@hoajs/secure-headers 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/CHANGELOG.md +5 -0
  2. package/dist/cjs/index.cjs +571 -0
  3. package/dist/cjs/index.d.cts +109 -94
  4. package/dist/esm/index.d.mts +185 -0
  5. package/dist/esm/index.mjs +548 -0
  6. package/package.json +17 -13
  7. package/dist/cjs/index.js +0 -811
  8. package/dist/esm/index.d.ts +0 -170
  9. package/dist/esm/index.js +0 -766
package/dist/cjs/index.d.cts CHANGED
@@ -1,72 +1,86 @@
1
- import { HoaContext, HoaMiddleware } from 'hoa';
1
+ import { HoaContext, HoaMiddleware } from "hoa";
2
2
 
3
+ //#region src/contentSecurityPolicy.d.ts
3
4
  type ContentSecurityPolicyDirectiveValueFunction = (ctx: HoaContext) => string;
4
5
  type ContentSecurityPolicyDirectiveValue = string | ContentSecurityPolicyDirectiveValueFunction;
5
6
  interface ContentSecurityPolicyOptions {
6
- useDefaults?: boolean;
7
- directives?: Record<string, null | Iterable<ContentSecurityPolicyDirectiveValue> | typeof dangerouslyDisableDefaultSrc>;
8
- reportOnly?: boolean;
7
+ useDefaults?: boolean;
8
+ directives?: Record<string, null | Iterable<ContentSecurityPolicyDirectiveValue> | typeof dangerouslyDisableDefaultSrc>;
9
+ reportOnly?: boolean;
9
10
  }
10
11
  interface ContentSecurityPolicy {
11
- (options?: Readonly<ContentSecurityPolicyOptions>): HoaMiddleware;
12
- getDefaultDirectives: typeof getDefaultDirectives;
13
- dangerouslyDisableDefaultSrc: typeof dangerouslyDisableDefaultSrc;
12
+ (options?: Readonly<ContentSecurityPolicyOptions>): HoaMiddleware;
13
+ getDefaultDirectives: typeof getDefaultDirectives;
14
+ dangerouslyDisableDefaultSrc: typeof dangerouslyDisableDefaultSrc;
14
15
  }
15
16
  declare const dangerouslyDisableDefaultSrc: unique symbol;
16
17
  declare const getDefaultDirectives: () => Record<string, Iterable<ContentSecurityPolicyDirectiveValue>>;
17
18
  declare const contentSecurityPolicy: ContentSecurityPolicy;
18
-
19
+ //#endregion
20
+ //#region src/crossOriginEmbedderPolicy.d.ts
19
21
  interface CrossOriginEmbedderPolicyOptions {
20
- policy?: 'require-corp' | 'credentialless' | 'unsafe-none';
22
+ policy?: 'require-corp' | 'credentialless' | 'unsafe-none';
21
23
  }
22
24
  declare function crossOriginEmbedderPolicy(options?: Readonly<CrossOriginEmbedderPolicyOptions>): HoaMiddleware;
23
-
25
+ //#endregion
26
+ //#region src/crossOriginOpenerPolicy.d.ts
24
27
  interface CrossOriginOpenerPolicyOptions {
25
- policy?: 'same-origin' | 'same-origin-allow-popups' | 'unsafe-none';
28
+ policy?: 'same-origin' | 'same-origin-allow-popups' | 'unsafe-none';
26
29
  }
27
30
  declare function crossOriginOpenerPolicy(options?: Readonly<CrossOriginOpenerPolicyOptions>): HoaMiddleware;
28
-
31
+ //#endregion
32
+ //#region src/crossOriginResourcePolicy.d.ts
29
33
  interface CrossOriginResourcePolicyOptions {
30
- policy?: 'same-origin' | 'same-site' | 'cross-origin';
34
