Skip to content

Commit

Permalink
csp: add trusted types support
Browse files Browse the repository at this point in the history
  • Loading branch information
vejja committed Sep 26, 2024
1 parent 6005b46 commit fdef128
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
2 changes: 2 additions & 0 deletions src/types/headers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,8 @@ export type ContentSecurityPolicyValue = {
//'navigate-to'?: ("'self'" | "'none'" | "'unsafe-allow-redirects'" | string)[] | string | false;
'report-uri'?: string[] | string | false;
'report-to'?: string | false;
'require-trusted-types-for'?: string | false;
'trusted-types'?: string[] | string | false;
'upgrade-insecure-requests'?: boolean;
};

Expand Down
2 changes: 1 addition & 1 deletion src/utils/headers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ export function headerObjectFromString(optionKey: OptionKey, headerValue: string
const directives = headerValue.split(';').map(directive => directive.trim()).filter(directive => directive)
const objectForm = {} as ContentSecurityPolicyValue
for (const directive of directives) {
const [type, ...sources] = directive.split(' ').map(token => token.trim()) as [keyof ContentSecurityPolicyValue, ...any]
const [type, ...sources] = directive.split(' ').map(token => token.trim()) as [keyof ContentSecurityPolicyValue, ...string[]]
if (type === 'upgrade-insecure-requests') {
objectForm[type] = true
} else {
Expand Down

0 comments on commit fdef128

Please sign in to comment.