UNPKG

next-secure-headers

Version:

Sets secure response headers for Next.js.

github.com/jagaapple/next-secure-headers

jagaapple/next-secure-headers

208 lines (207 loc) 11.7 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
export type { ContentSecurityPolicyOption } from "./content-security-policy"; export type { ExpectCTOption } from "./expect-ct"; export type { ForceHTTPSRedirectOption } from "./force-https-redirect"; export type { FrameGuardOption } from "./frame-guard"; export type { NoopenOption } from "./noopen"; export type { NosniffOption } from "./nosniff"; export type { ReferrerPolicyOption } from "./referrer-policy"; export type { XSSProtectionOption } from "./xss-protection"; export declare const rules: { createContentSecurityPolicyHeader: (option?: false | { directives: Partial<{ childSrc: string | string[]; "child-src": string | string[]; connectSrc: string | string[]; "connect-src": string | string[]; defaultSrc: string | string[]; "default-src": string | string[]; fontSrc: string | string[]; "font-src": string | string[]; frameSrc: string | string[]; "frame-src": string | string[]; imgSrc: string | string[]; "img-src": string | string[]; manifestSrc: string | string[]; "manifest-src": string | string[]; mediaSrc: string | string[]; "media-src": string | string[]; prefetchSrc: string | string[]; "prefetch-src": string | string[]; objectSrc: string | string[]; "object-src": string | string[]; scriptSrc: string | string[]; "script-src": string | string[]; scriptSrcElem: string | string[]; "script-src-elem": string | string[]; scriptSrcAttr: string | string[]; "script-src-attr": string | string[]; styleSrc: string | string[]; "style-src": string | string[]; styleSrcElem: string | string[]; "style-src-elem": string | string[]; styleSrcAttr: string | string[]; "style-src-attr": string | string[]; workerSrc: string | string[]; "worker-src": string | string[]; }> & Partial<{ baseURI: string | string[]; "base-uri": string | string[]; pluginTypes: string | string[]; "plugin-types": string | string[]; sandbox: true | "allow-downloads-without-user-activation" | "allow-forms" | "allow-modals" | "allow-orientation-lock" | "allow-pointer-lock" | "allow-popups" | "allow-popups-to-escape-sandbox" | "allow-presentation" | "allow-same-origin" | "allow-scripts" | "allow-storage-access-by-user-activation" | "allow-top-navigation" | "allow-top-navigation-by-user-activation"; }> & Partial<{ formAction: string | string[]; "form-action": string | string[]; frameAncestors: string | string[]; "frame-ancestors": string | string[]; navigateTo: string | string[]; "navigate-to": string | string[]; }> & Partial<{ reportURI: string | URL | (string | URL)[]; "report-uri": string | URL | (string | URL)[]; reportTo: string; "report-to": string; }>; reportOnly?: boolean | undefined; } | undefined, properHeaderNameGetter?: (reportOnly?: boolean) => "Content-Security-Policy" | "Content-Security-Policy-Report-Only", headerValueCreator?: (option?: false | { directives: Partial<{ childSrc: string | string[]; "child-src": string | string[]; connectSrc: string | string[]; "connect-src": string | string[]; defaultSrc: string | string[]; "default-src": string | string[]; fontSrc: string | string[]; "font-src": string | string[]; frameSrc: string | string[]; "frame-src": string | string[]; imgSrc: string | string[]; "img-src": string | string[]; manifestSrc: string | string[]; "manifest-src": string | string[]; mediaSrc: string | string[]; "media-src": string | string[]; prefetchSrc: string | string[]; "prefetch-src": string | string[]; objectSrc: string | string[]; "object-src": string | string[]; scriptSrc: string | string[]; "script-src": string | string[]; scriptSrcElem: string | string[]; "script-src-elem": string | string[]; scriptSrcAttr: string | string[]; "script-src-attr": string | string[]; styleSrc: string | string[]; "style-src": string | string[]; styleSrcElem: string | string[]; "style-src-elem": string | string[]; styleSrcAttr: string | string[]; "style-src-attr": string | string[]; workerSrc: string | string[]; "worker-src": string | string[]; }> & Partial<{ baseURI: string | string[]; "base-uri": string | string[]; pluginTypes: string | string[]; "plugin-types": string | string[]; sandbox: true | "allow-downloads-without-user-activation" | "allow-forms" | "allow-modals" | "allow-orientation-lock" | "allow-pointer-lock" | "allow-popups" | "allow-popups-to-escape-sandbox" | "allow-presentation" | "allow-same-origin" | "allow-scripts" | "allow-storage-access-by-user-activation" | "allow-top-navigation" | "allow-top-navigation-by-user-activation"; }> & Partial<{ formAction: string | string[]; "form-action": string | string[]; frameAncestors: string | string[]; "frame-ancestors": string | string[]; navigateTo: string | string[]; "navigate-to": string | string[]; }> & Partial<{ reportURI: string | URL | (string | URL)[]; "report-uri": string | URL | (string | URL)[]; reportTo: string; "report-to": string; }>; reportOnly?: