@ublitzjs/core 0.1.1 → 1.0.0

package/dist/types/index.d.ts

@@ -0,0 +1,249 @@
+import type { BaseHeaders, lowHeaders } from "./http-headers.js";
+import { Buffer } from "node:buffer";
+import { EventEmitter } from "tseep";
+import type { CompressOptions, WebSocket, HttpRequest as uwsHttpRequest, TemplatedApp, HttpResponse as uwsHttpResponse, RecognizedString, us_socket_context_t } from "uWebSockets.js";
+/**
+ * function to effortlessly mark response as aborted AND to attach an event emitter, so that you can easily scale the handler. If you don't need event emitter and only some res.aborted - set it by yourself (no overkill for the handler)
+ * @param res
+ */
+export declare function registerAbort(res: uwsHttpResponse): HttpResponse;
+/**
+ * An extended version of uWS.App . It provides you with several features:
+ * 1) plugin registration (just like in Fastify);
+ * 2) "ready" function and _startPromises array (use it to make your code more asynchronous and safe)
+ * 3) "route" function for more descriptive adn extensible way of registering handlers
+ * 4) "onError" function (mainly used by @ublitzjs/router)
+ */
+export interface Server extends TemplatedApp {
+    /**
+     * It is same as plugins in Fastify -> you register some functionality in separate function
+     * @param plugin
+     * @returns itself (for chaining methods)
+     */
+    register(plugin: (server: this) => void): this;
+    /** set global _errHandler (in fact it is used only by @ublitzjs/router) */
+    onError(fn: (error: Error, res: HttpResponse, data: any) => any): this;
+    _errHandler?(error: Error, res: HttpResponse, data: any): any;
+    /**some undocumented property in uWS - get it here */
+    addChildAppDescriptor(...any: any[]): this;
+    /**a function, which pushes promises to be awaited using "await server.ready()"*/
+    awaitLater(...promises: Promise<any>[]): void;
+    /**a function, which awaits all promises inside _startPromises array and then clears it*/
+    ready: () => Promise<any[]>;
+    /**
+     * simple array of promises. You can push several inside and await all of them using server.ready() method
+     */
+    _startPromises: Promise<any>[];
+    /**
+     * this function allows you to create new handlers but more dynamically than uWS. Best use case - development. By default, the first param you pass includes a method, path, and a controller. However you can configure it for additional properties, which can be consumed on startup by second param - plugins
+     * @example
+     * server.route<onlyHttpMethods, {deprecated:boolean}>({
+     *   method:"any",
+     *   path: "/",
+     *   controller(res){ res.end("hello") },
+     *   deprecated:true
+     * },
+     * [
+     *   (opts)=>{
+     *     if(opts.deprecated) console.error("DEPRECATION FOUND", opts.path)
+     *   }
+     * ])
+     */
+    route<T extends HttpMethods, obj extends object = {}>(opts: routeFNOpts<T> & obj, plugins?: ((param: typeof opts, server: this) => void)[]): this;
+    get(pattern: RecognizedString, handler: HttpControllerFn): this;
+    post(pattern: RecognizedString, handler: HttpControllerFn): this;
+    options(pattern: RecognizedString, handler: HttpControllerFn): this;
+    del(pattern: RecognizedString, handler: HttpControllerFn): this;
+    patch(pattern: RecognizedString, handler: HttpControllerFn): this;
+    put(pattern: RecognizedString, handler: HttpControllerFn): this;
+    head(pattern: RecognizedString, handler: HttpControllerFn): this;
+    connect(pattern: RecognizedString, handler: HttpControllerFn): this;
+    trace(pattern: RecognizedString, handler: HttpControllerFn): this;
+    any(pattern: RecognizedString, handler: HttpControllerFn): this;
+    ws<UserData>(pattern: RecognizedString, behavior: DocumentedWSBehavior<UserData>): this;
+}
+export type routeFNOpts<T extends HttpMethods> = {
+    method: T;
+    path: RecognizedString;
+    controller: T extends "ws" ? DocumentedWSBehavior<any> : HttpControllerFn;
+};
+/**
+ * Utility for making closures. Exists for organizing code and caching values in non-global scope.
