@netlify/plugin-csp-nonce 1.2.2 → 1.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +4 -3
- package/src/__csp-nonce.ts +10 -11
- package/src/__csp-violations.ts +1 -0
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"private": false,
|
|
3
3
|
"name": "@netlify/plugin-csp-nonce",
|
|
4
|
-
"version": "1.2.
|
|
4
|
+
"version": "1.2.4",
|
|
5
5
|
"description": "Use a nonce for the script-src and style-src directives of your Content Security Policy.",
|
|
6
6
|
"main": "index.js",
|
|
7
7
|
"repository": {
|
|
@@ -17,13 +17,14 @@
|
|
|
17
17
|
"src/*"
|
|
18
18
|
],
|
|
19
19
|
"devDependencies": {
|
|
20
|
-
"prettier": "^2.8.8"
|
|
20
|
+
"prettier": "^2.8.8",
|
|
21
|
+
"typescript": "^5.2.2"
|
|
21
22
|
},
|
|
22
23
|
"bugs": {
|
|
23
24
|
"url": "https://github.com/netlify/plugin-csp-nonce/issues"
|
|
24
25
|
},
|
|
25
26
|
"homepage": "https://github.com/netlify/plugin-csp-nonce#readme",
|
|
26
27
|
"scripts": {
|
|
27
|
-
"
|
|
28
|
+
"build": "tsc src/*.ts --noEmit --strict --lib es2018,dom"
|
|
28
29
|
}
|
|
29
30
|
}
|
package/src/__csp-nonce.ts
CHANGED
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
/* eslint-disable */
|
|
2
|
-
// @ts-
|
|
2
|
+
// @ts-ignore
|
|
3
3
|
import type { Config, Context } from "netlify:edge";
|
|
4
|
-
// @ts-
|
|
4
|
+
// @ts-ignore
|
|
5
5
|
import { randomBytes } from "node:crypto";
|
|
6
|
-
// @ts-
|
|
6
|
+
// @ts-ignore
|
|
7
7
|
import { HTMLRewriter } from "https://ghuc.cc/worker-tools/html-rewriter@0.1.0-pre.17/index.ts";
|
|
8
8
|
|
|
9
|
+
// @ts-ignore
|
|
9
10
|
import inputs from "./__csp-nonce-inputs.json" assert { type: "json" };
|
|
10
11
|
|
|
11
12
|
type Params = {
|
|
@@ -43,7 +44,7 @@ const handler = async (request: Request, context: Context) => {
|
|
|
43
44
|
|
|
44
45
|
// CSP_NONCE_DISTRIBUTION is a number from 0 to 1,
|
|
45
46
|
// but 0 to 100 is also supported, along with a trailing %
|
|
46
|
-
// @ts-
|
|
47
|
+
// @ts-ignore
|
|
47
48
|
const distribution = Netlify.env.get("CSP_NONCE_DISTRIBUTION");
|
|
48
49
|
if (!!distribution) {
|
|
49
50
|
const threshold =
|
|
@@ -82,7 +83,7 @@ const handler = async (request: Request, context: Context) => {
|
|
|
82
83
|
params.reportUri || "/.netlify/functions/__csp-violations"
|
|
83
84
|
}`;
|
|
84
85
|
|
|
85
|
-
const csp = response.headers.get(header);
|
|
86
|
+
const csp = response.headers.get(header) as string;
|
|
86
87
|
if (csp) {
|
|
87
88
|
const directives = csp
|
|
88
89
|
.split(";")
|
|
@@ -113,7 +114,7 @@ const handler = async (request: Request, context: Context) => {
|
|
|
113
114
|
|
|
114
115
|
return new HTMLRewriter()
|
|
115
116
|
.on("script", {
|
|
116
|
-
element(element) {
|
|
117
|
+
element(element: HTMLElement) {
|
|
117
118
|
element.setAttribute("nonce", nonce);
|
|
118
119
|
},
|
|
119
120
|
})
|
|
@@ -174,11 +175,9 @@ const excludedExtensions = [
|
|
|
174
175
|
|
|
175
176
|
export const config: Config = {
|
|
176
177
|
path: params.path,
|
|
177
|
-
excludedPath: [
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
`**/*.(${excludedExtensions.join("|")})`,
|
|
181
|
-
],
|
|
178
|
+
excludedPath: ["/.netlify/*", `**/*.(${excludedExtensions.join("|")})`]
|
|
179
|
+
.concat(params.excludedPath)
|
|
180
|
+
.filter(Boolean),
|
|
182
181
|
handler,
|
|
183
182
|
onError: "bypass",
|
|
184
183
|
};
|