+ policy?: 'same-origin' | 'same-site' | 'cross-origin';
31
35
  }
32
36
  declare function crossOriginResourcePolicy(options?: Readonly<CrossOriginResourcePolicyOptions>): HoaMiddleware;
33
-
37
+ //#endregion
38
+ //#region src/originAgentCluster.d.ts
34
39
  declare function originAgentCluster(): HoaMiddleware;
35
-
40
+ //#endregion
41
+ //#region src/referrerPolicy.d.ts
36
42
  type ReferrerPolicyToken = 'no-referrer' | 'no-referrer-when-downgrade' | 'same-origin' | 'origin' | 'strict-origin' | 'origin-when-cross-origin' | 'strict-origin-when-cross-origin' | 'unsafe-url' | '';
37
43
  interface ReferrerPolicyOptions {
38
- policy?: ReferrerPolicyToken | ReferrerPolicyToken[];
44
+ policy?: ReferrerPolicyToken | ReferrerPolicyToken[];
39
45
  }
40
46
  declare function referrerPolicy(options?: Readonly<ReferrerPolicyOptions>): HoaMiddleware;
41
-
47
+ //#endregion
48
+ //#region src/strictTransportSecurity.d.ts
42
49
  interface StrictTransportSecurityOptions {
43
- maxAge?: number;
44
- includeSubDomains?: boolean;
45
- preload?: boolean;
50
+ maxAge?: number;
51
+ includeSubDomains?: boolean;
52
+ preload?: boolean;
46
53
  }
47
54
  declare function strictTransportSecurity(options?: Readonly<StrictTransportSecurityOptions>): HoaMiddleware;
48
-
55
+ //#endregion
56
+ //#region src/xContentTypeOptions.d.ts
49
57
  declare function xContentTypeOptions(): HoaMiddleware;
50
-
58
+ //#endregion
59
+ //#region src/xDnsPrefetchControl.d.ts
51
60
  interface XDnsPrefetchControlOptions {
52
- allow?: boolean;
61
+ allow?: boolean;
53
62
  }
54
63
  declare function xDnsPrefetchControl(options?: Readonly<XDnsPrefetchControlOptions>): HoaMiddleware;
55
-
64
+ //#endregion
65
+ //#region src/xDownloadOptions.d.ts
56
66
  declare function xDownloadOptions(): HoaMiddleware;
57
-
67
+ //#endregion
68
+ //#region src/xFrameOptions.d.ts
58
69
  interface XFrameOptionsOptions {
59
- action?: 'deny' | 'sameorigin';
70
+ action?: 'deny' | 'sameorigin';
60
71
  }
61
72
  declare function xFrameOptions(options?: Readonly<XFrameOptionsOptions>): HoaMiddleware;
62
-
73
+ //#endregion
74
+ //#region src/xPermittedCrossDomainPolicies.d.ts
63
75
  interface XPermittedCrossDomainPoliciesOptions {
64
- permittedPolicies?: 'none' | 'master-only' | 'by-content-type' | 'all';
76
+ permittedPolicies?: 'none' | 'master-only' | 'by-content-type' | 'all';
65
77
  }
66
78
  declare function xPermittedCrossDomainPolicies(options?: Readonly<XPermittedCrossDomainPoliciesOptions>): HoaMiddleware;
67
-
79
+ //#endregion
80
+ //#region src/xXssProtection.d.ts
68
81
  declare function xXssProtection(): HoaMiddleware;
69
-
82
+ //#endregion
83
+ //#region src/permissionPolicy.d.ts
70
84
  type PermissionsPolicyDirective = StandardizedFeatures | ProposedFeatures | ExperimentalFeatures;
71
85
  /**
72
86
  * These features have been declared in a published version of the respective specification.