+ * @param param
+ * @returns what you passed
+ */
+export declare var closure: <T>(param: () => T) => T;
+/**
+ * little more typed response which has:
+ * 1) "emitter", that comes from "tseep" package
+ * 2) "aborted" flag
+ * 3) "finished" flag
+ * 4) "collect" function, which comes from original uWS (and isn't documented), but the purpose remains unknown
+ * 5) "upgrade" function, though comes from original uWS, must not contain any names, which "DocumentedWS" has (or websocket object). ws.getUserData() return "ws" itself, so setting any data, which overlaps with already existing will impact your workflow. µBlitz.js doesn't add any lsp help here because it will brake "extends uwsHttpResponse" part.
+ */
+export interface HttpResponse<UserDataForWS = {}> extends uwsHttpResponse {
+    upgrade<UserData = UserDataForWS>(userData: UserData, secWebSocketKey: RecognizedString, secWebSocketProtocol: RecognizedString, secWebSocketExtensions: RecognizedString, context: us_socket_context_t): void;
+    /**
+     * This method actually exists in original uWebSockets.js, but is undocumented. I'll put it here for your IDE to be happy
+     */
+    collect: (...any: any[]) => any;
+    /**
+     * An event emitter, which lets you subscribe several listeners to "abort" event OR your own events, defined with Symbol().
+     */
+    emitter: EventEmitter<{
+        abort: () => void;
+        [k: symbol]: (...any: any[]) => void;
+    }>;
+    /**
+     * changes when res.onAborted fires.
+     */
+    aborted?: boolean;
+    /**
+     * You should set it manually when ending the response. Particularly useful if some error has fired and you are doubting whether res.aborted is a sufficient flag.
+     */
+    finished?: boolean;
+}
+/**This HttpRequest is same as original uWS.HttpRequest, but getHeader method is typed for additional tips
+ * @example
+ * import {lowHeaders} from "@ublitzjs/core"
+ * // some handler later
+ * req.getHeader<lowHeaders>("content-type")
+ */
+export interface HttpRequest extends uwsHttpRequest {
+    getHeader<T extends RecognizedString = lowHeaders>(a: T): string;
+}
+export type HttpControllerFn = (res: HttpResponse, req: HttpRequest) => any | Promise<any>;
+/**
+ * only http methods without "ws"
+ */
+export type onlyHttpMethods = "get" | "post" | "del" | "patch" | "put" | "head" | "trace" | "options" | "connect" | "any";
+/**
+ * all httpMethods with "ws" method
+ */
+export type HttpMethods = onlyHttpMethods | "ws";
+type MergeObjects<T extends any[]> = T extends [infer First, ...infer Rest] ? First & MergeObjects<Rest extends any[] ? Rest : []> : {};
+/**
+ * extends uWS.App() or uWS.SSLApp. See interface Server
+ * @param app uWS.App()
+ */
+export declare function extendApp<T extends object[]>(app: TemplatedApp, ...rest: T): Server & MergeObjects<T>;
+/**
+ * conversion to ArrayBuffer ('cause transferring strings to uWS is really slow)
+ */
+export declare function toAB(data: Buffer | string): ArrayBuffer;
+/**
+ * Thanks to "acarstoiu" github user for listing such methods here: "https://github.com/uNetworking/uWebSockets.js/issues/1165".
+ */
+type WebSocketFragmentation = {
+    /** Sends the first frame of a multi-frame message. More fragments are expected (possibly none), followed by a last fragment. Care must be taken so as not to interleave these fragments with whole messages (sent with WebSocket.send) or with other messages' fragments.
+     *
+     * Returns 1 for success, 2 for dropped due to backpressure limit, and 0 for built up backpressure that will drain over time. You can check backpressure before or after sending by calling getBufferedAmount().
+     *
+     * Make sure you properly understand the concept of backpressure. Check the backpressure example file.
+     */
+    sendFirstFragment(message: RecognizedString, isBinary?: boolean, compress?: boolean): number;
+    /** Sends a continuation frame of a multi-frame message. More fragments are expected (possibly none), followed by a last fragment. In terms of sending data, a call to this method must follow a call to WebSocket.sendFirstFragment.
+     *
+     * Returns 1 for success, 2 for dropped due to backpressure limit, and 0 for built up backpressure that will drain over time. You can check backpressure before or after sending by calling getBufferedAmount().
+     *
+     * Make sure you properly understand the concept of backpressure. Check the backpressure example file.
+     */
+    sendFragment(message: RecognizedString, compress?: boolean): number;
+    /** Sends the last continuation frame of a multi-frame message. In terms of sending data, a call to this method must follow a call to WebSocket.sendFirstFragment or WebSocket.sendFragment.
+     *
+     * Returns 1 for success, 2 for dropped due to backpressure limit, and 0 for built up backpressure that will drain over time. You can check backpressure before or after sending by calling getBufferedAmount().
