abrendan_dev/MicDropMessages
1
0
Fork 0
mirror of https://github.com/abrendan/MicDropMessages.git synced 2025-08-25 05:52:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
abrendan
2023-11-30 14:15:19 +00:00
commit e4599df811
5457 changed files with 500139 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
node_modules/helmet-csp/CHANGELOG.md generated vendored Normal file
View File

@@ -0,0 +1,54 @@
# Changelog
## 2.10.0 - 2020-03-24
### Added
- Add support for the `allow-downloads` sandbox directive. See [#103](https://github.com/helmetjs/csp/pull/103)
## 2.9.5 - 2020-02-22
### Changed
- Updated `bowser` subdependency from 2.7.0 to 2.9.0
### Fixed
- Fixed an issue some people were having when importing the `bowser` subdependency. See [#96](https://github.com/helmetjs/csp/issues/96) and [#101](https://github.com/helmetjs/csp/pull/101)
- Fixed a link in the readme. See [#100](https://github.com/helmetjs/csp/pull/100)
## 2.9.4 - 2019-10-21
### Changed
- Updated `bowser` subdependency from 2.6.1 to 2.7.0. See [#94](https://github.com/helmetjs/csp/pull/94)
## 2.9.3 - 2019-09-30
### Fixed
- Published a missing TypeScript type definition file. See [#90](https://github.com/helmetjs/csp/issues/90)
## 2.9.2 - 2019-09-20
### Fixed
- Fixed a bug where a request from Firefox 4 could delete `default-src` from future responses
- Fixed tablet PC detection by updating `bowser` subdependency to latest version
## 2.9.1 - 2019-09-04
### Changed
- Updated `bowser` subdependency from 2.5.3 to 2.5.4. See [#88](https://github.com/helmetjs/csp/pull/88)
### Fixed
- The "security" keyword was declared twice in package metadata. See [#87](https://github.com/helmetjs/csp/pull/87)
## 2.9.0 - 2019-08-28
### Added
- Added TypeScript type definitions. See [#86](https://github.com/helmetjs/csp/pull/86)
### Fixed
- Switched from `platform` to `bowser` to quiet a security vulnerability warning. See [#80](https://github.com/helmetjs/csp/issues/80)
## 2.8.0 - 2019-07-24
### Added
- Added a new `sandbox` directive, `allow-downloads-without-user-activation` (see [#85](https://github.com/helmetjs/csp/pull/85))
- Created a changelog
- Added some package metadata
### Changed
- Updated documentation to use ES2015
- Updated documentation to remove dependency on UUID package
- Updated `content-security-policy-builder` to 2.1.0
- Excluded some files from the npm package
Changes in versions 2.7.1 and below can be found in [Helmet's changelog](https://github.com/helmetjs/helmet/blob/master/CHANGELOG.md).

21
node_modules/helmet-csp/LICENSE generated vendored Normal file
View File

@@ -0,0 +1,21 @@
The MIT License (MIT)
Copyright (c) 2014-2020 Evan Hahn, Adam Baldwin
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

