| Server IP : 68.183.124.220 / Your IP : 216.73.217.137 Web Server : Apache/2.4.18 (Ubuntu) System : Linux Sandbox-A 4.4.0-210-generic #242-Ubuntu SMP Fri Apr 16 09:57:56 UTC 2021 x86_64 User : gavin ( 1000) PHP Version : 7.0.33-0ubuntu0.16.04.16 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority, MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /home/gavin/workspace/readjs/node_modules/lusca/lib/ |
Upload File : |
'use strict';
var thing = require('core-util-is');
/**
* Content Security Policy (CSP)
* https://www.owasp.org/index.php/Content_Security_Policy
* @param {Object} options The CSP policy.
*/
module.exports = function (options) {
var policyRules = options && options.policy,
isReportOnly = options && options.reportOnly,
reportUri = options && options.reportUri,
value, name;
name = 'Content-Security-Policy';
if (isReportOnly) {
name += '-Report-Only';
}
value = createPolicyString(policyRules);
if (reportUri) {
if (value !== '') {
value += '; ';
}
value += 'report-uri ' + reportUri;
}
return function csp(req, res, next) {
res.header(name, value);
next();
};
};
var createPolicyString = module.exports.createPolicyString = function (policy) {
var entries;
if (thing.isString(policy)) {
return policy;
}
if (thing.isArray(policy)) {
return policy.map(createPolicyString).join('; ');
}
if (thing.isObject(policy)) {
entries = Object.keys(policy).map(function (directive) {
if (policy[directive] === 0 || policy[directive]) {
directive += ' ' + policy[directive];
}
return directive;
});
return createPolicyString(entries);
}
throw Error('invalid csp policy - must be array, string, or plain object');
};