index.js
1.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
"use strict";
function doesUserAgentMatchOldInternetExplorer(userAgent) {
if (!userAgent) {
return false;
}
var matches = /msie\s*(\d{1,2})/i.exec(userAgent);
return matches ? parseFloat(matches[1]) < 9 : false;
}
function getHeaderValueFromOptions(options) {
var directives = ['1'];
var isBlockMode;
if ('mode' in options) {
if (options.mode === 'block') {
isBlockMode = true;
}
else if (options.mode === null) {
isBlockMode = false;
}
else {
throw new Error('The `mode` option must be set to "block" or null.');
}
}
else {
isBlockMode = true;
}
if (isBlockMode) {
directives.push('mode=block');
}
if (options.reportUri) {
directives.push("report=" + options.reportUri);
}
return directives.join('; ');
}
module.exports = function xXssProtection(options) {
if (options === void 0) { options = {}; }
var headerValue = getHeaderValueFromOptions(options);
if (options.setOnOldIE) {
return function xXssProtection(_req, res, next) {
res.setHeader('X-XSS-Protection', headerValue);
next();
};
}
else {
return function xXssProtection(req, res, next) {
var value = doesUserAgentMatchOldInternetExplorer(req.headers['user-agent']) ? '0' : headerValue;
res.setHeader('X-XSS-Protection', value);
next();
};
}
};