146
node_modules/helmet-csp/README.md generated vendored Normal file
View File

@@ -0,0 +1,146 @@
Content Security Policy middleware
==================================
[![Build Status](https://travis-ci.org/helmetjs/csp.svg?branch=master)](https://travis-ci.org/helmetjs/csp)
Content Security Policy helps prevent unwanted content being injected into your webpages; this can mitigate cross-site scripting (XSS) vulnerabilities, malicious frames, unwanted trackers, and more. If you want to learn how CSP works, check out the fantastic [HTML5 Rocks guide](http://www.html5rocks.com/en/tutorials/security/content-security-policy/), the [Content Security Policy Reference](http://content-security-policy.com/), and the [Content Security Policy specification](http://www.w3.org/TR/CSP/). This module helps set Content Security Policies.
Usage:
```javascript
const csp = require('helmet-csp')
app.use(csp({
// Specify directives as normal.
directives: {
defaultSrc: ["'self'", 'default.com'],
scriptSrc: ["'self'", "'unsafe-inline'"],
styleSrc: ['style.com'],
fontSrc: ["'self'", 'fonts.com'],
imgSrc: ['img.com', 'data:'],
sandbox: ['allow-forms', 'allow-scripts'],
reportUri: '/report-violation',
objectSrc: ["'none'"],
upgradeInsecureRequests: true,
workerSrc: false // This is not set.
},
// This module will detect common mistakes in your directives and throw errors
// if it finds any. To disable this, enable "loose mode".
loose: false,
// Set to true if you only want browsers to report errors, not block them.
// You may also set this to a function(req, res) in order to decide dynamically
// whether to use reportOnly mode, e.g., to allow for a dynamic kill switch.
reportOnly: false,
// Set to true if you want to blindly set all headers: Content-Security-Policy,
// X-WebKit-CSP, and X-Content-Security-Policy.
setAllHeaders: false,
// Set to true if you want to disable CSP on Android where it can be buggy.
disableAndroid: false,
// Set to false if you want to completely disable any user-agent sniffing.
// This may make the headers less compatible but it will be much faster.
// This defaults to `true`.
browserSniff: true
}))
```
There are a lot of inconsistencies in how browsers implement CSP. Helmet looks at the user-agent of the browser and sets the appropriate header and value for that browser. If no user-agent is matched, it will set _all_ the headers with the 2.0 spec.
Supported directives
--------------------
Directives can be kebab-cased (like `script-src`) or camel-cased (like `scriptSrc`); they are equivalent.
The following directives are supported:
* `base-uri` or `baseUri`
* `block-all-mixed-content` or `blockAllMixedContent`
* `child-src` or `childSrc`
* `connect-src` or `connectSrc`
* `default-src` or `defaultSrc`
* `font-src` or `fontSrc`
* `form-action` or `formAction`
* `frame-ancestors` or `frameAncestors`
* `frame-src` or `frameSrc`
* `img-src` or `imgSrc`
* `manifest-src` or `manifestSrc`
* `media-src` or `mediaSrc`
* `object-src` or `objectSrc`
* `plugin-types` or `pluginTypes`
* `prefetch-src` or `prefetchSrc`
* `report-to` or `reportTo`
* `report-uri` or `reportUri`
* `require-sri-for` or `requireSriFor`
* `sandbox` or `sandbox`
* `script-src` or `scriptSrc`
* `style-src` or `styleSrc`
* `upgrade-insecure-requests` or `upgradeInsecureRequests`
* `worker-src` or `workerSrc`
Handling CSP violations
-----------------------
If you've specified a `reportUri`, browsers will POST any CSP violations to your server. Here's a simple example of a route that handles those reports:
```js
app.post(
'/report-violation',
bodyparser.json({
type: ['json', 'application/csp-report']
}),
(req, res) => {
if (req.body) {
console.log('csp violation: ', req.body)
} else {
console.log('csp violation: no data received!')
}
res.status(204).end()
}
)
```
Not all browsers send CSP violations in the same way, so this might require a little work.
*Note*: If you're using a CSRF module like [csurf](https://github.com/expressjs/csurf), you might have problems handling these violations without a valid CSRF token. The fix is to put your CSP report route *above* csurf middleware.
Generating nonces
-----------------
You can dynamically generate nonces to allow inline `<script>` tags to be safely evaluated. Here's a simple example:
```js
const crypto = require('crypto')
app.use((req, res, next) => {
res.locals.nonce = crypto.randomBytes(16).toString('hex')
next()
})
app.use(csp({
directives: {
scriptSrc: [
"'self'",
(req, res) => `'nonce-${res.locals.nonce}'` // 'nonce-348c18b14aaf3e00938d8bdd613f1149'
]
}
}))
app.use((req, res) => {
res.end(`<script nonce="${res.locals.nonce}">alert(1 + 1);</script>`)
})
```
Using CSP with a CDN
--------------------
The default behavior of CSP is generate headers tailored for the browser that's requesting your page. If you have a CDN in front of your application, the CDN may cache the wrong headers, rendering your CSP useless. Make sure to eschew a CDN when using this module or set the `browserSniff` option to `false`.
See also
--------
* [Google's CSP Evaluator tool](https://csp-evaluator.withgoogle.com/)
* [GitHub's CSP journey](http://githubengineering.com/githubs-csp-journey/)
* [Content Security Policy for Single Page Web Apps](https://developer.squareup.com/blog/content-security-policy-for-single-page-web-apps/)

