@hmcts/rpx-xui-node-lib 2.30.7-new-csp → 2.30.7-new-csp-4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/common/util/contentSecurityPolicy.d.ts.map +1 -1
- package/dist/common/util/contentSecurityPolicy.js +0 -1
- package/dist/common/util/contentSecurityPolicy.js.map +1 -1
- package/dist/common/util/csp.d.ts +2 -1
- package/dist/common/util/csp.d.ts.map +1 -1
- package/dist/common/util/csp.js +9 -3
- package/dist/common/util/csp.js.map +1 -1
- package/dist/common/util/index.d.ts +1 -0
- package/dist/common/util/index.d.ts.map +1 -1
- package/dist/common/util/index.js +3 -1
- package/dist/common/util/index.js.map +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contentSecurityPolicy.d.ts","sourceRoot":"","sources":["../../../src/common/util/contentSecurityPolicy.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,eAAe;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"contentSecurityPolicy.d.ts","sourceRoot":"","sources":["../../../src/common/util/contentSecurityPolicy.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,eAAe;;;;;;;;;;;;;CAmD3B,CAAA;AAED,eAAO,MAAM,wBAAwB,GAAI,QAAQ,GAAG,QAEnD,CAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contentSecurityPolicy.js","sourceRoot":"","sources":["../../../src/common/util/contentSecurityPolicy.ts"],"names":[],"mappings":";;;AAAa,QAAA,eAAe,GAAG;IAC3B,UAAU,EAAE;QACR,UAAU,EAAE;YACR,oBAAoB;YACpB,UAAU;YACV,8BAA8B;YAC9B,oBAAoB;YACpB,gCAAgC;YAChC,gCAAgC;YAChC,gCAAgC;YAChC,aAAa;YACb,6BAA6B;YAC7B,+CAA+C;YAC/C,gDAAgD;YAChD,oDAAoD;YACpD,gDAAgD;YAChD,gDAAgD;YAChD,2CAA2C;YAC3C,4CAA4C;YAC5C,6BAA6B;SAChC;QACD,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,OAAO,EAAE,CAAC,QAAQ,EAAE,2BAA2B,EAAE,OAAO,CAAC;QACzD,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,cAAc,EAAE,CAAC,QAAQ,CAAC;QAC1B,QAAQ,EAAE,CAAC,QAAQ,CAAC;QACpB,MAAM,EAAE;YACJ,QAAQ;YACR,OAAO;YACP,gCAAgC;YAChC,gCAAgC;YAChC,0CAA0C;YAC1C,kCAAkC;YAClC,0BAA0B;YAC1B,0BAA0B;YAC1B,2BAA2B;SAC9B;QACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;QACpB,SAAS,EAAE;YACP,QAAQ;YACR,
|
|
1
|
+
{"version":3,"file":"contentSecurityPolicy.js","sourceRoot":"","sources":["../../../src/common/util/contentSecurityPolicy.ts"],"names":[],"mappings":";;;AAAa,QAAA,eAAe,GAAG;IAC3B,UAAU,EAAE;QACR,UAAU,EAAE;YACR,oBAAoB;YACpB,UAAU;YACV,8BAA8B;YAC9B,oBAAoB;YACpB,gCAAgC;YAChC,gCAAgC;YAChC,gCAAgC;YAChC,aAAa;YACb,6BAA6B;YAC7B,+CAA+C;YAC/C,gDAAgD;YAChD,oDAAoD;YACpD,gDAAgD;YAChD,gDAAgD;YAChD,2CAA2C;YAC3C,4CAA4C;YAC5C,6BAA6B;SAChC;QACD,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,OAAO,EAAE,CAAC,QAAQ,EAAE,2BAA2B,EAAE,OAAO,CAAC;QACzD,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,cAAc,EAAE,CAAC,QAAQ,CAAC;QAC1B,QAAQ,EAAE,CAAC,QAAQ,CAAC;QACpB,MAAM,EAAE;YACJ,QAAQ;YACR,OAAO;YACP,gCAAgC;YAChC,gCAAgC;YAChC,0CAA0C;YAC1C,kCAAkC;YAClC,0BAA0B;YAC1B,0BAA0B;YAC1B,2BAA2B;SAC9B;QACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;QACpB,SAAS,EAAE;YACP,QAAQ;YACR,gCAAgC;YAChC,gCAAgC;YAChC,wBAAwB;SAC3B;QACD,QAAQ,EAAE;YACN,QAAQ;YACR,8BAA8B;YAC9B,2BAA2B;YAC3B,kCAAkC;SACrC;KACJ;CACJ,CAAA;AAEM,MAAM,wBAAwB,GAAG,CAAC,MAAW,EAAE,EAAE;IACpD,OAAO,MAAM,CAAC,qBAAqB,CAAC,uBAAe,CAAC,CAAA;AACxD,CAAC,CAAA;AAFY,QAAA,wBAAwB,4BAEpC"}
