UNPKG

vite-plugin-csp

Version:

Create CSP meta tags and header configs from all sources in the final Vite html

github.com/josh-hemphill/vite-plugin-csp

josh-hemphill/vite-plugin-csp

21 lines (20 loc) 9.61 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
var He=Object.create;var _=Object.defineProperty,Fe=Object.defineProperties,xe=Object.getOwnPropertyDescriptor,Oe=Object.getOwnPropertyDescriptors,Se=Object.getOwnPropertyNames,ne=Object.getOwnPropertySymbols,De=Object.getPrototypeOf,ie=Object.prototype.hasOwnProperty,ve=Object.prototype.propertyIsEnumerable;var oe=(t,s,e)=>s in t?_(t,s,{enumerable:!0,configurable:!0,writable:!0,value:e}):t[s]=e,h=(t,s)=>{for(var e in s||(s={}))ie.call(s,e)&&oe(t,e,s[e]);if(ne)for(var e of ne(s))ve.call(s,e)&&oe(t,e,s[e]);return t},ce=(t,s)=>Fe(t,Oe(s));var je=(t,s)=>{for(var e in s)_(t,e,{get:s[e],enumerable:!0})},ae=(t,s,e,r)=>{if(s&&typeof s=="object"||typeof s=="function")for(let l of Se(s))!ie.call(t,l)&&l!==e&&_(t,l,{get:()=>s[l],enumerable:!(r=xe(s,l))||r.enumerable});return t};var T=(t,s,e)=>(e=t!=null?He(De(t)):{},ae(s||!t||!t.__esModule?_(e,"default",{value:t,enumerable:!0}):e,t)),Ee=t=>ae(_({},"__esModule",{value:!0}),t);var ke={};je(ke,{ViteCspPlugin:()=>be,default:()=>Ae});module.exports=Ee(ke);var w=T(require("path"),1),Q=require("csp-typed-directives");var G=T(require("path"),1),J=require("fs"),x=(t,s,e)=>{(0,J.mkdirSync)(t.srvConfDir,{recursive:!0});let r=G.default.resolve(G.default.join(t.srvConfDir,s));(0,J.writeFileSync)(r,e)},$=(t,s=" ")=>t.split(` `).map((e,r)=>e&&r?s+e:e).join(` `);var le=t=>Object.entries(t).map(([s,e])=>`header ${s} "${e}" `).join(""),U={Caddyfile:"Caddyfile",Caddyfile_HeadersOnly:"headers.caddyfile"},pe={Caddyfile:({ctx:t,parsedHeaders:s,outFile:e=U.Caddyfile})=>{let r=` {$SITE_ADDRESS} root * dist ${$(le(s)," ")} file_server `;return x(t,e,r)},Caddyfile_HeadersOnly:({ctx:t,parsedHeaders:s,outFile:e=U.Caddyfile_HeadersOnly})=>x(t,e,le(s))};var de=t=>Object.entries(t).map(([s,e])=>`add_header ${s} "${e}"; `).join(""),L={Nginx:"nginx.conf",Nginx_HeadersOnly:"nginx-headers.conf"},fe={Nginx:({ctx:t,parsedHeaders:s,outFile:e=L.Nginx})=>{let r=` server { listen 443 80; index index.html Index.html; ${$(de(s))} location / { try_files $uri /index.html $uri/ / =404; } } `;return x(t,e,r)},Nginx_HeadersOnly:({ctx:t,parsedHeaders:s,outFile:e=L.Nginx_HeadersOnly})=>x(t,e,de(s))};var ue=t=>{let s=JSON.parse(JSON.stringify(t));for(let e in s){let r=s[e];s[e]=[r]}return s},W={CaddyJSON:"caddy.json",CaddyJSON_HeadersOnly:"caddy-headers.json"},ye={CaddyJSON:({ctx:t,parsedHeaders:s,outFile:e=W.CaddyJSON})=>{let r=ue(s),l={listen:[":443"],routes:[{match:[{host:["localhost"]}],handle:[{handler:"file_server",root:"/var/www"},{handler:"headers",response:{set:r}}]}]};return x(t,e,JSON.stringify(l,null,2))},CaddyJSON_HeadersOnly:({ctx:t,parsedHeaders:s,outFile:e=W.CaddyJSON_HeadersOnly})=>x(t,e,JSON.stringify({handler:"headers",response:{set:ue(s)}},null,2))};var k=h(h(h({},pe),fe),ye),Ye=h(h(h({},U),L),W);var X=require("@rollup/pluginutils");var ge=T(require("cheerio"),1),me=require("crypto"),Y=T(require("path"),1);var