5
node_modules/helmet-csp/dist/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1,5 @@
/// <reference types="node" />
import { IncomingMessage, ServerResponse } from 'http';
import { CspOptions } from './lib/types';
declare const _default: (options: CspOptions) => (req: IncomingMessage, res: ServerResponse, next: () => void) => void;
export = _default;

75
node_modules/helmet-csp/dist/index.js generated vendored Normal file
View File

@@ -0,0 +1,75 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
var camelize_1 = __importDefault(require("camelize"));
var content_security_policy_builder_1 = __importDefault(require("content-security-policy-builder"));
var bowser_1 = __importDefault(require("bowser"));
var is_function_1 = __importDefault(require("./lib/is-function"));
var check_options_1 = __importDefault(require("./lib/check-options"));
var contains_function_1 = __importDefault(require("./lib/contains-function"));
var get_header_keys_for_browser_1 = __importDefault(require("./lib/get-header-keys-for-browser"));
var transform_directives_for_browser_1 = __importDefault(require("./lib/transform-directives-for-browser"));
var parse_dynamic_directives_1 = __importDefault(require("./lib/parse-dynamic-directives"));
var config_1 = __importDefault(require("./lib/config"));
module.exports = function csp(options) {
check_options_1.default(options);
var originalDirectives = camelize_1.default(options.directives || {});
var directivesAreDynamic = contains_function_1.default(originalDirectives);
var shouldBrowserSniff = options.browserSniff !== false;
if (shouldBrowserSniff) {
return function csp(req, res, next) {
var userAgent = req.headers['user-agent'];
var browser;
if (userAgent) {
browser = bowser_1.default.getParser(userAgent);
}
else {
browser = undefined;
}
var headerKeys;
if (options.setAllHeaders || !userAgent) {
headerKeys = config_1.default.allHeaders;
}
else {
headerKeys = get_header_keys_for_browser_1.default(browser, options);
}
if (headerKeys.length === 0) {
next();
return;
}
var directives = transform_directives_for_browser_1.default(browser, originalDirectives);
if (directivesAreDynamic) {
directives = parse_dynamic_directives_1.default(directives, [req, res]);
}
var policyString = content_security_policy_builder_1.default({ directives: directives });
headerKeys.forEach(function (headerKey) {
if (is_function_1.default(options.reportOnly) && options.reportOnly(req, res) ||
!is_function_1.default(options.reportOnly) && options.reportOnly) {
headerKey += '-Report-Only';
}
res.setHeader(headerKey, policyString);
});
next();
};
}
else {
var headerKeys_1 = options.setAllHeaders ? config_1.default.allHeaders : ['Content-Security-Policy'];
return function csp(req, res, next) {
var directives = parse_dynamic_directives_1.default(originalDirectives, [req, res]);
var policyString = content_security_policy_builder_1.default({ directives: directives });
if (is_function_1.default(options.reportOnly) && options.reportOnly(req, res) ||
!is_function_1.default(options.reportOnly) && options.reportOnly) {
headerKeys_1.forEach(function (headerKey) {
res.setHeader(headerKey + "-Report-Only", policyString);
});
}
else {
headerKeys_1.forEach(function (headerKey) {
res.setHeader(headerKey, policyString);
});
}
next();
};
}
};

10
node_modules/helmet-csp/dist/lib/check-options/check-directive/boolean.js generated vendored Normal file
View File

@@ -0,0 +1,10 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
var is_boolean_1 = __importDefault(require("../../is-boolean"));
module.exports = function (key, value) {
if (!is_boolean_1.default(value)) {
throw new Error("\"" + value + "\" is not a valid value for " + key + ". Use `true` or `false`.");
}
};

30
node_modules/helmet-csp/dist/lib/check-options/check-directive/index.js generated vendored Normal file
View File

@@ -0,0 +1,30 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
var config_1 = __importDefault(require("../../config"));
var boolean_1 = __importDefault(require("./boolean"));
var plugin_types_1 = __importDefault(require("./plugin-types"));
var report_uri_1 = __importDefault(require("./report-uri"));
var require_sri_for_1 = __importDefault(require("./require-sri-for"));
var sandbox_1 = __importDefault(require("./sandbox"));
var source_list_1 = __importDefault(require("./source-list"));
var checkers = {
boolean: boolean_1.default,
pluginTypes: plugin_types_1.default,
reportUri: report_uri_1.default,
requireSriFor: require_sri_for_1.default,
sandbox: sandbox_1.default,
sourceList: source_list_1.default,
};
module.exports = function checkDirective(key, value, options) {
if (options.loose) {
return;
}
if (!Object.prototype.hasOwnProperty.call(config_1.default.directives, key)) {
throw new Error("\"" + key + "\" is an invalid directive. See the documentation for the supported list. Force this by enabling loose mode.");
}
// This cast is safe thanks to the above check.
var directiveType = config_1.default.directives[key].type;
checkers[directiveType](key, value);
};

