Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
csp-header
Advanced tools
csp-header - npm Package Compare versions
Comparing version 0.0.3 to 0.0.4
35
index.js
| var allowedPolicies = [ | ||
| 'base-uri', | ||
| 'default-src', | ||
| 'script-src', | ||
| 'style-src', | ||
| 'img-src', | ||
| 'frame-src', | ||
| 'script-src', | ||
| 'block-all-mixed-content', | ||
| 'child-src', | ||
| 'connect-src', | ||
| 'object-src', | ||
| 'media-src', | ||
| 'default-src', | ||
| 'disown-opener', | ||
| 'font-src', | ||
| 'form-action', | ||
| 'frame-ancestors', | ||
| 'plugin-types' | ||
| 'frame-src', | ||
| 'img-src', | ||
| 'manifest-src', | ||
| 'media-src', | ||
| 'object-src', | ||
| 'plugin-types', | ||
| 'referrer', | ||
| 'reflected-xss', | ||
| 'report-uri', | ||
| 'sandbox', | ||
| 'script-src', | ||
| 'strict-dynamic', | ||
| 'style-src', | ||
| 'upgrade-insecure-requests', | ||
| 'worker-src' | ||
| ]; | ||
@@ -26,2 +35,5 @@ | ||
| var cspString = Object.keys(policies).map(function(policyName){ | ||
| if(policies[policyName] === true || policies[policyName].length === 0){ | ||
| return policyName; | ||
| } | ||
| return policyName + ' ' + policies[policyName].join(' '); | ||
@@ -53,3 +65,5 @@ }).join('; ') + ';'; | ||
| if(allowedPolicies.indexOf(policyName) > -1){ | ||
| policies[policyName] = params.policies[policyName]; | ||
| if(params.policies[policyName] !== false){ | ||
| policies[policyName] = params.policies[policyName]; | ||
| } | ||
| } | ||
@@ -71,2 +85,3 @@ return policies; | ||
| csp.NONE = '\'none\''; | ||
| csp.SELF = '\'self\''; | ||
@@ -73,0 +88,0 @@ csp.INLINE = '\'unsafe-inline\''; |
| { | ||
| "name": "csp-header", | ||
| "version": "0.0.3", | ||
| "version": "0.0.4", | ||
| "description": "Content-Security-Policy header generator", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -33,2 +33,25 @@ var should = require('should'); | ||
| }); | ||
| it('should support valueless directives', function(){ | ||
| csp({ | ||
| policies: { | ||
| 'script-src': [ 'test.com' ], | ||
| 'block-all-mixed-content': true | ||
| } | ||
| }).should.be.equal('script-src test.com; block-all-mixed-content;'); | ||
| csp({ | ||
| policies: { | ||
| 'script-src': [ 'test.com' ], | ||
| 'block-all-mixed-content': [] | ||
| } | ||
| }).should.be.equal('script-src test.com; block-all-mixed-content;'); | ||
| csp({ | ||
| policies: { | ||
| 'script-src': [ 'test.com' ], | ||
| 'block-all-mixed-content': '' | ||
| } | ||
| }).should.be.equal('script-src test.com; block-all-mixed-content;'); | ||
| }); | ||
| }); | ||
@@ -51,3 +74,6 @@ | ||
| }); | ||
| it('should contains \'none\'', function(){ | ||
| csp.NONE.should.be.equal('\'none\''); | ||
| }); | ||
| }); | ||
| }); |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by24.12%
5162
- Lines of code
- increased by36.19%
143
No dependency changes