+     *
+     * Make sure you properly understand the concept of backpressure. Check the backpressure example file.
+     */
+    sendLastFragment(message: RecognizedString, compress?: boolean): number;
+};
+export interface DocumentedWS<UserData> extends WebSocket<UserData>, WebSocketFragmentation {
+    /**
+     * this is an additional property, which saves you from server crashing. In "close" handler you should add "ws.closed = true" and each time you perform any asynchronous work before sending a message run a check "if(ws.closed) { cleanup and quit }"
+     * @example
+     * import {setTimeout} from "node:timers/promises"
+     * server.ws("/", {
+     *    close(ws){
+     *      ws.closed = true;
+     *    },
+     *    async message(ws){
+     *      await setTimeout(100); // simulate some db query
+     *      if(!ws.closed) ws.send("handled message", false)
+     *    }
+     * })
+    * */
+    closed: boolean;
+    /**
+    * an additional property which might save websocket from overexhaustion
+    * */
+    drainEvent: Promise<void> | undefined;
+    /**
+     * an additional property to monitor queued messages, which can't be sent due to overexhaustion (need to wait for drain).
+     **/
+    queue: number;
+}
+export interface DocumentedWSBehavior<UserData> {
+    /** Maximum length of received message. If a client tries to send you a message larger than this, the connection is immediately closed. Defaults to 16 * 1024. */
+    maxPayloadLength?: number;
+    /** Whether or not we should automatically close the socket when a message is dropped due to backpressure. Defaults to false. */
+    closeOnBackpressureLimit?: boolean;
+    /** Maximum number of minutes a WebSocket may be connected before being closed by the server. 0 disables the feature. */
+    maxLifetime?: number;
+    /** Maximum amount of seconds that may pass without sending or getting a message. Connection is closed if this timeout passes. Resolution (granularity) for timeouts are typically 4 seconds, rounded to closest.
+     * Disable by using 0. Defaults to 120.
+     */
+    idleTimeout?: number;
+    /** What permessage-deflate compression to use. uWS.DISABLED, uWS.SHARED_COMPRESSOR or any of the uWS.DEDICATED_COMPRESSOR_xxxKB. Defaults to uWS.DISABLED. */
+    compression?: CompressOptions;
+    /** Maximum length of allowed backpressure per socket when publishing or sending messages. Slow receivers with too high backpressure will be skipped until they catch up or timeout. Defaults to 64 * 1024. */
+    maxBackpressure?: number;
+    /** Whether or not we should automatically send pings to uphold a stable connection given whatever idleTimeout. */
+    sendPingsAutomatically?: boolean;
+    /** Handler for new WebSocket connection. WebSocket is valid from open to close, no errors. */
+    open?: (ws: DocumentedWS<UserData>) => void | Promise<void>;
+    /** Handler for a WebSocket message. Messages are given as ArrayBuffer no matter if they are binary or not. Given ArrayBuffer is valid during the lifetime of this callback (until first await or return) and will be neutered. */
+    message?: (ws: DocumentedWS<UserData>, message: ArrayBuffer, isBinary: boolean) => void | Promise<void>;
+    /** Handler for a dropped WebSocket message. Messages can be dropped due to specified backpressure settings. Messages are given as ArrayBuffer no matter if they are binary or not. Given ArrayBuffer is valid during the lifetime of this callback (until first await or return) and will be neutered. */
+    dropped?: (ws: DocumentedWS<UserData>, message: ArrayBuffer, isBinary: boolean) => void | Promise<void>;
+    /** Handler for when WebSocket backpressure drains. Check ws.getBufferedAmount(). Use this to guide / drive your backpressure throttling. */
+    drain?: (ws: DocumentedWS<UserData>) => void;
+    /** Handler for close event, no matter if error, timeout or graceful close. You may not use WebSocket after this event. Do not send on this WebSocket from within here, it is closed. */
+    close?: (ws: DocumentedWS<UserData>, code: number, message: ArrayBuffer) => void;
+    /** Handler for received ping control message. You do not need to handle this, pong messages are automatically sent as per the standard. */
+    ping?: (ws: DocumentedWS<UserData>, message: ArrayBuffer) => void;
+    /** Handler for received pong control message. */
+    pong?: (ws: DocumentedWS<UserData>, message: ArrayBuffer) => void;
+    /** Handler for subscription changes. */
+    subscription?: (ws: DocumentedWS<UserData>, topic: ArrayBuffer, newCount: number, oldCount: number) => void;
+    /** Upgrade handler used to intercept HTTP upgrade requests and potentially upgrade to WebSocket.