33
node_modules/helmet-csp/dist/lib/check-options/check-directive/plugin-types.js generated vendored Normal file
View File

@@ -0,0 +1,33 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
var config_1 = __importDefault(require("../../config"));
var is_function_1 = __importDefault(require("../../is-function"));
var notAllowed = ['self', "'self'"].concat(config_1.default.unsafes);
module.exports = function pluginTypesCheck(key, value) {
if (!Array.isArray(value)) {
throw new Error("\"" + value + "\" is not a valid value for " + key + ". Use an array of strings.");
}
if (value.length === 0) {
throw new Error(key + " must have at least one value. To block everything, set " + key + " to [\"'none'\"].");
}
value.forEach(function (pluginType) {
if (!pluginType) {
throw new Error("\"" + pluginType + "\" is not a valid plugin type. Only non-empty strings are allowed.");
}
if (is_function_1.default(pluginType)) {
return;
}
pluginType = pluginType.valueOf();
if (typeof pluginType !== 'string' || pluginType.length === 0) {
throw new Error("\"" + pluginType + "\" is not a valid plugin type. Only non-empty strings are allowed.");
}
if (notAllowed.indexOf(pluginType) !== -1) {
throw new Error("\"" + pluginType + "\" does not make sense in " + key + ". Remove it.");
}
if (config_1.default.mustQuote.indexOf(pluginType) !== -1) {
throw new Error("\"" + pluginType + "\" must be quoted in " + key + ". Change it to \"'" + pluginType + "'\" in your source list. Force this by enabling loose mode.");
}
});
};

17
node_modules/helmet-csp/dist/lib/check-options/check-directive/report-uri.js generated vendored Normal file
View File

@@ -0,0 +1,17 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
var is_function_1 = __importDefault(require("../../is-function"));
var is_string_1 = __importDefault(require("../../is-string"));
module.exports = function (key, value) {
if (value === false) {
return;
}
if (is_function_1.default(value)) {
return;
}
if (!is_string_1.default(value) || value.length === 0) {
throw new Error("\"" + value + "\" is not a valid value for " + key + ". Use a non-empty string.");
}
};

22
node_modules/helmet-csp/dist/lib/check-options/check-directive/require-sri-for.js generated vendored Normal file
View File

@@ -0,0 +1,22 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
var config_1 = __importDefault(require("../../config"));
var is_function_1 = __importDefault(require("../../is-function"));
module.exports = function requireSriForCheck(key, value) {
if (!Array.isArray(value)) {
throw new Error("\"" + value + "\" is not a valid value for " + key + ". Use an array of strings.");
}
if (value.length === 0) {
throw new Error(key + " must have at least one value. To require nothing, omit the directive.");
}
value.forEach(function (expression) {
if (is_function_1.default(expression)) {
return;
}
if (config_1.default.requireSriForValues.indexOf(expression) === -1) {
throw new Error("\"" + expression + "\" is not a valid " + key + " value. Remove it.");
}
});
};

28
node_modules/helmet-csp/dist/lib/check-options/check-directive/sandbox.js generated vendored Normal file
View File

@@ -0,0 +1,28 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
var config_1 = __importDefault(require("../../config"));
var is_function_1 = __importDefault(require("../../is-function"));
module.exports = function sandboxCheck(key, value) {
if (value === false) {
return;
}
if (value === true) {
return;
}
if (!Array.isArray(value)) {
throw new Error("\"" + value + "\" is not a valid value for " + key + ". Use an array of strings or `true`.");
}
if (value.length === 0) {
throw new Error(key + " must have at least one value. To block everything, set " + key + " to `true`.");
}
value.forEach(function (expression) {
if (is_function_1.default(expression)) {
return;
}
if (config_1.default.sandboxDirectives.indexOf(expression) === -1) {
throw new Error("\"" + expression + "\" is not a valid " + key + " directive. Remove it.");
}
});
};

