transform-directives-for-browser.js
2.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
"use strict";
function transformDirectivesForPreCsp1Firefox(directives, basePolicy) {
// eslint-disable-next-line @typescript-eslint/no-explicit-any
var result = Object.assign({}, basePolicy);
// Copy `connectSrc` to `xhrSrc`
var connectSrc = directives.connectSrc;
if (connectSrc) {
result.xhrSrc = connectSrc;
}
// Copy everything else
Object.keys(directives).forEach(function (key) {
if (key !== 'connectSrc') {
result[key] = directives[key];
}
});
// Rename `scriptSrc` values `unsafe-inline` and `unsafe-eval`
var scriptSrc = directives.scriptSrc;
if (scriptSrc) {
var optionsValues = [];
if (scriptSrc.indexOf("'unsafe-inline'") !== -1) {
optionsValues.push('inline-script');
}
if (scriptSrc.indexOf("'unsafe-eval'") !== -1) {
optionsValues.push('eval-script');
}
if (optionsValues.length !== 0) {
result.options = optionsValues;
}
}
return result;
}
module.exports = function transformDirectivesForBrowser(browser, directives) {
// For now, Firefox is the only browser that needs to be transformed.
if (!browser || browser.getBrowserName() !== 'Firefox') {
return directives;
}
var osName = browser.getOSName();
if (osName === 'iOS') {
return directives;
}
var browserVersion = parseFloat(browser.getBrowserVersion());
if (osName === 'Android' && browserVersion < 25 ||
browser.getPlatformType(true) === 'mobile' && browserVersion < 32) {
return transformDirectivesForPreCsp1Firefox(directives, { defaultSrc: ['*'] });
}
else if (browserVersion >= 4 && browserVersion < 23) {
var basePolicy = {};
if (browserVersion < 5) {
basePolicy.allow = ['*'];
if (directives.defaultSrc) {
basePolicy.allow = directives.defaultSrc;
directives = Object.assign({}, directives);
delete directives.defaultSrc;
}
}
else {
basePolicy.defaultSrc = ['*'];
}
return transformDirectivesForPreCsp1Firefox(directives, basePolicy);
}
else {
return directives;
}
};