UNPKG

vite-plugin-csp

Version:

Create CSP meta tags and header configs from all sources in the final Vite html

github.com/josh-hemphill/vite-plugin-csp

josh-hemphill/vite-plugin-csp

123 lines (118 loc) 35.3 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
import { PluginOption } from 'vite'; import { DirectivesObj, CspDirectives, CspDirectiveHeaders } from 'csp-typed-directives'; declare const builtinProcessorFns: { CaddyJSON: InternalProcessFn; CaddyJSON_HeadersOnly: InternalProcessFn; Nginx: InternalProcessFn; Nginx_HeadersOnly: InternalProcessFn; Caddyfile: InternalProcessFn; Caddyfile_HeadersOnly: InternalProcessFn; }; declare const DEFAULT_OPTIONS: { enabled: boolean; inject: boolean; injectReporting: boolean; onDev: "permissive" | "full" | "skip"; policy: PolicyOptions; hashingMethod: "sha256" | "sha384" | "sha512"; hashEnabled: { 'script-src': boolean; 'style-src': boolean; 'script-src-attr': boolean; 'style-src-attr': boolean; }; /** @deprecated requires SSR support first, included for webpack migrations */ nonceEnabled: { 'script-src': boolean; 'style-src': boolean; }; processFn: ProcessOptions | undefined; referrerHeaderOverride: "no-referrer" | "no-referrer-when-downgrade" | "origin" | "origin-when-cross-origin" | "same-origin" | "strict-origin" | "strict-origin-when-cross-origin" | "unsafe-url" | "none" | undefined; sendReportsTo: ({ group: string; max_age: number; endpoints: { url: `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | `${string}.${string}/${string}` | `${string}.${string}?${string}` | `${string}.${string}#${string}` | `${string}.${string}\\${string}` | `localhost/${string}` | `localhost?${string}` | `localhost#${string}` | `localhost\\${string}` | `${string}.${string}:${number}/${string}` | `${string}.${string}:${number}?${string}` | `${string}.${string}:${number}#${string}` | `${string}.${string}:${number}\\${string}` | `${string}.${string}:*/${string}` | `${string}.${string}:*?${string}` | `${string}.${string}:*#${string}` | `${string}.${string}:*\\${string}` | `localhost:${number}/${string}` | `localhost:${number}?${string}` | `localhost:${number}#${string}` | `localhost:${number}\\${string}` | `localhost:*/${string}` | `localhost:*?${string}` | `localhost:*#${string}` | `localhost:*\\${string}` | `${string}://${string}.${string}/${string}` | `${string}://${string}.${string}?${string}` | `${string}://${string}.${string}#${string}` | `${string}://${string}.${string}\\${string}` | `${string}://${string}.${string}:${number}/${string}` | `${string}://${string}.${string}:${number}?${string}` | `${string}://${string}.${string}:${number}#${string}` | `${string}://${string}.${string}:${number}\\${string}` | `${string}://${string}.${string}:*/${string}` | `${string}://${string}.${string}:*?${string}` | `${string}://${string}.${string}:*#${string}` | `${string}://${string}.${string}:*\\${string}` | `${string}://localhost/${string}` | `${string}://localhost?${string}` | `${string}://localhost#${string}` | `${string}://localhost\\${string}` | `${string}://localhost:${number}/${string}` | `${string}://localhost:${number}?${string}` | `${string}://localhost:${number}#${string}` | `${string}://localhost:${number}\\${string}` | `${string}://localhost:*/${string}` | `${string}://localhost:*?${string}` | `${string}://localhost:*#${string}` | `${string}://localhost:*\\${string}`; }[]; } | { group: string; max_age: number; endpoints: { url: `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | `${string}.${string}/${string}` | `${string}.${string}?${string}` | `${string}.${string}#${string}` | `${string}.${string}\\${string}` | `localhost/${string}` | `localhost?${string}` | `localhost#${string}` | `localhost\\${string}` | `${string}.${string}:${number}/${string}` | `${string}.${string}:${number}?${string}` | `${string}.${string}:${number}#${string}` | `${string}.${string}:${number}\\${string}` | `${string}.${string}:*/${string}` | `${string}.${string}:*?${string}` | `${string}.${string}:*#${string}` | `${string}.${string}:*\\${string}` | `localhost:${number}/${string}` | `localhost:${number}?${string}` | `localhost:${number}#${string}` | `localhost:${number}\\${string}` | `localhost:*/${string}` | `localhost:*?${string}` | `localhost:*#${string}` | `localhost:*\\${string}` | `${string}://${string}.${string}/${string}` | `${string}://${string}.${string}?${string}` | `${string}://${string}.${string}#${string}` | `${string}://${string}.${string}\\${string}` | `${string}://${string}.${string}:${number}/${string}` | `${string}://${string}.${string}:${number}?${string}` | `${string}://${string}.${string}:${number}#${string}` | `${string}://${string}.${string}:${number}\\${string}` | `${string}://${string}.${string}:*/${string}` | `${string}://${string}.${string}:*?${string}` | `${string}://${string}.${string}:*#${string}` | `${string}://${string}.${string}:*\\${string}` | `${string}://localhost/${string}` | `${string}://localhost?${string}` | `${string}://localhost#${string}` | `${string}://localhost\\${string}` | `${string}://localhost:${number}/${string}` | `${string}://localhost:${number}?${string}` | `${string}://localhost:${number}#${string}` | `${string}://localhost:${number}\\${string}` | `${string}://localhost:*/${string}` | `${string}://localhost:*?