37
node_modules/helmet-csp/dist/lib/check-options/check-directive/source-list.js generated vendored Normal file
View File

@@ -0,0 +1,37 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
var config_1 = __importDefault(require("../../config"));
var is_function_1 = __importDefault(require("../../is-function"));
module.exports = function sourceListCheck(key, value) {
if (value === false) {
return;
}
if (!Array.isArray(value)) {
throw new Error("\"" + value + "\" is not a valid value for " + key + ". Use an array of strings.");
}
if (value.length === 0) {
throw new Error(key + " must have at least one value. To block everything, set " + key + " to [\"'none'\"].");
}
value.forEach(function (sourceExpression) {
if (!sourceExpression) {
throw new Error("\"" + sourceExpression + "\" is not a valid source expression. Only non-empty strings are allowed.");
}
if (is_function_1.default(sourceExpression)) {
return;
}
sourceExpression = sourceExpression.valueOf();
if (typeof sourceExpression !== 'string' || sourceExpression.length === 0) {
throw new Error("\"" + sourceExpression + "\" is not a valid source expression. Only non-empty strings are allowed.");
}
var directiveInfo = config_1.default.directives[key];
if (!directiveInfo.hasUnsafes && config_1.default.unsafes.indexOf(sourceExpression) !== -1 ||
!directiveInfo.hasStrictDynamic && config_1.default.strictDynamics.indexOf(sourceExpression) !== -1) {
throw new Error("\"" + sourceExpression + "\" does not make sense in " + key + ". Remove it.");
}
if (config_1.default.mustQuote.indexOf(sourceExpression) !== -1) {
throw new Error("\"" + sourceExpression + "\" must be quoted in " + key + ". Change it to \"'" + sourceExpression + "'\" in your source list. Force this by enabling loose mode.");
}
});
};

22
node_modules/helmet-csp/dist/lib/check-options/index.js generated vendored Normal file
View File

@@ -0,0 +1,22 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
var dasherize_1 = __importDefault(require("dasherize"));
var check_directive_1 = __importDefault(require("./check-directive"));
function isObject(value) {
return Object.prototype.toString.call(value) === '[object Object]';
}
module.exports = function (options) {
if (!isObject(options)) {
throw new Error('csp must be called with an object argument. See the documentation.');
}
var directives = options.directives;
if (!isObject(directives) || Object.keys(directives).length === 0) {
throw new Error('csp must have at least one directive under the "directives" key. See the documentation.');
}
Object.keys(directives).forEach(function (directiveKey) {
var typedKey = directiveKey;
check_directive_1.default(dasherize_1.default(directiveKey), directives[typedKey], options);
});
};

64
node_modules/helmet-csp/dist/lib/config.js generated vendored Normal file
View File

@@ -0,0 +1,64 @@
"use strict";
module.exports = {
directives: {
'base-uri': { type: 'sourceList' },
'block-all-mixed-content': { type: 'boolean' },
'child-src': { type: 'sourceList' },
'connect-src': { type: 'sourceList' },
'default-src': {
type: 'sourceList',
hasStrictDynamic: true,
},
'font-src': { type: 'sourceList' },
'form-action': { type: 'sourceList' },
'frame-ancestors': { type: 'sourceList' },
'frame-src': { type: 'sourceList' },
'img-src': { type: 'sourceList' },
'manifest-src': { type: 'sourceList' },
'media-src': { type: 'sourceList' },
'object-src': { type: 'sourceList' },
'script-src': {
type: 'sourceList',
hasUnsafes: true,
hasStrictDynamic: true,
},
'style-src': {
type: 'sourceList',
hasUnsafes: true,
},
'prefetch-src': { type: 'sourceList' },
'plugin-types': { type: 'pluginTypes' },
sandbox: { type: 'sandbox' },
'report-to': { type: 'reportUri' },
'report-uri': { type: 'reportUri' },
'require-sri-for': { type: 'requireSriFor' },
'upgrade-insecure-requests': { type: 'boolean' },
'worker-src': {
type: 'sourceList',
hasUnsafes: true,
},
},
allHeaders: [
'Content-Security-Policy',
'X-Content-Security-Policy',
'X-WebKit-CSP',
],
mustQuote: ['none', 'self', 'unsafe-inline', 'unsafe-eval', 'strict-dynamic'],
unsafes: ["'unsafe-inline'", 'unsafe-inline', "'unsafe-eval'", 'unsafe-eval'],
strictDynamics: ["'strict-dynamic'", 'strict-dynamic'],
requireSriForValues: ['script', 'style'],
sandboxDirectives: [
'allow-downloads',
'allow-downloads-without-user-activation',
'allow-forms',
'allow-modals',
'allow-orientation-lock',
'allow-pointer-lock',
'allow-popups',
'allow-popups-to-escape-sandbox',
'allow-presentation',
'allow-same-origin',
'allow-scripts',
'allow-top-navigation',
],
};