K=require("csp-typed-directives"),Pe=K.ValidCrypto,C={enabled:!0,inject:!0,injectReporting:!1,onDev:"permissive",policy:{"base-uri":"self","object-src":"none","script-src":["unsafe-inline","self","unsafe-eval"],"style-src":["unsafe-inline","self","unsafe-eval"]},hashingMethod:"sha384",hashEnabled:{"script-src":!0,"style-src":!0,"script-src-attr":!0,"style-src-attr":!0},nonceEnabled:{"script-src":!1,"style-src":!1},processFn:void 0,referrerHeaderOverride:void 0,sendReportsTo:void 0,reportSubset:void 0,mapHtmlFiles:void 0,debugPlugin:!1,srvConfDir:".server_config"};var V=T(require("css-tree"),1),he=(t,s)=>t[0]===s&&t[t.length-1]===s,Re=t=>t.slice(1,t.length-1),B=t=>{let s=V.parse(t);return V.findAll(s,function(r,l,g){return r.type==="Atrule"&&r.name==="import"}).map(r=>{var l;if(r!==null&&typeof r=="object"&&r.type==="Atrule"&&((l=r==null?void 0:r.prelude)==null?void 0:l.type)==="AtrulePrelude"){let g=V.toPlainObject(r==null?void 0:r.prelude);if(g.type==="AtrulePrelude"&&g.children.length)return g.children.map(p=>{var d;if(p.type==="Url"&&((d=p==null?void 0:p.value)==null?void 0:d.type)==="String"&&p.value.value)return p.value.value}).filter(p=>typeof p=="string")}}).filter(r=>Array.isArray(r)).flat().map(r=>he(r,"'")||he(r,'"')?Re(r):r)};function R(t,s){let e=(0,me.createHash)(t);return e.update(s),`${t}-${e.digest("base64")}`}function Ce(t,s,e,r){let l=ge.load(t),g={scriptSrcHashes:new Set,styleSrcHashes:new Set,scriptAttrHashes:new Set,styleAttrHashes:new Set},N=d=>Pe.some(o=>o===(d==null?void 0:d.slice(0,6))),p=(d,o)=>{N(d)&&g[o].add(d)};if(l("script").each(function(d,o){var c,u,P,b,v,O,E;if(Object.keys(o.attribs).length&&((u=(c=o.attribs)==null?void 0:c.src)==null?void 0:u.length)){let S=Y.default.resolve((P=o.attribs)==null?void 0:P.src);s.has(S)&&p((b=s.get(S))==null?void 0:b[r],"scriptSrcHashes")}if(((O=(v=o.childNodes)==null?void 0:v[0])==null?void 0:O.type)==="text"){let S=l.text([(E=o.childNodes)==null?void 0:E[0]]);S.length&&p(R(r,S),"scriptSrcHashes")}}),l("style").each(function(d,o){var c,u,P;if(((u=(c=o.childNodes)==null?void 0:c[0])==null?void 0:u.type)==="text"){let b=l.text([(P=o.childNodes)==null?void 0:P[0]]);b.length&&(B(b).forEach(O=>{var E;if(O.length){let S=Y.default.resolve(O);s.has(S)&&p((E=s.get(S))==null?void 0:E[r],"styleSrcHashes")}}),p(R(r,b),"styleSrcHashes"))}}),l("link").each(function(d,o){var c,u,P,b,v;if(Object.keys(o.attribs).length&&((c=o.attribs)==null?void 0:c.rel)==="stylesheet"&&((P=(u=o.attribs)==null?void 0:u.href)==null?void 0:P.length)){let O=Y.default.resolve((b=o.attribs)==null?void 0:b.href);s.has(O)&&p((v=s.get(O))==null?void 0:v[r],"styleSrcHashes")}}),e["style-src-attr"]&&l("[style]").each((d,o)=>{var c;(c=o.attribs)!=null&&c.style.length&&p(R(r,o.attribs.style),"styleAttrHashes")}),e["script-src-attr"]){let d=o=>o.startsWith("on");l("*").filter((o,c)=>Object.keys(c.attribs).some(d)).each((o,c)=>{Object.keys(c.attribs).filter(d).forEach(u=>{let P=c.attribs[u];P!=null&&P.length&&p(R(r,P),"scriptAttrHashes")})})}return{"script-src-attr":g.scriptAttrHashes,"style-src-attr":g.styleAttrHashes,"script-src":g.scriptSrcHashes,"style-src":g.styleSrcHashes}}var Z=class{constructor(s,e){this.tag=s,this.attrs=e}},M=class extends Z{constructor(){super(...arguments);this.injectTo="head"}};function Ie(...t){var se;let{p:s,o:e}={0:{o:C,p:C.policy},1:{o:t[0],p:((se=t[0])==null?void 0:se.policy)||C.policy},2:{o:t[1],p:t[0]}}[t.length];if(!