+     * See UpgradeAsync and UpgradeSync example files.
+     */
+    upgrade?: (res: HttpResponse<UserData>, req: HttpRequest, context: us_socket_context_t) => void | Promise<void>;
+}
+export type DeclarativeResType = {
+    writeHeader(key: string, value: string): DeclarativeResType;
+    writeQueryValue(key: string): DeclarativeResType;
+    writeHeaderValue(key: string): DeclarativeResType;
+    /**
+     * Write a chunk to the precompiled response
+     */
+    write(value: string): DeclarativeResType;
+    writeParameterValue(key: string): DeclarativeResType;
+    /**
+     * Method to finalize forming a response.
+     */
+    end(value: string): any;
+    writeBody(): DeclarativeResType;
+    /**
+     * additional method from µBlitz.js
+     */
+    writeHeaders<Opts extends BaseHeaders>(headers: Opts): DeclarativeResType;
+};
+/**
+ * Almost nothing different from uWS.DeclarativeResponse. The only modification - writeHeaders method (several methods, typescript intellisense)
+ */
+export declare var DeclarativeResponse: {
+    new (): DeclarativeResType;
+};
+export * from "./http-codes.js";
+export * from "./http-headers.js";

package/package.json

@@ -1,24 +1,41 @@
 {
   "name": "@ublitzjs/core",
-  "version": "0.1.1",
+  "version": "1.0.0",
+  "types": "./dist/types/index.d.ts",
   "exports": {
-    "types": "./types/index.d.ts",
-    "require": "./cjs/index.cjs",
-    "import": "./mjs/index.mjs"
+    "types": "./dist/types/index.d.ts",
+    "require": "./dist/cjs/index.js",
+    "import": "./dist/esm/index.js"
   },
   "dependencies": {
     "tseep": "^1.3.1",
-    "uWebSockets.js": "github:uNetworking/uWebSockets.js#v20.56.0"
+    "uWebSockets.js": "github:uNetworking/uWebSockets.js#v20.57.0"
   },
   "publishConfig": {
     "access": "public"
   },
   "devDependencies": {
-    "undici": "^7.16.0",
+    "@babel/cli": "^7.28.6",
+    "@babel/core": "^7.29.0",
+    "@babel/plugin-transform-modules-commonjs": "^7.28.6",
+    "@types/node": "^25.2.1",
+    "@types/ws": "^8.18.1",
     "esbuild": "^0.25.12",
+    "tsd": "^0.33.0",
     "vitest": "^4.0.8",
     "ws": "^8.18.3"
   },
+  "scripts": {
+    "trick-tsd": "bun link && bun link @ublitzjs/core",
+    "build:esm": "tsc -p tsconfig.esm.json && echo '{\"type\": \"module\"}' > dist/esm/package.json",
+    "build:cjs": "babel dist/esm --out-dir dist/cjs",
+    "build:types": "tsc -p tsconfig.types.json",
+    "build": "npm run build:types && npm run build:esm && npm run build:cjs",
+    "test": "tsd && vitest run"
+  },
+  "tsd": {
+    "directory": "tests"
+  },
   "repository": {
     "type": "git",
     "url": "https://github.com/ublitzjs/core.git"
@@ -32,11 +49,14 @@
     "ublitzjs",
     "uWebSockets.js",
     "uws",
+    "typescript",
     "documentation",
     "http",
+    "websockets",
     "headers",
     "codes",
     "development",
-    "asynchronous code"
+    "asynchronous code",
+    "µBlitz.js"
   ]
 }

package/src/http-codes.ts

@@ -0,0 +1,94 @@
+"use strict";
+import { toAB } from "./index.js";
+var c405Message = toAB("Method is not allowed");
+var allowHeader = toAB("Allow");
+var checkHeader = toAB("content-length");
+var checkMessage = toAB("Content-Length is required to be > 0 and to be an integer");
+import type { HttpResponse as uwsHttpResponse } from "uWebSockets.js";
+import type { HttpRequest, HttpMethods } from "./index.ts";
+/**
+ * If something wrong is to content-length, sends 411 code and throws error with a "cause" == { CL : string}, sets res.finished = true
+ */
+export function checkContentLength(
+  res: uwsHttpResponse,
+  req: HttpRequest
+): number {
+  var header = req.getHeader(checkHeader);
+  var CL: number;
+  if (!header || !Number.isInteger(CL = Number(header))) {
+    res.finished = true;
+    res.cork(() => res.writeStatus(c411).end(checkMessage));
+    throw new Error("Wrong content-length", { cause: { CL: header} });
+  }
+  return CL;
+}
+/**
+ * sends http 400 and throws an Error with "causeForYou", sets res.finished = true
+ */
+export function badRequest(
+  res: uwsHttpResponse,
+  error: string,
+  causeForYou: string
+): void {
+  res.finished = true;
+  if (!res.aborted) res.cork(() => res.writeStatus(c400).end(toAB(error)));
+  throw new Error("Bad request", { cause: causeForYou });
+}
+/**
+ * sends http 413, but doesn't throw an Error, sets res.finished = true
+ */
+export function tooLargeBody(res: uwsHttpResponse, limit: number): void {
+  var message = toAB("Body is too large. Limit in bytes - " + limit);
+  if (!res.aborted) res.cork(() => res.writeStatus(c413).end(message));
+  res.finished = true;
+}
+/**
+ * Constructs function, which sends http 405 and sets http Allow header with all methods you passed.
