@lwrjs/security 0.13.0-alpha.6 → 0.13.0-alpha.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/build/cjs/headers.cjs +4 -1
  2. package/build/es/headers.js +5 -1
  3. package/package.json +4 -4
package/build/cjs/headers.cjs CHANGED
@@ -67,6 +67,9 @@ async function getResourceHashes(viewResponse) {
67
67
  const {viewDefinition} = viewResponse.metadata;
68
68
  const resources = getResources(viewDefinition);
69
69
  const hashes = await hashResources(resources);
70
+ if (viewDefinition.nonce) {
71
+ hashes.push(`'nonce-${viewDefinition.nonce}'`);
72
+ }
70
73
  return hashes;
71
74
  }
72
75
  function normalizeHeaders(headers = {}) {
@@ -85,7 +88,7 @@ async function resolveHeaders(viewResponse, options) {
85
88
  const headers = normalizeHeaders(viewResponse.headers);
86
89
  if (options.contentSecurityPolicy === void 0 || typeof options.contentSecurityPolicy === "object") {
87
90
  const headerName = options.contentSecurityPolicy?.reportOnly ? "content-security-policy-report-only" : "content-security-policy";
88
- let hashes;
91
+ let hashes = [];
89
92
  if (options.contentSecurityPolicy?.resourceHashing === void 0) {
90
93
  hashes = await getResourceHashes(viewResponse);
91
94
  }
package/build/es/headers.js CHANGED
@@ -41,6 +41,10 @@ async function getResourceHashes(viewResponse) {
41
41
  const { viewDefinition } = viewResponse.metadata;
42
42
  const resources = getResources(viewDefinition);
43
43
  const hashes = await hashResources(resources);
44
+ // Add nonce hash
45
+ if (viewDefinition.nonce) {
46
+ hashes.push(`'nonce-${viewDefinition.nonce}'`);
47
+ }
44
48
  return hashes;
45
49
  }
46
50
  function normalizeHeaders(headers = {}) {
@@ -62,7 +66,7 @@ export async function resolveHeaders(viewResponse, options) {
62
66
  const headerName = options.contentSecurityPolicy?.reportOnly
63
67
  ? 'content-security-policy-report-only'
64
68
  : 'content-security-policy';
65
- let hashes;
69
+ let hashes = [];
66
70
  if (options.contentSecurityPolicy?.resourceHashing === undefined) {
67
71
  hashes = await getResourceHashes(viewResponse);
68
72
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@lwrjs/security",
3
- "version": "0.13.0-alpha.6",
3
+ "version": "0.13.0-alpha.7",
4
4
  "license": "MIT",
5
5
  "type": "module",
6
6
  "types": "build/es/index.d.ts",
@@ -29,13 +29,13 @@
29
29
  "build/**/*.d.ts"
30
30
  ],
31
31
  "dependencies": {
32
- "@lwrjs/shared-utils": "0.13.0-alpha.6"
32
+ "@lwrjs/shared-utils": "0.13.0-alpha.7"
33
33
  },
34
34
  "devDependencies": {
35
- "@lwrjs/types": "0.13.0-alpha.6"
35
+ "@lwrjs/types": "0.13.0-alpha.7"
36
36
  },
37
37
  "engines": {
38
38
  "node": ">=18.0.0"
39
39
  },
40
- "gitHead": "88d503249ff6b135416208763fae8a33b5e874de"
40
+ "gitHead": "4b77dea6ac8d473a4113ad7b345b3a37b0b8a3f8"
41
41
  }