nuxt-security
Version:
๐ก๏ธ Security Module for Nuxt based on HTTP Headers and Middleware
211 lines (209 loc) โข 10.3 kB
text/typescript
type CrossOriginResourcePolicyValue = 'same-site' | 'same-origin' | 'cross-origin';
type CrossOriginOpenerPolicyValue = 'unsafe-none' | 'same-origin-allow-popups' | 'same-origin';
type CrossOriginEmbedderPolicyValue = 'unsafe-none' | 'require-corp' | 'credentialless';
type ReferrerPolicyValue = 'no-referrer' | 'no-referrer-when-downgrade' | 'origin' | 'origin-when-cross-origin' | 'same-origin' | 'strict-origin' | 'strict-origin-when-cross-origin' | 'unsafe-url';
type XContentTypeOptionsValue = 'nosniff';
type XDnsPrefetchControlValue = 'on' | 'off';
type XDownloadOptionsValue = 'noopen';
type XFrameOptionsValue = 'DENY' | 'SAMEORIGIN';
type XPermittedCrossDomainPoliciesValue = 'none' | 'master-only' | 'by-content-type' | 'by-ftp-filename' | 'all';
type CSPSourceValue = "'self'" | "'unsafe-eval'" | "'wasm-unsafe-eval'" | "'unsafe-hashes'" | "'unsafe-inline'" | "'none'" | "'strict-dynamic'" | "'report-sample'" | "'nonce=<base64-value>'" | string;
type CSPSandboxValue = 'allow-downloads' | 'allow-downloads-without-user-activation' | 'allow-forms' | 'allow-modals' | 'allow-orientation-lock' | 'allow-pointer-lock' | 'allow-popups' | 'allow-popups-to-escape-sandbox' | 'allow-presentation' | 'allow-same-origin' | 'allow-scripts' | 'allow-storage-access-by-user-activation' | 'allow-top-navigation' | 'allow-top-navigation-by-user-activation' | 'allow-top-navigation-to-custom-protocols';
type ContentSecurityPolicyValue = {
'child-src'?: CSPSourceValue[] | string | false;
'connect-src'?: CSPSourceValue[] | string | false;
'default-src'?: CSPSourceValue[] | string | false;
'font-src'?: CSPSourceValue[] | string | false;
'frame-src'?: CSPSourceValue[] | string | false;
'img-src'?: CSPSourceValue[] | string | false;
'manifest-src'?: CSPSourceValue[] | string | false;
'media-src'?: CSPSourceValue[] | string | false;
'object-src'?: CSPSourceValue[] | string | false;
'prefetch-src'?: CSPSourceValue[] | string | false;
'script-src'?: CSPSourceValue[] | string | false;
'script-src-elem'?: CSPSourceValue[] | string | false;
'script-src-attr'?: CSPSourceValue[] | string | false;
'style-src'?: CSPSourceValue[] | string | false;
'style-src-elem'?: CSPSourceValue[] | string | false;
'style-src-attr'?: CSPSourceValue[] | string | false;
'worker-src'?: CSPSourceValue[] | string | false;
'base-uri'?: CSPSourceValue[] | string | false;
'sandbox'?: CSPSandboxValue[] | string | false;
'form-action'?: CSPSourceValue[] | string | false;
'frame-ancestors'?: ("'self'" | "'none'" | string)[] | string | false;
'report-uri'?: string[] | string | false;
'report-to'?: string | false;
'require-trusted-types-for'?: string | false;
'trusted-types'?: string[] | string | false;
'upgrade-insecure-requests'?: boolean;
};
type StrictTransportSecurityValue = {
maxAge: number;
includeSubdomains?: boolean;
preload?: boolean;
};
type PermissionsPolicyValue = {
'camera'?: string[] | string | false;
'display-capture'?: string[] | string | false;
'fullscreen'?: string[] | string | false;
'geolocation'?: string[] | string | false;
'microphone'?: string[] | string | false;
'publickey-credentials-get'?: string[] | string | false;
'screen-wake-lock'?: string[] | string | false;
'web-share'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'accelerometer'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'ambient-light-sensor'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'autoplay'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'battery'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'bluetooth'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'browsing-topics'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'document-domain'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'encrypted-media'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'execution-while-not-rendered'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'execution-while-out-of-viewport'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'gamepad'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'gyroscope'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'hid'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'identity-credentials-get'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'idle-detection'?: string[] | string | false;
/**
* ๐งช Mozilla-undocumented. Expect browser behavior to change in the future.