+ * It ignores "ws" and replaces "del" on "DELETE"
+ */
+export function seeOtherMethods(
+  methodsArr: HttpMethods[]
+): (res: uwsHttpResponse, req: any) => any {
+  if(new Set(methodsArr).size != methodsArr.length) throw new Error("the methods repeat")
+  var arr: string[] = []
+  loop: for(var method of methodsArr){
+    switch(method){
+      case "ws": continue loop;
+      case "del": arr.push("DELETE"); break;
+      default: arr.push(method.toUpperCase())
+    }
+  }
+  var methods = toAB(arr.join(", "));
+  return (res) =>
+    res.writeStatus(c405).writeHeader(allowHeader, methods).end(c405Message);
+}
+
+/**
+ * Constructs the function, which sets 404 http code and sends the message you have specified
+ */
+export function notFoundConstructor(
+  message: string = "Not found"
+): (res: uwsHttpResponse, req: any) => any {
+  var mes = toAB(message);
+  return (res) => res.writeStatus(c404).end(mes, true);
+}
+/**
+ * code: required content length
+ */
+export var c411 = toAB("411");
+/**
+ * code: bad request
+ */
+export var c400 = toAB("400");
+/**
+ * code: payload too large
+ */
+export var c413 = toAB("413");
+/**
+ * code: method not allowed
+ */
+export var c405 = toAB("405");
+/**
+ * code: not found
+ */
+export var c404 = toAB("404");

package/{types/http-headers.d.ts → src/http-headers.ts}

@@ -1,8 +1,23 @@
-import type { HttpResponse } from "./index";
+"use strict";
+import { toAB } from "./index.js";
+var helmetHeaders: helmetHeadersT = {
+  "X-Content-Type-Options": "nosniff",
+  "X-DNS-Prefetch-Control": "off",
+  "X-Frame-Options": "DENY",
+  "Referrer-Policy": "same-origin",
+  "X-Permitted-Cross-Domain-Policies": "none",
+  "X-Download-Options": "noopen",
+  "Cross-Origin-Resource-Policy": "same-origin",
+  "Cross-Origin-Opener-Policy": "same-origin",
+  "Cross-Origin-Embedder-Policy": "require-corp",
+  "Origin-Agent-Cluster": "?1",
+  //"Content-Security-Policy-Report-Only":"",
+  //"Strict-Transport-Security":`max-age=${60 * 60 * 24 * 365}; includeSubDomains`,
+};
 import type { HttpResponse as uwsHttpResponse } from "uWebSockets.js";
 type helmetHeadersT = {
   /**
-   *  By adding this header you can declare that your site should only load resources that have explicitly opted-in to being loaded across origins.
+   *  By adding this header you can declare that your site should only load resources that have explicitly opted-in to being loaded across origin.
