index.js
1.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
function parseActionOption(actionOption) {
var invalidActionErr = new Error('action must be undefined, "DENY", "ALLOW-FROM", or "SAMEORIGIN".');
if (actionOption === undefined) {
actionOption = "SAMEORIGIN";
}
else if (actionOption instanceof String) {
actionOption = actionOption.valueOf();
}
var result;
if (typeof actionOption === "string") {
result = actionOption.toUpperCase();
}
else {
throw invalidActionErr;
}
if (result === "ALLOWFROM") {
result = "ALLOW-FROM";
}
else if (result === "SAME-ORIGIN") {
result = "SAMEORIGIN";
}
if (["DENY", "ALLOW-FROM", "SAMEORIGIN"].indexOf(result) === -1) {
throw invalidActionErr;
}
return result;
}
function parseDomainOption(domainOption) {
if (domainOption instanceof String) {
domainOption = domainOption.valueOf();
}
if (typeof domainOption !== "string") {
throw new Error("ALLOW-FROM action requires a string domain parameter.");
}
else if (!domainOption.length) {
throw new Error("domain parameter must not be empty.");
}
return domainOption;
}
function getHeaderValueFromOptions(options) {
var action = parseActionOption(options.action);
if (action === "ALLOW-FROM") {
var domain = parseDomainOption(options.domain);
return action + " " + domain;
}
else {
return action;
}
}
function xFrameOptions(options) {
if (options === void 0) { options = {}; }
var headerValue = getHeaderValueFromOptions(options);
return function xFrameOptionsMiddleware(_req, res, next) {
res.setHeader("X-Frame-Options", headerValue);
next();
};
}
module.exports = xFrameOptions;
exports.default = xFrameOptions;