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
import { Request, Response, NextFunction } from 'express';
|
|
2
|
-
export declare function csp({ extraScript, extraStyle, extraConnect, extraFont, extraImg }?: {
|
|
2
|
+
export declare function csp({ extraScript, extraStyle, extraConnect, extraFont, extraImg, defaultCsp }?: {
|
|
3
3
|
extraScript?: string[] | undefined;
|
|
4
4
|
extraStyle?: string[] | undefined;
|
|
5
5
|
extraConnect?: string[] | undefined;
|
|
6
6
|
extraFont?: string[] | undefined;
|
|
7
7
|
extraImg?: string[] | undefined;
|
|
8
|
+
defaultCsp?: {} | undefined;
|
|
8
9
|
}): (req: Request, res: Response, next: NextFunction) => void;
|
|
9
10
|
//# sourceMappingURL=csp.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"csp.d.ts","sourceRoot":"","sources":["../../../src/common/util/csp.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAI1D,wBAAgB,GAAG,CAAC,EAClB,WAA+E,EAC/E,UAA+E,EAC/E,YAA+E,EAC/E,SAA+E,EAC/E,QAA+E,
|
|
1
|
+
{"version":3,"file":"csp.d.ts","sourceRoot":"","sources":["../../../src/common/util/csp.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAI1D,wBAAgB,GAAG,CAAC,EAClB,WAA+E,EAC/E,UAA+E,EAC/E,YAA+E,EAC/E,SAA+E,EAC/E,QAA+E,EAE/E,UAAiB,EAClB;;;;;;;CAAK,IAEF,KAAK,OAAO,EACZ,KAAK,QAAQ,EACb,MAAM,YAAY,UAyBrB"}
|
package/dist/common/util/csp.js
CHANGED
|
@@ -8,11 +8,13 @@ const helmet_1 = __importDefault(require("helmet"));
|
|
|
8
8
|
const node_crypto_1 = __importDefault(require("node:crypto"));
|
|
9
9
|
function csp(_a) {
|
|
10
10
|
var _b, _c, _d, _e, _f;
|
|
11
|
-
var { extraScript = ((_b = process.env.CSP_SCRIPT_EXTRA) !== null && _b !== void 0 ? _b : '').split(',').filter(Boolean), extraStyle = ((_c = process.env.CSP_STYLE_EXTRA) !== null && _c !== void 0 ? _c : '').split(',').filter(Boolean), extraConnect = ((_d = process.env.CSP_CONNECT_EXTRA) !== null && _d !== void 0 ? _d : '').split(',').filter(Boolean), extraFont = ((_e = process.env.CSP_FONT_EXTRA) !== null && _e !== void 0 ? _e : '').split(',').filter(Boolean), extraImg = ((_f = process.env.CSP_IMG_EXTRA) !== null && _f !== void 0 ? _f : '').split(',').filter(Boolean)
|
|
11
|
+
var { extraScript = ((_b = process.env.CSP_SCRIPT_EXTRA) !== null && _b !== void 0 ? _b : '').split(',').filter(Boolean), extraStyle = ((_c = process.env.CSP_STYLE_EXTRA) !== null && _c !== void 0 ? _c : '').split(',').filter(Boolean), extraConnect = ((_d = process.env.CSP_CONNECT_EXTRA) !== null && _d !== void 0 ? _d : '').split(',').filter(Boolean), extraFont = ((_e = process.env.CSP_FONT_EXTRA) !== null && _e !== void 0 ? _e : '').split(',').filter(Boolean), extraImg = ((_f = process.env.CSP_IMG_EXTRA) !== null && _f !== void 0 ? _f : '').split(',').filter(Boolean),
