secure-headers/content-security-policy.js

Secure HTTP headers

export let init=h=>h.slice(2)||`default-src 'self'`;export let self=` 'self'`;export let none=` 'none'`;export let unsafeEval=` 'unsafe-eval'`;export let wasmUnsafeEval=` 'wasm-unsafe-eval'`;export let unsafeInline=` 'unsafe-inline'`;export let unsafeHashes=` 'unsafe-hashes'`;export let inlineSpeculationRules=` 'inline-speculation-rules'`;export let strictDynamic=` 'strict-dynamic'`;export let reportSample=` 'report-sample'`;export let createNonce=(h,L)=>{let R=new Uint8Array(h);return()=>` 'nonce-`+crypto.getRandomValues(R).toBase64(L)+`'`};export let nonce=h=>` 'nonce-`+h+`'`;export let hash=(h,L)=>` '`+h+`-`+L+`'`;export let url=h=>` `+h;export let baseURI=h=>`; base-uri`+h;export let sandbox=h=>`; sandbox`+h;export let formAction=h=>`; form-action`+h;export let frameAncestors=h=>`; frame-ancestors`+h;export let reportTo=h=>`; report-to`+h;export let requireTrustedTypesFor=h=>`; require-trusted-types-for`+h;export let trustedTypes=h=>`; trusted-types`+h;export let upgradeInsecureRequests=h=>`; upgrade-insecure-requests`+h;export let childSrc=h=>`; child-src`+h;export let connectSrc=h=>`; connect-src`+h;export let defaultSrc=h=>`; default-src`+h;export let fencedFrameSrc=h=>`; fenced-frame-src`+h;export let fontSrc=h=>`; font-src`+h;export let frameSrc=h=>`; frame-src`+h;export let imgSrc=h=>`; img-src`+h;export let manifestSrc=h=>`; manifest-src`+h;export let mediaSrc=h=>`; media-src`+h;export let objectSrc=h=>`; object-src`+h;export let scriptSrc=h=>`; script-src`+h;export let scriptSrcElem=h=>`; script-src-elem`+h;export let scriptSrcAttr=h=>`; script-src-attr`+h;export let styleSrc=h=>`; style-src`+h;export let styleSrcElem=h=>`; style-src-elem`+h;export let styleSrcAttr=h=>`; style-src-attr`+h;export let workerSrc=h=>`; worker-src`+h;