@magicdima/vite-plugin-csp 0.1.2 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +32 -0
- package/dist/index.js +70 -0
- package/package.json +5 -1
- package/src/index.ts +0 -121
- package/tsconfig.json +0 -16
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
import type { Plugin, ResolvedConfig } from "vite";
|
|
2
|
+
export type CSPDirectiveValue = string | string[];
|
|
3
|
+
export interface CSPDirectives {
|
|
4
|
+
"default-src"?: CSPDirectiveValue;
|
|
5
|
+
"script-src"?: CSPDirectiveValue;
|
|
6
|
+
"style-src"?: CSPDirectiveValue;
|
|
7
|
+
"img-src"?: CSPDirectiveValue;
|
|
8
|
+
"font-src"?: CSPDirectiveValue;
|
|
9
|
+
"connect-src"?: CSPDirectiveValue;
|
|
10
|
+
"media-src"?: CSPDirectiveValue;
|
|
11
|
+
"object-src"?: CSPDirectiveValue;
|
|
12
|
+
"frame-src"?: CSPDirectiveValue;
|
|
13
|
+
"worker-src"?: CSPDirectiveValue;
|
|
14
|
+
"manifest-src"?: CSPDirectiveValue;
|
|
15
|
+
"form-action"?: CSPDirectiveValue;
|
|
16
|
+
}
|
|
17
|
+
export interface CSPPluginOptions {
|
|
18
|
+
/**
|
|
19
|
+
* CSP directives to apply. Can be an object or a function that receives the Vite config.
|
|
20
|
+
*/
|
|
21
|
+
directives?: CSPDirectives | ((config: ResolvedConfig) => CSPDirectives);
|
|
22
|
+
/**
|
|
23
|
+
* Whether to include CSP
|
|
24
|
+
* @default true
|
|
25
|
+
*/
|
|
26
|
+
enabled?: boolean;
|
|
27
|
+
/**
|
|
28
|
+
* Additional CSP policy string to append
|
|
29
|
+
*/
|
|
30
|
+
policy?: string;
|
|
31
|
+
}
|
|
32
|
+
export default function cspPlugin(options?: CSPPluginOptions): Plugin;
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.default = cspPlugin;
|
|
4
|
+
const defaultDirectives = {
|
|
5
|
+
"default-src": "'self'",
|
|
6
|
+
"script-src": ["'self'"],
|
|
7
|
+
"style-src": ["'self'"],
|
|
8
|
+
"img-src": ["'self'", "data:"],
|
|
9
|
+
"font-src": "'self'",
|
|
10
|
+
"connect-src": "'self'",
|
|
11
|
+
"media-src": "'self'",
|
|
12
|
+
"object-src": "'none'",
|
|
13
|
+
"frame-src": "'none'",
|
|
14
|
+
"worker-src": "'self'",
|
|
15
|
+
"manifest-src": "'self'",
|
|
16
|
+
"form-action": "'self'",
|
|
17
|
+
};
|
|
18
|
+
function buildCSPHeader(directives) {
|
|
19
|
+
const policies = [];
|
|
20
|
+
for (const [directive, value] of Object.entries(directives)) {
|
|
21
|
+
if (value === true) {
|
|
22
|
+
policies.push(directive);
|
|
23
|
+
}
|
|
24
|
+
else if (value === false) {
|
|
25
|
+
// Skip false values
|
|
26
|
+
}
|
|
27
|
+
else if (typeof value === "string") {
|
|
28
|
+
policies.push(`${directive} ${value}`);
|
|
29
|
+
}
|
|
30
|
+
else if (Array.isArray(value)) {
|
|
31
|
+
policies.push(`${directive} ${value.join(" ")}`);
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
return policies.join("; ");
|
|
35
|
+
}
|
|
36
|
+
function cspPlugin(options = {}) {
|
|
37
|
+
const { directives = {}, enabled: includeCsp = true, policy: additionalPolicy, } = options;
|
|
38
|
+
let resolvedDirectives;
|
|
39
|
+
return {
|
|
40
|
+
name: "vite-csp-plugin",
|
|
41
|
+
configResolved(resolvedConfig) {
|
|
42
|
+
