diff options
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/CSP.js | 22 | ||||
-rw-r--r-- | src/lib/NetCSP.js | 30 |
2 files changed, 52 insertions, 0 deletions
diff --git a/src/lib/CSP.js b/src/lib/CSP.js new file mode 100644 index 0000000..8550f09 --- /dev/null +++ b/src/lib/CSP.js @@ -0,0 +1,22 @@ +"use strict"; + +class CSP { + + build(...directives) { + return directives.join(';'); + } + + buildBlocker(...types) { + return this.build(...(types.map(type => `${type.name || type}-src ${type.value || "'none'"}`))); + } + + blocks(header, type) { + return `;${header};`.includes(`;${type}-src 'none';`) + } + + asHeader(value) { + return {name: CSP.headerName, value}; + } +} + +CSP.headerName = "content-security-policy"; diff --git a/src/lib/NetCSP.js b/src/lib/NetCSP.js new file mode 100644 index 0000000..cb79a80 --- /dev/null +++ b/src/lib/NetCSP.js @@ -0,0 +1,30 @@ +"use strict"; + +class NetCSP extends CSP { + constructor(start, end) { + super(); + this.start = start; + this.end = end; + } + + isMine(header) { + let {name, value} = header; + if (name.toLowerCase() !== CSP.headerName) return false; + let startIdx = value.indexOf(this.start); + return startIdx > -1 && startIdx < value.lastIndexOf(this.end); + } + + inject(headerValue, mine) { + let startIdx = headerValue.indexOf(this.start); + if (startIdx < 0) return `${headerValue};${mine}`; + let endIdx = headerValue.lastIndexOf(this.end); + let retValue = `${headerValue.substring(0, startIdx)}${mine}`; + + return endIdx < 0 ? retValue : `${retValue}${headerValue.substring(endIdx + this.end.length + 1)}`; + } + + build(...directives) { + return `${this.start}${super.build(...directives)}${this.end}`; + } + +} |