17
node_modules/helmet-csp/dist/lib/contains-function.js generated vendored Normal file
View File

@@ -0,0 +1,17 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
var is_function_1 = __importDefault(require("./is-function"));
module.exports = function containsFunction(obj) {
for (var key in obj) {
if (!Object.prototype.hasOwnProperty.call(obj, key)) {
continue;
}
var value = obj[key];
if (Array.isArray(value) && value.some(is_function_1.default) || is_function_1.default(value)) {
return true;
}
}
return false;
};

113
node_modules/helmet-csp/dist/lib/get-header-keys-for-browser.js generated vendored Normal file
View File

@@ -0,0 +1,113 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
var config_1 = __importDefault(require("./config"));
function goodBrowser() {
return ['Content-Security-Policy'];
}
var handlersByBrowserName = {
'Android Browser': function (browser) {
var osVersionName = browser.getOS().versionName;
if (osVersionName && parseFloat(osVersionName) < 4.4) {
return [];
}
return ['Content-Security-Policy'];
},
Chrome: function (browser) {
var browserVersion = parseFloat(browser.getBrowserVersion());
if (browserVersion >= 14 && browserVersion < 25) {
return ['X-WebKit-CSP'];
}
else if (browserVersion >= 25) {
return ['Content-Security-Policy'];
}
else {
return [];
}
},
'Chrome Mobile': function (browser, options) {
if (browser.getOSName() === 'iOS') {
return ['Content-Security-Policy'];
}
else {
return handlersByBrowserName['Android Browser'](browser, options);
}
},
Firefox: function (browser) {
var osName = browser.getOSName();
if (osName === 'iOS') {
return ['Content-Security-Policy'];
}
var browserVersion = parseFloat(browser.getBrowserVersion());
if (osName === 'Android') {
if (browserVersion >= 25) {
return ['Content-Security-Policy'];
}
else {
return ['X-Content-Security-Policy'];
}
}
else if (browser.getPlatformType(true) === 'mobile') {
// This is probably Firefox OS.
if (browserVersion >= 32) {
return ['Content-Security-Policy'];
}
else {
return ['X-Content-Security-Policy'];
}
}
else if (browserVersion >= 23) {
return ['Content-Security-Policy'];
}
else if (browserVersion >= 4 && browserVersion < 23) {
return ['X-Content-Security-Policy'];
}
else {
return [];
}
},
'Internet Explorer': function (browser) {
var browserVersion = parseFloat(browser.getBrowserVersion());
var header = browserVersion < 12 ? 'X-Content-Security-Policy' : 'Content-Security-Policy';
return [header];
},
'Microsoft Edge': goodBrowser,
'Microsoft Edge Mobile': goodBrowser,
Opera: function (browser) {
var browserVersion = parseFloat(browser.getBrowserVersion());
if (browserVersion >= 15) {
return ['Content-Security-Policy'];
}
else {
return [];
}
},
Safari: function (browser) {
var browserVersion = parseFloat(browser.getBrowserVersion());
if (browserVersion >= 7) {
return ['Content-Security-Policy'];
}
else if (browserVersion >= 6) {
return ['X-WebKit-CSP'];
}
else {
return [];
}
},
};
module.exports = function getHeaderKeysForBrowser(browser, options) {
if (!browser) {
return config_1.default.allHeaders;
}
if (options.disableAndroid && browser.getOSName() === 'Android') {
return [];
}
var browserName = browser.getBrowserName();
if (Object.prototype.hasOwnProperty.call(handlersByBrowserName, browserName)) {
return handlersByBrowserName[browserName](browser, options);
}
else {
return config_1.default.allHeaders;
}
};

4
node_modules/helmet-csp/dist/lib/is-boolean.js generated vendored Normal file
View File