|
|
12
|
+
// old csp to merge with
|
|
13
|
+
defaultCsp = {} } = _a === void 0 ? {} : _a;
|
|
12
14
|
return (req, res, next) => {
|
|
13
15
|
const nonce = node_crypto_1.default.randomBytes(16).toString('base64');
|
|
14
16
|
res.locals.cspNonce = nonce;
|
|
15
|
-
|
|
17
|
+
const newCsp = {
|
|
16
18
|
useDefaults: true,
|
|
17
19
|
directives: {
|
|
18
20
|
"default-src": ["'self'"],
|
|
@@ -26,8 +28,12 @@ function csp(_a) {
|
|
|
26
28
|
"frame-ancestors": ["'self'"],
|
|
27
29
|
"form-action": ["'none'"]
|
|
28
30
|
},
|
|
31
|
+
// if CSP_REPORT_ONLY is set to true, use report-only mode
|
|
32
|
+
// this allows you to test your CSP without enforcing it
|
|
29
33
|
reportOnly: process.env.CSP_REPORT_ONLY === 'true'
|
|
30
|
-
}
|
|
34
|
+
};
|
|
35
|
+
const csp = Object.assign(Object.assign({}, defaultCsp), newCsp);
|
|
36
|
+
helmet_1.default.contentSecurityPolicy(csp)(req, res, next);
|
|
31
37
|
};
|
|
32
38
|
}
|
|
33
39
|
//# sourceMappingURL=csp.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"csp.js","sourceRoot":"","sources":["../../../src/common/util/csp.ts"],"names":[],"mappings":";;;;;AAIA,
|
|
1
|
+
{"version":3,"file":"csp.js","sourceRoot":"","sources":["../../../src/common/util/csp.ts"],"names":[],"mappings":";;;;;AAIA,kBAqCC;AAxCD,oDAA4B;AAC5B,8DAAiC;AAEjC,SAAgB,GAAG,CAAC,EAQd;;QARc,EAClB,WAAW,GAAI,CAAC,MAAA,OAAO,CAAC,GAAG,CAAC,gBAAgB,mCAAK,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,EAC/E,UAAU,GAAK,CAAC,MAAA,OAAO,CAAC,GAAG,CAAC,eAAe,mCAAM,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,EAC/E,YAAY,GAAG,CAAC,MAAA,OAAO,CAAC,GAAG,CAAC,iBAAiB,mCAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,EAC/E,SAAS,GAAM,CAAC,MAAA,OAAO,CAAC,GAAG,CAAC,cAAc,mCAAO,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,EAC/E,QAAQ,GAAO,CAAC,MAAA,OAAO,CAAC,GAAG,CAAC,aAAa,mCAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;IAC/E,wBAAwB;IACxB,UAAU,GAAK,EAAE,EAClB,mBAAG,EAAE;IACJ,OAAO,CACL,GAAY,EACZ,GAAa,EACb,IAAkB,EAClB,EAAE;QACF,MAAM,KAAK,GAAW,qBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAChE,GAAG,CAAC,MAAM,CAAC,QAAQ,GAAG,KAAK,CAAC;QAC5B,MAAM,MAAM,GAAG;YACb,WAAW,EAAE,IAAI;YACjB,UAAU,EAAE;gBACV,aAAa,EAAE,CAAC,QAAQ,CAAC;gBACzB,YAAY,EAAG,CAAC,QAAQ,EAAE,UAAU,KAAK,GAAG,EAAE,GAAG,WAAW,CAAC;gBAC7D,WAAW,EAAI,CAAC,QAAQ,EAAE,UAAU,KAAK,GAAG,EAAE,GAAG,UAAU,CAAC;gBAC5D,aAAa,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,YAAY,CAAC;gBAC5D,SAAS,EAAM,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,QAAQ,CAAC;gBAC/C,UAAU,EAAK,CAAC,QAAQ,EAAE,OAAO,EAAE,2BAA2B,EAAE,GAAG,SAAS,CAAC;gBAC7E,YAAY,EAAG,CAAC,QAAQ,CAAC;gBACzB,WAAW,EAAI,CAAC,QAAQ,CAAC;gBACzB,iBAAiB,EAAE,CAAC,QAAQ,CAAC;gBAC7B,aAAa,EAAE,CAAC,QAAQ,CAAC;aAC1B;YACD,0