${string}` | `${string}://localhost:*#${string}` | `${string}://localhost:*\\${string}`; }[]; }[]) | undefined; reportSubset: ({ 'child-src'?: (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | ("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`)[]) | undefined; 'frame-src'?: (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | ("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`)[]) | undefined; 'worker-src'?: (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | ("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`)[]) | undefined; } & { 'connect-src'?: (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | ("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`)[]) | undefined; 'default-src'?: (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | "strict-dynamic" | "report-sample") | (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | "strict-dynamic" | "report-sample")[] | undefined; 'font-src'?: (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | ("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`)[]) | undefined; 'frame-src'?: (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | ("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`)[]) | undefined; 'img-src'?: (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | ("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`)[]) | undefined; 'manifest-src'?: (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | ("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`)[]) | undefined; 'media-src'?: (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | ("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`)[]) | undefined; 'object-src'?: (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | ("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`)[]) | undefined; 'prefetch-src'?: (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | ("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`)[]) | undefined; 'script-src'?: (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | "strict-dynamic" | "report-sample") | (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | "strict-dynamic" | "report-sample")[] | undefined; 'script-src-elem'?: (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | ("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`)[]) | undefined; 'script-src-attr'?: (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | ("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`)[]) | undefined; 'style-src'?: (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | ("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`)[]) | undefined; 'style-src-elem'?: (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | ("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`)[]) | undefined; 'style-src-attr'?: (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | ("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`)[]) | undefined; } & { 'block-all-mixed-content'?: boolean | undefined; referrer?: "no-referrer" | "no-referrer-when-downgrade" | "origin" | "origin-when-cross-origin" | "same-origin" | "strict-origin" | "strict-origin-when-cross-origin" | "unsafe-url" | "none" | undefined; 'require-sri-for'?: "script" | "style" | "script style" | undefined; 'require-trusted-types-for'?: "script" | undefined; 'trusted-types'?: string | string[] | undefined; 'upgrade-insecure-requests'?: boolean | undefined; } & { 'report-uri'?: `/${string}` | `?${string}` | `#${string}` | `\\${string}` | undefined; 'report-to'?: string | undefined; } & { 'form-action'?: (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | "strict-dynamic" | "report-sample") | (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | "strict-dynamic" | "report-sample")[] | undefined; 'frame-ancestors'?: ("none" | "self" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:") | ("none" | "self" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:")[] | undefined; 'navigate-to'?: (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | "strict-dynamic" | "report-sample") | (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | "strict-dynamic" | "report-sample")[] | undefined; } & { 'base-uri'?: (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | "strict-dynamic" | "report-sample") | (("none" | "self" | "unsafe-eval" | "unsafe-hashes" | "unsafe-inline" | `${string}.${string}` | "localhost" | `${string}.${string}:${number}` | `${string}.${string}:*` | `localhost:${number}` | "localhost:*" | `${string}://${string}.${string}` | `${string}://${string}.${string}:${number}` | `${string}://${string}.${string}:*` | `${string}://localhost` | `${string}://localhost:${number}` | `${string}://localhost:*` | "http:" | "https:" | "data:" | "mediastream:" | "blob:" | "filesystem:" | `nonce-${string}` | `sha256-${string}` | `sha384-${string}` | `sha512-${string}`) | "strict-dynamic" | "report-sample")[] | undefined; 'plugin-types'?: ("none" | `${string}/${string}`) | ("none" | `${string}/${string}`)[] | undefined; sandbox?: "allow-downloads-without-user-activation" | "allow-forms" | "allow-modals" | "allow-orientation-lock" | "allow-pointer-lock" | "allow-popups" | "allow-popups-to-escape-sandbox" | "allow-presentation" | "allow-same-origin" | "allow-scripts" | "allow-storage-access-by-user-activation" | "allow-top-navigation" | "allow-top-navigation-by-user-activation" | undefined; }) | undefined; mapHtmlFiles: Record<string, PolicyOptions> | undefined; debugPlugin: boolean; srvConfDir: string; }; declare type InternalProcessFnNames = keyof typeof builtinProcessorFns; declare type InternalProcessFnParams = { processor: InternalProcessFnNames; outFile?: string; }; declare type InternalProcessOptions = InternalProcessFnParams & { ctx: ProcessFnContext; parsedHeaders: CspDirectiveHeaders; }; declare type InternalProcessFn = (options: InternalProcessOptions) => void; declare type ProcessFnContext = { path: string; htmlFileName: string; srvConfDir: string; builtinProcessorFns: typeof builtinProcessorFns; }; declare type ProcessFnReturn = { name: string; content: string; } | void; declare type ProcessFn = (ctx: ProcessFnContext, parsedHeaders: CspDirectiveHeaders) => ProcessFnReturn | Promise<ProcessFnReturn>; declare type DirectivesParams = ConstructorParameters<typeof CspDirectives>; declare type PolicyOptions = DirectivesParams | DirectivesObj; declare type ProcessOption = keyof typeof builtinProcessorFns | InternalProcessFnParams | ProcessFn; declare type ProcessOptions = ProcessOption | ProcessOption[]; declare type ViteCspPluginOptions = typeof DEFAULT_OPTIONS; declare type ViteCspPluginOpts = Partial<ViteCspPluginOptions>; declare function createViteCspPlugin(policy: PolicyOptions, options: ViteCspPluginOpts): Exclude<PluginOption, PluginOption[]>; declare function createViteCspPlugin(options: Partial<ViteCspPluginOpts>): Exclude<PluginOption, PluginOption[]>; declare function createViteCspPlugin(): Exclude<PluginOption, PluginOption[]>; declare const ViteCspPlugin: typeof createViteCspPlugin; export { ViteCspPlugin, ViteCspPluginOptions, ViteCspPlugin as default };