@@ -83,88 +97,89 @@ type ExperimentalFeatures = 'allScreensCapture' | 'browsingTopics' | 'capturedSu
83
97
  type PermissionsPolicyValue = '*' | 'self' | 'src' | 'none' | string;
84
98
  type PermissionPolicyOptions = Partial<Record<PermissionsPolicyDirective, PermissionsPolicyValue[] | boolean>>;
85
99
  declare function permissionPolicy(options?: PermissionPolicyOptions): HoaMiddleware;
86
-
100
+ //#endregion
101
+ //#region src/index.d.ts
87
102
  type SecureHeadersOptions = {
88
- contentSecurityPolicy?: ContentSecurityPolicyOptions | boolean;
89
- crossOriginEmbedderPolicy?: CrossOriginEmbedderPolicyOptions | boolean;
90
- crossOriginOpenerPolicy?: CrossOriginOpenerPolicyOptions | boolean;
91
- crossOriginResourcePolicy?: CrossOriginResourcePolicyOptions | boolean;
92
- originAgentCluster?: boolean;
93
- referrerPolicy?: ReferrerPolicyOptions | boolean;
94
- permissionPolicy?: PermissionPolicyOptions;
103
+ contentSecurityPolicy?: ContentSecurityPolicyOptions | boolean;
104
+ crossOriginEmbedderPolicy?: CrossOriginEmbedderPolicyOptions | boolean;
105
+ crossOriginOpenerPolicy?: CrossOriginOpenerPolicyOptions | boolean;
106
+ crossOriginResourcePolicy?: CrossOriginResourcePolicyOptions | boolean;
107
+ originAgentCluster?: boolean;
108
+ referrerPolicy?: ReferrerPolicyOptions | boolean;
109
+ permissionPolicy?: PermissionPolicyOptions;
95
110
  } & ({
96
- strictTransportSecurity?: StrictTransportSecurityOptions | boolean;
97
- hsts?: never;
111
+ strictTransportSecurity?: StrictTransportSecurityOptions | boolean;
112
+ hsts?: never;
98
113
  } | {
99
- hsts?: StrictTransportSecurityOptions | boolean;
100
- strictTransportSecurity?: never;
114
+ hsts?: StrictTransportSecurityOptions | boolean;
115
+ strictTransportSecurity?: never;
101
116
  }) & ({
102
- xContentTypeOptions?: boolean;
103
- noSniff?: never;
117
+ xContentTypeOptions?: boolean;
118
+ noSniff?: never;
104
119
  } | {
105
- noSniff?: boolean;
106
- xContentTypeOptions?: never;
120
+ noSniff?: boolean;
121
+ xContentTypeOptions?: never;
107
122
  }) & ({
108
- xDnsPrefetchControl?: XDnsPrefetchControlOptions | boolean;
109
- dnsPrefetchControl?: never;
123
+ xDnsPrefetchControl?: XDnsPrefetchControlOptions | boolean;
124
+ dnsPrefetchControl?: never;
110
125
  } | {
111
- dnsPrefetchControl?: XDnsPrefetchControlOptions | boolean;
112
- xDnsPrefetchControl?: never;
126
+ dnsPrefetchControl?: XDnsPrefetchControlOptions | boolean;
127
+ xDnsPrefetchControl?: never;
113
128
  }) & ({
114
- xDownloadOptions?: boolean;
115
- ieNoOpen?: never;
129
+ xDownloadOptions?: boolean;
130
+ ieNoOpen?: never;
116
131
  } | {
117
- ieNoOpen?: boolean;
118
- xDownloadOptions?: never;
132
+ ieNoOpen?: boolean;
133
+ xDownloadOptions?: never;
119
134
  }) & ({
120
- xFrameOptions?: XFrameOptionsOptions | boolean;
121
- frameguard?: never;
135
+ xFrameOptions?: XFrameOptionsOptions | boolean;
136
+ frameguard?: never;
122
137
  } | {
123
- frameguard?: XFrameOptionsOptions | boolean;
124
- xFrameOptions?: never;
138
+ frameguard?: XFrameOptionsOptions | boolean;