DAA0D;YAC1D,wDAAwD;YACxD,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,MAAM;SACnD,CAAA;QACD,MAAM,GAAG,mCAAQ,UAAU,GAAK,MAAM,CAAE,CAAC;QACzC,gBAAM,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IACpD,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/common/util/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAA;AACjC,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AACrD,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAA;AAClE,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AACvC,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAA;AAC3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AACvD,OAAO,EAAE,qBAAqB,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAA"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/common/util/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,OAAO,CAAA;AAC3B,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAA;AACjC,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AACrD,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAA;AAClE,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AACvC,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAA;AAC3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AACvD,OAAO,EAAE,qBAAqB,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAA"}
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.getUserSessionTimeout = exports.arrayPatternMatch = exports.isStringPatternMatch = exports.sortArray = exports.getContentSecurityPolicy = exports.getLogger = exports.hasKey = void 0;
|
|
3
|
+
exports.getUserSessionTimeout = exports.arrayPatternMatch = exports.isStringPatternMatch = exports.sortArray = exports.getContentSecurityPolicy = exports.getLogger = exports.hasKey = exports.csp = void 0;
|
|
4
|
+
var csp_1 = require("./csp");
|
|
5
|
+
Object.defineProperty(exports, "csp", { enumerable: true, get: function () { return csp_1.csp; } });
|
|
4
6
|
var hasKey_1 = require("./hasKey");
|
|
5
7
|
Object.defineProperty(exports, "hasKey", { enumerable: true, get: function () { return hasKey_1.hasKey; } });
|
|
6
8
|
var debug_logger_1 = require("./debug.logger");
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/common/util/index.ts"],"names":[],"mappings":";;;AAAA,mCAAiC;AAAxB,gGAAA,MAAM,OAAA;AACf,+CAAqD;AAA5C,yGAAA,SAAS,OAAA;AAClB,iEAAkE;AAAzD,iIAAA,wBAAwB,OAAA;AACjC,yCAAuC;AAA9B,sGAAA,SAAS,OAAA;AAClB,2DAA2D;AAAlD,0HAAA,oBAAoB,OAAA;AAC7B,yDAAuD;AAA9C,sHAAA,iBAAiB,OAAA;AAC1B,6CAA8E;AAArE,oHAAA,qBAAqB,OAAA"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/common/util/index.ts"],"names":[],"mappings":";;;AAAA,6BAA2B;AAAlB,0FAAA,GAAG,OAAA;AACZ,mCAAiC;AAAxB,gGAAA,MAAM,OAAA;AACf,+CAAqD;AAA5C,yGAAA,SAAS,OAAA;AAClB,iEAAkE;AAAzD,iIAAA,wBAAwB,OAAA;AACjC,yCAAuC;AAA9B,sGAAA,SAAS,OAAA;AAClB,2DAA2D;AAAlD,0HAAA,oBAAoB,OAAA;AAC7B,yDAAuD;AAA9C,sHAAA,iBAAiB,OAAA;AAC1B,6CAA8E;AAArE,oHAAA,qBAAqB,OAAA"}
|