// Resolve directives (either function or object)
|
|
43
|
+
const userDirectives = typeof directives === "function"
|
|
44
|
+
? directives(resolvedConfig)
|
|
45
|
+
: directives;
|
|
46
|
+
// Merge default directives with user directives
|
|
47
|
+
resolvedDirectives = { ...defaultDirectives, ...userDirectives };
|
|
48
|
+
},
|
|
49
|
+
// configureServer(server) {
|
|
50
|
+
// if (includeDev) {
|
|
51
|
+
// const cspPolicy = buildCSPHeader(resolvedDirectives) +
|
|
52
|
+
// (additionalPolicy ? `; ${additionalPolicy}` : '')
|
|
53
|
+
// server.middlewares.use((_req, res, next) => {
|
|
54
|
+
// res.setHeader('Content-Security-Policy', cspPolicy)
|
|
55
|
+
// next()
|
|
56
|
+
// })
|
|
57
|
+
// }
|
|
58
|
+
// },
|
|
59
|
+
transformIndexHtml(html) {
|
|
60
|
+
if (!includeCsp) {
|
|
61
|
+
return html;
|
|
62
|
+
}
|
|
63
|
+
const cspPolicy = buildCSPHeader(resolvedDirectives) +
|
|
64
|
+
(additionalPolicy ? `; ${additionalPolicy}` : "");
|
|
65
|
+
const cspMetaTag = `<meta http-equiv="Content-Security-Policy" content="${cspPolicy}" />`;
|
|
66
|
+
// Insert the CSP meta tag at the beginning of the head
|
|
67
|
+
return html.replace(/<head>/, `<head>\n ${cspMetaTag}`);
|
|
68
|
+
},
|
|
69
|
+
};
|
|
70
|
+
}
|
package/package.json
CHANGED
package/src/index.ts
DELETED
|
@@ -1,121 +0,0 @@
|
|
|
1
|
-
import type { Plugin, ResolvedConfig } from "vite";
|
|
2
|
-
|
|
3
|
-
export type CSPDirectiveValue = string | string[];
|
|
4
|
-
|
|
5
|
-
export interface CSPDirectives {
|
|
6
|
-
"default-src"?: CSPDirectiveValue;
|
|
7
|
-
"script-src"?: CSPDirectiveValue;
|
|
8
|
-
"style-src"?: CSPDirectiveValue;
|
|
9
|
-
"img-src"?: CSPDirectiveValue;
|
|
10
|
-
"font-src"?: CSPDirectiveValue;
|
|
11
|
-
"connect-src"?: CSPDirectiveValue;
|
|
12
|
-
"media-src"?: CSPDirectiveValue;
|
|
13
|
-
"object-src"?: CSPDirectiveValue;
|
|
14
|
-
"frame-src"?: CSPDirectiveValue;
|
|
15
|
-
"worker-src"?: CSPDirectiveValue;
|
|
16
|
-
"manifest-src"?: CSPDirectiveValue;
|
|
17
|
-
"form-action"?: CSPDirectiveValue;
|
|
18
|
-
}
|
|
19
|
-
|
|
20
|
-
export interface CSPPluginOptions {
|
|
21
|
-
/**
|
|
22
|
-
* CSP directives to apply. Can be an object or a function that receives the Vite config.
|
|
23
|
-
*/
|
|
24
|
-
directives?: CSPDirectives | ((config: ResolvedConfig) => CSPDirectives);
|
|
25
|
-
|
|
26
|
-
/**
|
|
27
|
-
* Whether to include CSP
|
|
28
|
-
* @default true
|
|
29
|
-
*/
|
|
30
|
-
enabled?: boolean;
|
|
31
|
-
|
|
32
|
-
/**
|
|
33
|
-
* Additional CSP policy string to append
|
|
34
|
-
*/
|
|
35
|
-
policy?: string;
|
|
36
|
-
}
|
|
37
|
-
|
|
38
|
-
const defaultDirectives: CSPDirectives = {
|
|
39
|
-
"default-src": "'self'",
|
|
40
|
-
"script-src": ["'self'"],
|
|
41
|
-
"style-src": ["'self'"],
|
|
42
|
-
"img-src": ["'self'", "data:"],
|
|
43
|
-
"font-src": "'self'",
|
|
44
|
-
"connect-src": "'self'",
|
|
45
|
-
"media-src": "'self'",
|
|
46
|
-
"object-src": "'none'",
|
|
47
|
-
"frame-src": "'none'",
|
|
48
|
-
"worker-src": "'self'",
|
|
49
|
-
"manifest-src": "'self'",
|
|
50
|
-