139
+ xFrameOptions?: never;
125
140
  }) & ({
126
- xPermittedCrossDomainPolicies?: XPermittedCrossDomainPoliciesOptions | boolean;
127
- permittedCrossDomainPolicies?: never;
141
+ xPermittedCrossDomainPolicies?: XPermittedCrossDomainPoliciesOptions | boolean;
142
+ permittedCrossDomainPolicies?: never;
128
143
  } | {
129
- permittedCrossDomainPolicies?: XPermittedCrossDomainPoliciesOptions | boolean;
130
- xPermittedCrossDomainPolicies?: never;
144
+ permittedCrossDomainPolicies?: XPermittedCrossDomainPoliciesOptions | boolean;
145
+ xPermittedCrossDomainPolicies?: never;
131
146
  }) & ({
132
- xPoweredBy?: boolean;
133
- hidePoweredBy?: never;
147
+ xPoweredBy?: boolean;
148
+ hidePoweredBy?: never;
134
149
  } | {
135
- hidePoweredBy?: boolean;
136
- xPoweredBy?: never;
150
+ hidePoweredBy?: boolean;
151
+ xPoweredBy?: never;
137
152
  }) & ({
138
- xXssProtection?: boolean;
139
- xssFilter?: never;
153
+ xXssProtection?: boolean;
154
+ xssFilter?: never;
140
155
  } | {
141
- xssFilter?: boolean;
142
- xXssProtection?: never;
156
+ xssFilter?: boolean;
157
+ xXssProtection?: never;
143
158
  });
144
159
  interface SecureHeaders {
145
- (options?: SecureHeadersOptions): HoaMiddleware;
146
- contentSecurityPolicy: typeof contentSecurityPolicy;
147
- crossOriginEmbedderPolicy: typeof crossOriginEmbedderPolicy;
148
- crossOriginOpenerPolicy: typeof crossOriginOpenerPolicy;
149
- crossOriginResourcePolicy: typeof crossOriginResourcePolicy;
150
- originAgentCluster: typeof originAgentCluster;
151
- referrerPolicy: typeof referrerPolicy;
152
- strictTransportSecurity: typeof strictTransportSecurity;
153
- xContentTypeOptions: typeof xContentTypeOptions;
154
- xDnsPrefetchControl: typeof xDnsPrefetchControl;
155
- xDownloadOptions: typeof xDownloadOptions;
156
- xFrameOptions: typeof xFrameOptions;
157
- xPermittedCrossDomainPolicies: typeof xPermittedCrossDomainPolicies;
158
- xXssProtection: typeof xXssProtection;
159
- permissionPolicy: typeof permissionPolicy;
160
- dnsPrefetchControl: typeof xDnsPrefetchControl;
161
- frameguard: typeof xFrameOptions;
162
- hsts: typeof strictTransportSecurity;
163
- ieNoOpen: typeof xDownloadOptions;
164
- noSniff: typeof xContentTypeOptions;
165
- permittedCrossDomainPolicies: typeof xPermittedCrossDomainPolicies;
166
- xssFilter: typeof xXssProtection;
160
+ (options?: SecureHeadersOptions): HoaMiddleware;
161
+ contentSecurityPolicy: typeof contentSecurityPolicy;
162
+ crossOriginEmbedderPolicy: typeof crossOriginEmbedderPolicy;
163
+ crossOriginOpenerPolicy: typeof crossOriginOpenerPolicy;
164
+ crossOriginResourcePolicy: typeof crossOriginResourcePolicy;
165
+ originAgentCluster: typeof originAgentCluster;
166
+ referrerPolicy: typeof referrerPolicy;
167
+ strictTransportSecurity: typeof strictTransportSecurity;
168
+ xContentTypeOptions: typeof xContentTypeOptions;
169
+ xDnsPrefetchControl: typeof xDnsPrefetchControl;
170
+ xDownloadOptions: typeof xDownloadOptions;
171
+ xFrameOptions: typeof xFrameOptions;
172
+ xPermittedCrossDomainPolicies: typeof xPermittedCrossDomainPolicies;