*/
'layout-animations'?: string[] | string | false;
/**
* ๐งช Mozilla-undocumented. Expect browser behavior to change in the future.
*/
'legacy-image-formats'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'local-fonts'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'magnetometer'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'midi'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'otp-credentials'?: string[] | string | false;
/**
* ๐งช Mozilla-undocumented. Expect browser behavior to change in the future.
*/
'oversized-images'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'payment'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'picture-in-picture'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'publickey-credentials-create'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'serial'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'speaker-selection'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'storage-access'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'usb'?: string[] | string | false;
/**
* ๐งช Mozilla-undocumented. Expect browser behavior to change in the future.
*/
'sync-xhr'?: string[] | string | false;
/**
* ๐งช Mozilla-undocumented. Expect browser behavior to change in the future.
*/
'unoptimized-images'?: string[] | string | false;
/**
* ๐งช Mozilla-undocumented. Expect browser behavior to change in the future.
*/
'unsized-media'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'window-management'?: string[] | string | false;
/**
* ๐งช Experimental. Expect browser behavior to change in the future.
*/
'xr-spatial-tracking'?: string[] | string | false;
};
type OptionKey = 'contentSecurityPolicy' | 'crossOriginEmbedderPolicy' | 'crossOriginOpenerPolicy' | 'crossOriginResourcePolicy' | 'originAgentCluster' | 'referrerPolicy' | 'strictTransportSecurity' | 'xContentTypeOptions' | 'xDNSPrefetchControl' | 'xDownloadOptions' | 'xFrameOptions' | 'xPermittedCrossDomainPolicies' | 'xXSSProtection' | 'permissionsPolicy';
type HeaderName = 'Content-Security-Policy' | 'Cross-Origin-Embedder-Policy' | 'Cross-Origin-Opener-Policy' | 'Cross-Origin-Resource-Policy' | 'Origin-Agent-Cluster' | 'Referrer-Policy' | 'Strict-Transport-Security' | 'X-Content-Type-Options' | 'X-DNS-Prefetch-Control' | 'X-Download-Options' | 'X-Frame-Options' | 'X-Permitted-Cross-Domain-Policies' | 'X-XSS-Protection' | 'Permissions-Policy';
interface SecurityHeaders {
crossOriginResourcePolicy?: CrossOriginResourcePolicyValue | false;
crossOriginOpenerPolicy?: CrossOriginOpenerPolicyValue | false;
crossOriginEmbedderPolicy?: CrossOriginEmbedderPolicyValue | false;
contentSecurityPolicy?: ContentSecurityPolicyValue | false;
originAgentCluster?: '?1' | false;
referrerPolicy?: ReferrerPolicyValue | false;
strictTransportSecurity?: StrictTransportSecurityValue | false;
xContentTypeOptions?: XContentTypeOptionsValue | false;
xDNSPrefetchControl?: XDnsPrefetchControlValue | false;
xDownloadOptions?: XDownloadOptionsValue | false;
xFrameOptions?: XFrameOptionsValue | false;
xPermittedCrossDomainPolicies?: XPermittedCrossDomainPoliciesValue | false;
xXSSProtection?: string | false;
permissionsPolicy?: PermissionsPolicyValue | false;
}
export type { ContentSecurityPolicyValue as C, HeaderName as H, OptionKey as O, PermissionsPolicyValue as P, ReferrerPolicyValue as R, SecurityHeaders as S, XContentTypeOptionsValue as X, StrictTransportSecurityValue as a, CrossOriginResourcePolicyValue as b, CrossOriginOpenerPolicyValue as c, CrossOriginEmbedderPolicyValue as d, XDnsPrefetchControlValue as e, XDownloadOptionsValue as f, XFrameOptionsValue as g, XPermittedCrossDomainPoliciesValue as h, CSPSourceValue as i, CSPSandboxValue as j };