"form-action": "'self'",
|
|
51
|
-
};
|
|
52
|
-
|
|
53
|
-
function buildCSPHeader(directives: CSPDirectives): string {
|
|
54
|
-
const policies: string[] = [];
|
|
55
|
-
|
|
56
|
-
for (const [directive, value] of Object.entries(directives)) {
|
|
57
|
-
if (value === true) {
|
|
58
|
-
policies.push(directive);
|
|
59
|
-
} else if (value === false) {
|
|
60
|
-
// Skip false values
|
|
61
|
-
} else if (typeof value === "string") {
|
|
62
|
-
policies.push(`${directive} ${value}`);
|
|
63
|
-
} else if (Array.isArray(value)) {
|
|
64
|
-
policies.push(`${directive} ${value.join(" ")}`);
|
|
65
|
-
}
|
|
66
|
-
}
|
|
67
|
-
|
|
68
|
-
return policies.join("; ");
|
|
69
|
-
}
|
|
70
|
-
|
|
71
|
-
function cspPlugin(options: CSPPluginOptions = {}): Plugin {
|
|
72
|
-
const {
|
|
73
|
-
directives = {},
|
|
74
|
-
enabled: includeCsp = true,
|
|
75
|
-
policy: additionalPolicy,
|
|
76
|
-
} = options;
|
|
77
|
-
|
|
78
|
-
let resolvedDirectives: CSPDirectives;
|
|
79
|
-
|
|
80
|
-
return {
|
|
81
|
-
name: "vite-csp-plugin",
|
|
82
|
-
configResolved(resolvedConfig) {
|
|
83
|
-
// Resolve directives (either function or object)
|
|
84
|
-
const userDirectives =
|
|
85
|
-
typeof directives === "function"
|
|
86
|
-
? directives(resolvedConfig)
|
|
87
|
-
: directives;
|
|
88
|
-
|
|
89
|
-
// Merge default directives with user directives
|
|
90
|
-
resolvedDirectives = { ...defaultDirectives, ...userDirectives };
|
|
91
|
-
},
|
|
92
|
-
|
|
93
|
-
// configureServer(server) {
|
|
94
|
-
// if (includeDev) {
|
|
95
|
-
// const cspPolicy = buildCSPHeader(resolvedDirectives) +
|
|
96
|
-
// (additionalPolicy ? `; ${additionalPolicy}` : '')
|
|
97
|
-
// server.middlewares.use((_req, res, next) => {
|
|
98
|
-
// res.setHeader('Content-Security-Policy', cspPolicy)
|
|
99
|
-
// next()
|
|
100
|
-
// })
|
|
101
|
-
// }
|
|
102
|
-
// },
|
|
103
|
-
|
|
104
|
-
transformIndexHtml(html) {
|
|
105
|
-
if (!includeCsp) {
|
|
106
|
-
return html;
|
|
107
|
-
}
|
|
108
|
-
|
|
109
|
-
const cspPolicy =
|
|
110
|
-
buildCSPHeader(resolvedDirectives) +
|
|
111
|
-
(additionalPolicy ? `; ${additionalPolicy}` : "");
|
|
112
|
-
|
|
113
|
-
const cspMetaTag = `<meta http-equiv="Content-Security-Policy" content="${cspPolicy}" />`;
|
|
114
|
-
|
|
115
|
-
// Insert the CSP meta tag at the beginning of the head
|
|
116
|
-
return html.replace(/<head>/, `<head>\n ${cspMetaTag}`);
|
|
117
|
-
},
|
|
118
|
-
};
|
|
119
|
-
}
|
|
120
|
-
|
|
121
|
-
export default cspPlugin;
|
package/tsconfig.json
DELETED
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
{
|
|
2
|
-
"compilerOptions": {
|
|
3
|
-
"outDir": "dist",
|
|
4
|
-
"declaration": true,
|
|
5
|
-
"incremental": false,
|
|
6
|
-
"target": "ESNext",
|
|
7
|
-
"module": "NodeNext",
|
|
8
|
-
"moduleResolution": "nodenext",
|
|
9
|
-
"skipLibCheck": true,
|
|
10
|
-
"skipDefaultLibCheck": true,
|
|
11
|
-
"strictNullChecks": true, /* viem */
|
|
12
|
-
"types": []
|
|
13
|
-
},
|
|
14
|
-
"include": ["src"],
|
|
15
|
-
"exclude": ["node_modules", "dist"]
|
|
16
|
-
}
|