173
+ xXssProtection: typeof xXssProtection;
174
+ permissionPolicy: typeof permissionPolicy;
175
+ dnsPrefetchControl: typeof xDnsPrefetchControl;
176
+ frameguard: typeof xFrameOptions;
177
+ hsts: typeof strictTransportSecurity;
178
+ ieNoOpen: typeof xDownloadOptions;
179
+ noSniff: typeof xContentTypeOptions;
180
+ permittedCrossDomainPolicies: typeof xPermittedCrossDomainPolicies;
181
+ xssFilter: typeof xXssProtection;
167
182
  }
168
183
  declare const secureHeaders: SecureHeaders;
169
-
170
- export { type SecureHeadersOptions, contentSecurityPolicy, crossOriginEmbedderPolicy, crossOriginOpenerPolicy, crossOriginResourcePolicy, secureHeaders as default, xDnsPrefetchControl as dnsPrefetchControl, xFrameOptions as frameguard, strictTransportSecurity as hsts, xDownloadOptions as ieNoOpen, xContentTypeOptions as noSniff, originAgentCluster, permissionPolicy, xPermittedCrossDomainPolicies as permittedCrossDomainPolicies, referrerPolicy, secureHeaders, strictTransportSecurity, xContentTypeOptions, xDnsPrefetchControl, xDownloadOptions, xFrameOptions, xPermittedCrossDomainPolicies, xXssProtection, xXssProtection as xssFilter };
184
+ //#endregion
185
+ export { SecureHeadersOptions, contentSecurityPolicy, crossOriginEmbedderPolicy, crossOriginOpenerPolicy, crossOriginResourcePolicy, secureHeaders as default, secureHeaders, xDnsPrefetchControl as dnsPrefetchControl, xDnsPrefetchControl, xFrameOptions as frameguard, xFrameOptions, strictTransportSecurity as hsts, strictTransportSecurity, xDownloadOptions as ieNoOpen, xDownloadOptions, xContentTypeOptions as noSniff, xContentTypeOptions, originAgentCluster, permissionPolicy, xPermittedCrossDomainPolicies as permittedCrossDomainPolicies, xPermittedCrossDomainPolicies, referrerPolicy, xXssProtection, xXssProtection as xssFilter };
package/dist/esm/index.d.mts ADDED
@@ -0,0 +1,185 @@
1
+ import { HoaContext, HoaMiddleware } from "hoa";
2
+
3
+ //#region src/contentSecurityPolicy.d.ts
4
+ type ContentSecurityPolicyDirectiveValueFunction = (ctx: HoaContext) => string;
5
+ type ContentSecurityPolicyDirectiveValue = string | ContentSecurityPolicyDirectiveValueFunction;
6
+ interface ContentSecurityPolicyOptions {
7
+ useDefaults?: boolean;
8
+ directives?: Record<string, null | Iterable<ContentSecurityPolicyDirectiveValue> | typeof dangerouslyDisableDefaultSrc>;
9
+ reportOnly?: boolean;
10
+ }
11
+ interface ContentSecurityPolicy {
12
+ (options?: Readonly<ContentSecurityPolicyOptions>): HoaMiddleware;
13
+ getDefaultDirectives: typeof getDefaultDirectives;
14
+ dangerouslyDisableDefaultSrc: typeof dangerouslyDisableDefaultSrc;
15
+ }
16
+ declare const dangerouslyDisableDefaultSrc: unique symbol;
17
+ declare const getDefaultDirectives: () => Record<string, Iterable<ContentSecurityPolicyDirectiveValue>>;
18
+ declare const contentSecurityPolicy: ContentSecurityPolicy;
19
+ //#endregion
20
+ //#region src/crossOriginEmbedderPolicy.d.ts
21
+ interface CrossOriginEmbedderPolicyOptions {
22
+ policy?: 'require-corp' | 'credentialless' | 'unsafe-none';