boolean | undefined; } | undefined, fetchDirectiveToStringConverter?: (directive?: Partial<{ childSrc: string | string[]; "child-src": string | string[]; connectSrc: string | string[]; "connect-src": string | string[]; defaultSrc: string | string[]; "default-src": string | string[]; fontSrc: string | string[]; "font-src": string | string[]; frameSrc: string | string[]; "frame-src": string | string[]; imgSrc: string | string[]; "img-src": string | string[]; manifestSrc: string | string[]; "manifest-src": string | string[]; mediaSrc: string | string[]; "media-src": string | string[]; prefetchSrc: string | string[]; "prefetch-src": string | string[]; objectSrc: string | string[]; "object-src": string | string[]; scriptSrc: string | string[]; "script-src": string | string[]; scriptSrcElem: string | string[]; "script-src-elem": string | string[]; scriptSrcAttr: string | string[]; "script-src-attr": string | string[]; styleSrc: string | string[]; "style-src": string | string[]; styleSrcElem: string | string[]; "style-src-elem": string | string[]; styleSrcAttr: string | string[]; "style-src-attr": string | string[]; workerSrc: string | string[]; "worker-src": string | string[]; }> | undefined) => string, documentDirectiveToStringConverter?: (directive?: Partial<{ baseURI: string | string[]; "base-uri": string | string[]; pluginTypes: string | string[]; "plugin-types": string | string[]; sandbox: true | "allow-downloads-without-user-activation" | "allow-forms" | "allow-modals" | "allow-orientation-lock" | "allow-pointer-lock" | "allow-popups" | "allow-popups-to-escape-sandbox" | "allow-presentation" | "allow-same-origin" | "allow-scripts" | "allow-storage-access-by-user-activation" | "allow-top-navigation" | "allow-top-navigation-by-user-activation"; }> | undefined) => string, navigationDirectiveToStringConverter?: (directive?: Partial<{ formAction: string | string[]; "form-action": string | string[]; frameAncestors: string | string[]; "frame-ancestors": string | string[]; navigateTo: string | string[]; "navigate-to": string | string[]; }> | undefined) => string, reportingDirectiveToStringConverter?: (directive?: Partial<{ reportURI: string | URL | (string | URL)[]; "report-uri": string | URL | (string | URL)[]; reportTo: string; "report-to": string; }> | undefined) => string) => string | undefined) => import("../shared").ResponseHeader | undefined; createExpectCTHeader: (option?: boolean | [true, Partial<{ maxAge: number; enforce: boolean; reportURI: string | URL; }>] | undefined, headerValueCreator?: (option?: boolean | [true, Partial<{ maxAge: number; enforce: boolean; reportURI: string | URL; }>] | undefined, strictURIEncoder?: (uri: string | URL) => string) => string | undefined) => import("../shared").ResponseHeader | undefined; createForceHTTPSRedirectHeader: (option?: boolean | [true, Partial<{ maxAge: number; includeSubDomains: boolean; preload: boolean; }>] | undefined, headerValueCreator?: (option?: boolean | [true, Partial<{ maxAge: number; includeSubDomains: boolean; preload: boolean; }>] | undefined) => string | undefined) => import("../shared").ResponseHeader; createFrameGuardHeader: (option?: false | ["allow-from", { uri: string | URL; }] | "deny" | "sameorigin" | undefined, headerValueCreator?: (option?: false | ["allow-from", { uri: string | URL; }] | "deny" | "sameorigin" | undefined, strictURIEncoder?: (uri: string | URL) => string) => string | undefined) => import("../shared").ResponseHeader; createNoopenHeader: (option?: false | "noopen" | undefined, headerValueCreator?: (option?: false | "noopen" | undefined) => string | undefined) => import("../shared").ResponseHeader; createNosniffHeader: (option?: false | "nosniff" | undefined, headerValueCreator?: (option?: false | "nosniff" | undefined) => string | undefined) => import("../shared").ResponseHeader; createReferrerPolicyHeader: (option?: false | "no-referrer" | "no-referrer-when-downgrade" | "origin" | "origin-when-cross-origin" | "same-origin" | "strict-origin" | "strict-origin-when-cross-origin" | ("no-referrer" | "no-referrer-when-downgrade" | "origin" | "origin-when-cross-origin" | "same-origin" | "strict-origin" | "strict-origin-when-cross-origin")[] | undefined, headerValueCreator?: (option?: false | "no-referrer" | "no-referrer-when-downgrade" | "origin" | "origin-when-cross-origin" | "same-origin" | "strict-origin" | "strict-origin-when-cross-origin" | ("no-referrer" | "no-referrer-when-downgrade" | "origin" | "origin-when-cross-origin" | "same-origin" | "strict-origin" | "strict-origin-when-cross-origin")[] | undefined) => string | undefined) => import("../shared").ResponseHeader | undefined; createXSSProtectionHeader: (option?: false | ["report", { uri: string | URL; }] | "sanitize" | "block-rendering" | undefined, headerValueCreator?: (option?: false | ["report", { uri: string | URL; }] | "sanitize" | "block-rendering" | undefined, strictURIEncoder?: (uri: string | URL) => string) => string | undefined) => import("../shared").ResponseHeader; };