    * "require-corp" LETS YOU USE new SharedArrayBuffer()
    * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy
    */
@@ -70,7 +85,7 @@ type helmetHeadersT = {
   /**
    *@deprecated
    * */
-  "X-XSS-Protection": string;
+  "X-XSS-Protection"?: string;
 };
 type CORSHeader = {
   /**
@@ -949,46 +964,70 @@ export type BaseHeaders = Partial<
  */
 export class HeadersMap<Opts extends BaseHeaders> extends Map {
   public currentHeaders: undefined | Opts;
-  constructor(opts: Opts);
+  constructor(opts: Opts) {
+    super();
+    this.currentHeaders = opts;
+  };
   /**
    * remove several headers from this map. Use BEFORE map.prepare(), because it will compare them by location in memory (string !== ArrayBuffer)
    * @example HeadersMap.default.remove("Content-Security-Policy", "X-DNS-Prefetch-Control", ...otherHeaders).prepare()
    */
-  remove(...keys: (keyof Opts)[]): this;
+  remove(...keys: (keyof Opts)[]): this {
+    for (const key of keys) delete this.currentHeaders![key];
+    return this;
+  }
   /**
    * last function before "going to response". It converts all strings to ArrayBuffers, so you should delete unwanted headers before it
    * @returns function, which sets all headers on the response.
    * @example
    * new HeadersMap({...HeadersMap.baseObj,"a":"a"}).remove("a").prepare();
    */
-  prepare(): (res: uwsHttpResponse) => HttpResponse;
+  prepare<T extends uwsHttpResponse>(){
+    for (const key in this.currentHeaders)
+      this.set(toAB(key), toAB(this.currentHeaders[key]!));
+    delete this.currentHeaders;
+    return (res: T) => {
+      for(var pair of this) res.writeHeader(pair[0], pair[1])
+      return res;
+    }
+  }
   /**
-   * write all static headers to response. Use AFTER map.prepare function, if you want speed.
+   * write all static headers to response. Use BEFORE map.prepare function, because this function requires "currentHeaders" object.
    * @example
    * headersMap.toRes(res);
-   * // if you want dynamic headers, use BASE:
-   * res.writeHeader(toAB(headerVariable),toAB(value))
    */
-  toRes(res: uwsHttpResponse): HttpResponse;
+  toRes<T extends uwsHttpResponse>(res: T): T{
+    var key: keyof Opts 
+    for (key in this.currentHeaders) res.writeHeader(key, this.currentHeaders![key]!);
+    return res;
+  }
 
   /**
-   * obj, containing basic headers, which u can use as a background for own headers
+   * obj, containing basic headers, which u can use as a background for own headers. It is mutable, but doing so will modify "HeadersMap.default" behavior
    * @example
    * new HeadersMap({...HeadersMap.baseObj, "ownHeader":"hello world"}).remove("X-Download-Options")
    */
-  static baseObj: helmetHeadersT;
+  static baseObj: helmetHeadersT = helmetHeaders;
   /**
-   * map with default headers
+   * this is same as "toRes", but it uses HeadersMap.baseObj
    */
-  static default: (res: uwsHttpResponse) => HttpResponse;
+  static default<T extends uwsHttpResponse>(res: T): T {
+    var key: keyof typeof HeadersMap.baseObj
+    for (key in HeadersMap.baseObj) res.writeHeader(key, HeadersMap.baseObj[key]!);
+    return res;
+  }
 }
 /**
  * This function creates Content-Security-Policy string.
  */
-export function setCSP<T extends CSP>(
-  mainCSP: T,
-  ...remove: (keyof CSP)[]
-): string;
+export function setCSP<T extends CSP>(mainCSP: T, ...remove: (keyof CSP)[]): string {
+  var CSPstring = "";
+  for (const dir of remove) delete mainCSP[dir];
+  var key: keyof T;
+  for (key in mainCSP)
+    CSPstring += (key as string) + " " + (mainCSP[key] as string[]).join(" ") + "; ";
+  return CSPstring;
+}
 type CSP = Partial<
   typeof CSPDirs & {
     /**
@@ -1073,6 +1112,24 @@ export var CSPDirs: {
    * specifies valid sources for loading media using the <audio> and <video> elements.
    */
   "media-src": string[];
+} = {
+  "default-src": ["'self'"],
+  "base-uri": ["'self'"],
+  "font-src": ["'self'"],
+  "form-action": ["'self'"],
+  "frame-ancestors": ["'none'"],
+  "img-src": ["'self'"],
+  "connect-src": ["'self'"],
+  "object-src": ["'none'"],
+  "script-src": ["'self'"],
+  "script-src-attr": ["'none'"],
+  "script-src-elem": ["'self'"],
+  "style-src": ["'self'"],
+  "style-src-attr": ["'none'"],
+  "style-src-elem": ["'self'"],
+  "trusted-types": ["'none'"],
+  "worker-src": ["'self'"],
+  "media-src": ["'self'"],
 };
 export type lowHeaders = Lowercase<
   keyof (simpleHeaders & helmetHeadersT & experimentalHeaders & CORSHeader)