23
+ }
24
+ declare function crossOriginEmbedderPolicy(options?: Readonly<CrossOriginEmbedderPolicyOptions>): HoaMiddleware;
25
+ //#endregion
26
+ //#region src/crossOriginOpenerPolicy.d.ts
27
+ interface CrossOriginOpenerPolicyOptions {
28
+ policy?: 'same-origin' | 'same-origin-allow-popups' | 'unsafe-none';
29
+ }
30
+ declare function crossOriginOpenerPolicy(options?: Readonly<CrossOriginOpenerPolicyOptions>): HoaMiddleware;
31
+ //#endregion
32
+ //#region src/crossOriginResourcePolicy.d.ts
33
+ interface CrossOriginResourcePolicyOptions {
34
+ policy?: 'same-origin' | 'same-site' | 'cross-origin';
35
+ }
36
+ declare function crossOriginResourcePolicy(options?: Readonly<CrossOriginResourcePolicyOptions>): HoaMiddleware;
37
+ //#endregion
38
+ //#region src/originAgentCluster.d.ts
39
+ declare function originAgentCluster(): HoaMiddleware;
40
+ //#endregion
41
+ //#region src/referrerPolicy.d.ts
42
+ type ReferrerPolicyToken = 'no-referrer' | 'no-referrer-when-downgrade' | 'same-origin' | 'origin' | 'strict-origin' | 'origin-when-cross-origin' | 'strict-origin-when-cross-origin' | 'unsafe-url' | '';
43
+ interface ReferrerPolicyOptions {
44
+ policy?: ReferrerPolicyToken | ReferrerPolicyToken[];
45
+ }
46
+ declare function referrerPolicy(options?: Readonly<ReferrerPolicyOptions>): HoaMiddleware;
47
+ //#endregion
48
+ //#region src/strictTransportSecurity.d.ts
49
+ interface StrictTransportSecurityOptions {
50
+ maxAge?: number;
51
+ includeSubDomains?: boolean;
52
+ preload?: boolean;
53
+ }
54
+ declare function strictTransportSecurity(options?: Readonly<StrictTransportSecurityOptions>): HoaMiddleware;
55
+ //#endregion
56
+ //#region src/xContentTypeOptions.d.ts
57
+ declare function xContentTypeOptions(): HoaMiddleware;
58
+ //#endregion
59
+ //#region src/xDnsPrefetchControl.d.ts
60
+ interface XDnsPrefetchControlOptions {
61
+ allow?: boolean;
62
+ }
63
+ declare function xDnsPrefetchControl(options?: Readonly<XDnsPrefetchControlOptions>): HoaMiddleware;
64
+ //#endregion
65
+ //#region src/xDownloadOptions.d.ts
66
+ declare function xDownloadOptions(): HoaMiddleware;
67
+ //#endregion
68
+ //#region src/xFrameOptions.d.ts
69
+ interface XFrameOptionsOptions {
70
+ action?: 'deny' | 'sameorigin';
71
+ }
72
+ declare function xFrameOptions(options?: Readonly<XFrameOptionsOptions>): HoaMiddleware;
73
+ //#endregion
74
+ //#region src/xPermittedCrossDomainPolicies.d.ts
75
+ interface XPermittedCrossDomainPoliciesOptions {
76
+ permittedPolicies?: 'none' | 'master-only' | 'by-content-type' | 'all';
77
+ }
78
+ declare function xPermittedCrossDomainPolicies(options?: Readonly<XPermittedCrossDomainPoliciesOptions>): HoaMiddleware;
79
+ //#endregion
80
+ //#region src/xXssProtection.d.ts
81
+ declare function xXssProtection(): HoaMiddleware;
82
+ //#endregion
83
+ //#region src/permissionPolicy.d.ts
84
+ type PermissionsPolicyDirective = StandardizedFeatures | ProposedFeatures | ExperimentalFeatures;
85
+ /**
86
+ * These features have been declared in a published version of the respective specification.
