summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/CSP.js22
-rw-r--r--src/lib/NetCSP.js30
2 files changed, 52 insertions, 0 deletions
diff --git a/src/lib/CSP.js b/src/lib/CSP.js
new file mode 100644
index 0000000..8550f09
--- /dev/null
+++ b/src/lib/CSP.js
@@ -0,0 +1,22 @@
+"use strict";
+
+class CSP {
+
+ build(...directives) {
+ return directives.join(';');
+ }
+
+ buildBlocker(...types) {
+ return this.build(...(types.map(type => `${type.name || type}-src ${type.value || "'none'"}`)));
+ }
+
+ blocks(header, type) {
+ return `;${header};`.includes(`;${type}-src 'none';`)
+ }
+
+ asHeader(value) {
+ return {name: CSP.headerName, value};
+ }
+}
+
+CSP.headerName = "content-security-policy";
diff --git a/src/lib/NetCSP.js b/src/lib/NetCSP.js
new file mode 100644
index 0000000..cb79a80
--- /dev/null
+++ b/src/lib/NetCSP.js
@@ -0,0 +1,30 @@
+"use strict";
+
+class NetCSP extends CSP {
+ constructor(start, end) {
+ super();
+ this.start = start;
+ this.end = end;
+ }
+
+ isMine(header) {
+ let {name, value} = header;
+ if (name.toLowerCase() !== CSP.headerName) return false;
+ let startIdx = value.indexOf(this.start);
+ return startIdx > -1 && startIdx < value.lastIndexOf(this.end);
+ }
+
+ inject(headerValue, mine) {
+ let startIdx = headerValue.indexOf(this.start);
+ if (startIdx < 0) return `${headerValue};${mine}`;
+ let endIdx = headerValue.lastIndexOf(this.end);
+ let retValue = `${headerValue.substring(0, startIdx)}${mine}`;
+
+ return endIdx < 0 ? retValue : `${retValue}${headerValue.substring(endIdx + this.end.length + 1)}`;
+ }
+
+ build(...directives) {
+ return `${this.start}${super.build(...directives)}${this.end}`;
+ }
+
+}