToStringConverter?: (directive?: Partial<ReportingDirective> | undefined) => string) => string | undefined; export declare const createContentSecurityPolicyHeader: (option?: false | { directives: Partial<FetchDirective> & Partial<DocumentDirective> & Partial<NavigationDirective> & Partial<ReportingDirective>; reportOnly?: boolean | undefined; } | undefined, properHeaderNameGetter?: (reportOnly?: boolean) => "Content-Security-Policy" | "Content-Security-Policy-Report-Only", headerValueCreator?: (option?: false | { directives: Partial<FetchDirective> & Partial<DocumentDirective> & Partial<NavigationDirective> & Partial<ReportingDirective>; reportOnly?: boolean | undefined; } | undefined, fetchDirectiveToStringConverter?: (directive?: Partial<FetchDirective> | undefined) => string, documentDirectiveToStringConverter?: (directive?: Partial<DocumentDirective> | undefined) => string, navigationDirectiveToStringConverter?: (directive?: Partial<NavigationDirective> | undefined) => string, reportingDirectiveToStringConverter?: (directive?: Partial<ReportingDirective> | undefined) => string) => string | undefined) => ResponseHeader | undefined; export {};