87
+ */
88
+ type StandardizedFeatures = 'accelerometer' | 'ambientLightSensor' | 'attributionReporting' | 'autoplay' | 'battery' | 'bluetooth' | 'camera' | 'chUa' | 'chUaArch' | 'chUaBitness' | 'chUaFullVersion' | 'chUaFullVersionList' | 'chUaMobile' | 'chUaModel' | 'chUaPlatform' | 'chUaPlatformVersion' | 'chUaWow64' | 'computePressure' | 'crossOriginIsolated' | 'directSockets' | 'displayCapture' | 'encryptedMedia' | 'executionWhileNotRendered' | 'executionWhileOutOfViewport' | 'fullscreen' | 'geolocation' | 'gyroscope' | 'hid' | 'identityCredentialsGet' | 'idleDetection' | 'keyboardMap' | 'magnetometer' | 'microphone' | 'midi' | 'navigationOverride' | 'payment' | 'pictureInPicture' | 'publickeyCredentialsGet' | 'screenWakeLock' | 'serial' | 'storageAccess' | 'syncXhr' | 'usb' | 'webShare' | 'windowManagement' | 'xrSpatialTracking';
89
+ /**
90
+ * These features have been proposed, but the definitions have not yet been integrated into their respective specs.
91
+ */
92
+ type ProposedFeatures = 'clipboardRead' | 'clipboardWrite' | 'gamepad' | 'sharedAutofill' | 'speakerSelection';
93
+ /**
94
+ * These features generally have an explainer only but may be available for experimentation by web developers.
95
+ */
96
+ type ExperimentalFeatures = 'allScreensCapture' | 'browsingTopics' | 'capturedSurfaceControl' | 'conversionMeasurement' | 'digitalCredentialsGet' | 'focusWithoutUserActivation' | 'joinAdInterestGroup' | 'localFonts' | 'runAdAuction' | 'smartCard' | 'syncScript' | 'trustTokenRedemption' | 'unload' | 'verticalScroll';
97
+ type PermissionsPolicyValue = '*' | 'self' | 'src' | 'none' | string;
98
+ type PermissionPolicyOptions = Partial<Record<PermissionsPolicyDirective, PermissionsPolicyValue[] | boolean>>;
99
+ declare function permissionPolicy(options?: PermissionPolicyOptions): HoaMiddleware;
100
+ //#endregion
101
+ //#region src/index.d.ts
102
+ type SecureHeadersOptions = {
103
+ contentSecurityPolicy?: ContentSecurityPolicyOptions | boolean;
104
+ crossOriginEmbedderPolicy?: CrossOriginEmbedderPolicyOptions | boolean;
105
+ crossOriginOpenerPolicy?: CrossOriginOpenerPolicyOptions | boolean;
106
+ crossOriginResourcePolicy?: CrossOriginResourcePolicyOptions | boolean;
107
+ originAgentCluster?: boolean;
108
+ referrerPolicy?: ReferrerPolicyOptions | boolean;
109
+ permissionPolicy?: PermissionPolicyOptions;
110
+ } & ({
111
+ strictTransportSecurity?: StrictTransportSecurityOptions | boolean;
112
+ hsts?: never;
113
+ } | {
114
+ hsts?: StrictTransportSecurityOptions | boolean;
115
+ strictTransportSecurity?: never;
116
+ }) & ({
117
+ xContentTypeOptions?: boolean;
118
+ noSniff?: never;
119
+ } | {
120
+ noSniff?: boolean;
121
+ xContentTypeOptions?: never;
122
+ }) & ({
123
+ xDnsPrefetchControl?: XDnsPrefetchControlOptions | boolean;
124
+ dnsPrefetchControl?: never;
125
+ } | {
126
+ dnsPrefetchControl?: XDnsPrefetchControlOptions | boolean;