(typeof e.enabled=="boolean"?e.enabled:C.enabled))return;let l=typeof e.inject=="boolean"?e.inject:C.inject,g=typeof e.injectReporting=="boolean"?e.injectReporting:C.injectReporting,N=typeof e.onDev=="string"?e.onDev:C.onDev;function p(n){let a=Array.isArray(n)?new Q.CspDirectives(...n):new Q.CspDirectives(n);return typeof e.referrerHeaderOverride=="string"&&(a.ReferrerHeader=e.referrerHeaderOverride),typeof e.sendReportsTo=="object"&&(a.ReportTo=e.sendReportsTo),typeof e.reportSubset=="object"&&(a.ReportOnly=e.reportSubset),a.checkReportTo(),a}let d=p(s),o={};if(!!e.mapHtmlFiles&&Object.keys(e.mapHtmlFiles).length)for(let n in e.mapHtmlFiles){let a=e.mapHtmlFiles[n];a!==null&&typeof a=="object"&&(o[n]=p(a))}let c=e.hashingMethod||C.hashingMethod,u=h(h({},C.hashEnabled),e==null?void 0:e.hashEnabled),P=h(h({},C.nonceEnabled),e==null?void 0:e.nonceEnabled),b=e.srvConfDir||C.srvConfDir,v=(Array.isArray(e.processFn)?e.processFn:e.processFn?[e.processFn]:[]).map(n=>{var a,D,A;if(typeof n=="string"&&typeof((a=k)==null?void 0:a[n])=="function")return(y,m)=>{var i,H;return(H=(i=k)==null?void 0:i[n])==null?void 0:H.call(i,{ctx:y,parsedHeaders:m,processor:n})};if(typeof n=="object"&&((D=n==null?void 0:n.processor)==null?void 0:D.length)&&typeof((A=k)==null?void 0:A[n.processor])=="function")return(y,m)=>{var i,H;return(H=(i=k)==null?void 0:i[n.processor])==null?void 0:H.call(i,ce(h({},n),{ctx:y,parsedHeaders:m}))};if(typeof n=="function")return async(y,m)=>{let i=await n(y,m);typeof i=="object"&&typeof(i==null?void 0:i.name)=="string"&&typeof(i==null?void 0:i.content)=="string"&&x(y,i.name,i.content)}}).filter(n=>typeof n=="function");async function O(n,a){for(let D of v)await D(n,a)}let E=(0,X.createFilter)("**.js"),S=(0,X.createFilter)("**.css"),I=new Map,ee=new Set,q={},te={name:"vite-plugin-csp",enforce:"post",apply:()=>!0,configResolved(n){q.command=n==null?void 0:n.command},async transform(n,a){if(q.command==="build"||N==="full"){let D=E(a),A=S(a);D&&u["script-src"]?I.set(a,{fileType:"script",[c]:R(c,n)}):A&&u["style-src"]&&(B(n).forEach(m=>{let i="";try{i=w.default.resolve(m)}catch{return}i&&ee.add(i)}),I.set(a,{fileType:"style",[c]:R(c,n)}))}return null},async transformIndexHtml(n,{path:a,filename:D}){let A=Ce(n,I,u,c),y=d,m=o;if(!!m&&Object.keys(m).length){let f=a?w.default.resolve(a,D):w.default.resolve(D);for(let F of Object.keys(m))w.default.resolve(F)===f&&(y=m[F])}function i(f){let F=y.CSP[f];return Array.isArray(F)||(typeof F<"u"?y.CSP[f]=[F]:y.CSP[f]=[]),y.CSP[f]}let H=f=>!u[f]||i(f).push(...A[f]);H("script-src"),H("script-src-attr"),H("style-src"),H("style-src-attr"),ee.forEach(f=>{if(I.has(f)){let F=I.get(f);if(F){let z=new Set(y.CSP["style-src"]);z.add(F[c]),y.CSP["style-src"]=Array.from(z)}}});let re=y.getHeaders();if(await O({path:a,htmlFileName:D,builtinProcessorFns:k,srvConfDir:b},re),l)return Object.entries(re).filter(([f])=>g||!f.includes("Report")).map(([f,F])=>new M("meta",{"http-equiv":f,content:F}))}};return e.debugPlugin&&Object.defineProperty(te,"debugProperties",{value:{inject:l,onDev:N,policy:d,hashingMethod:c,hashEnabled:u,nonceEnabled:P,processFns:v,idMap:I,validatedMappedPolicies:o,config:q}}),te}var be=Ie,Ae=be;0&&(module.exports={ViteCspPlugin}); //# sourceMappingURL=index.cjs.map