127
+ xDnsPrefetchControl?: never;
128
+ }) & ({
129
+ xDownloadOptions?: boolean;
130
+ ieNoOpen?: never;
131
+ } | {
132
+ ieNoOpen?: boolean;
133
+ xDownloadOptions?: never;
134
+ }) & ({
135
+ xFrameOptions?: XFrameOptionsOptions | boolean;
136
+ frameguard?: never;
137
+ } | {
138
+ frameguard?: XFrameOptionsOptions | boolean;
139
+ xFrameOptions?: never;
140
+ }) & ({
141
+ xPermittedCrossDomainPolicies?: XPermittedCrossDomainPoliciesOptions | boolean;
142
+ permittedCrossDomainPolicies?: never;
143
+ } | {
144
+ permittedCrossDomainPolicies?: XPermittedCrossDomainPoliciesOptions | boolean;
145
+ xPermittedCrossDomainPolicies?: never;
146
+ }) & ({
147
+ xPoweredBy?: boolean;
148
+ hidePoweredBy?: never;
149
+ } | {
150
+ hidePoweredBy?: boolean;
151
+ xPoweredBy?: never;
152
+ }) & ({
153
+ xXssProtection?: boolean;
154
+ xssFilter?: never;
155
+ } | {
156
+ xssFilter?: boolean;
157
+ xXssProtection?: never;
158
+ });
159
+ interface SecureHeaders {
160
+ (options?: SecureHeadersOptions): HoaMiddleware;
161
+ contentSecurityPolicy: typeof contentSecurityPolicy;
162
+ crossOriginEmbedderPolicy: typeof crossOriginEmbedderPolicy;
163
+ crossOriginOpenerPolicy: typeof crossOriginOpenerPolicy;
164
+ crossOriginResourcePolicy: typeof crossOriginResourcePolicy;
165
+ originAgentCluster: typeof originAgentCluster;
166
+ referrerPolicy: typeof referrerPolicy;
167
+ strictTransportSecurity: typeof strictTransportSecurity;
168
+ xContentTypeOptions: typeof xContentTypeOptions;
169
+ xDnsPrefetchControl: typeof xDnsPrefetchControl;
170
+ xDownloadOptions: typeof xDownloadOptions;
171
+ xFrameOptions: typeof xFrameOptions;
172
+ xPermittedCrossDomainPolicies: typeof xPermittedCrossDomainPolicies;
173
+ xXssProtection: typeof xXssProtection;
174
+ permissionPolicy: typeof permissionPolicy;
175
+ dnsPrefetchControl: typeof xDnsPrefetchControl;
176
+ frameguard: typeof xFrameOptions;
177
+ hsts: typeof strictTransportSecurity;
178
+ ieNoOpen: typeof xDownloadOptions;
179
+ noSniff: typeof xContentTypeOptions;
180
+ permittedCrossDomainPolicies: typeof xPermittedCrossDomainPolicies;
181
+ xssFilter: typeof xXssProtection;
182
+ }
183
+ declare const secureHeaders: SecureHeaders;
184
+ //#endregion
185
+ export { SecureHeadersOptions, contentSecurityPolicy, crossOriginEmbedderPolicy, crossOriginOpenerPolicy, crossOriginResourcePolicy, secureHeaders as default, secureHeaders, xDnsPrefetchControl as dnsPrefetchControl, xDnsPrefetchControl, xFrameOptions as frameguard, xFrameOptions, strictTransportSecurity as hsts, strictTransportSecurity, xDownloadOptions as ieNoOpen, xDownloadOptions, xContentTypeOptions as noSniff, xContentTypeOptions, originAgentCluster, permissionPolicy, xPermittedCrossDomainPolicies as permittedCrossDomainPolicies, xPermittedCrossDomainPolicies, referrerPolicy, xXssProtection, xXssProtection as xssFilter };