@@ -0,0 +1,4 @@
"use strict";
module.exports = function isBoolean(value) {
return Object.prototype.toString.call(value) === '[object Boolean]';
};

4
node_modules/helmet-csp/dist/lib/is-function.js generated vendored Normal file
View File

@@ -0,0 +1,4 @@
"use strict";
module.exports = function isFunction(value) {
return value instanceof Function;
};

4
node_modules/helmet-csp/dist/lib/is-string.js generated vendored Normal file
View File

@@ -0,0 +1,4 @@
"use strict";
module.exports = function isString(value) {
return Object.prototype.toString.call(value) === '[object String]';
};

30
node_modules/helmet-csp/dist/lib/parse-dynamic-directives.js generated vendored Normal file
View File

@@ -0,0 +1,30 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
var is_function_1 = __importDefault(require("./is-function"));
var is_string_1 = __importDefault(require("./is-string"));
module.exports = function parseDynamicDirectives(directives, functionArgs) {
var result = {};
Object.keys(directives).forEach(function (key) {
var typedKey = key;
var value = directives[typedKey];
if (Array.isArray(value)) {
result[typedKey] = value.map(function (element) {
if (is_function_1.default(element)) {
return element.apply(void 0, functionArgs);
}
else {
return element;
}
});
}
else if (is_function_1.default(value)) {
result[typedKey] = value.apply(void 0, functionArgs);
}
else if (value === true || is_string_1.default(value)) {
result[typedKey] = value;
}
});
return result;
};

64
node_modules/helmet-csp/dist/lib/transform-directives-for-browser.js generated vendored Normal file
View File

@@ -0,0 +1,64 @@
"use strict";
function transformDirectivesForPreCsp1Firefox(directives, basePolicy) {
// eslint-disable-next-line @typescript-eslint/no-explicit-any
var result = Object.assign({}, basePolicy);
// Copy `connectSrc` to `xhrSrc`
var connectSrc = directives.connectSrc;
if (connectSrc) {
result.xhrSrc = connectSrc;
}
// Copy everything else
Object.keys(directives).forEach(function (key) {
if (key !== 'connectSrc') {
result[key] = directives[key];
}
});
// Rename `scriptSrc` values `unsafe-inline` and `unsafe-eval`
var scriptSrc = directives.scriptSrc;
if (scriptSrc) {
var optionsValues = [];
if (scriptSrc.indexOf("'unsafe-inline'") !== -1) {
optionsValues.push('inline-script');
}
if (scriptSrc.indexOf("'unsafe-eval'") !== -1) {
optionsValues.push('eval-script');
}
if (optionsValues.length !== 0) {
result.options = optionsValues;
}
}
return result;
}
module.exports = function transformDirectivesForBrowser(browser, directives) {
// For now, Firefox is the only browser that needs to be transformed.
if (!browser || browser.getBrowserName() !== 'Firefox') {
return directives;
}
var osName = browser.getOSName();
if (osName === 'iOS') {
return directives;
}
var browserVersion = parseFloat(browser.getBrowserVersion());
if (osName === 'Android' && browserVersion < 25 ||
browser.getPlatformType(true) === 'mobile' && browserVersion < 32) {
return transformDirectivesForPreCsp1Firefox(directives, { defaultSrc: ['*'] });
}
else if (browserVersion >= 4 && browserVersion < 23) {
var basePolicy = {};
if (browserVersion < 5) {
basePolicy.allow = ['*'];
if (directives.defaultSrc) {
basePolicy.allow = directives.defaultSrc;
directives = Object.assign({}, directives);
delete directives.defaultSrc;
}
}
else {
basePolicy.defaultSrc = ['*'];
}
return transformDirectivesForPreCsp1Firefox(directives, basePolicy);
}
else {
return directives;
}
};

71
node_modules/helmet-csp/dist/lib/types.d.ts generated vendored Normal file
View File

@@ -0,0 +1,71 @@
/// <reference types="node" />
import { IncomingMessage, ServerResponse } from 'http';
declare type DirectiveType = string | ((req: IncomingMessage, res: ServerResponse) => string);
export declare type SourceListDirective = false | DirectiveType[];
export declare type PluginTypesDirective = false | DirectiveType[];
export declare type SandboxDirective = false | DirectiveType[];
export declare type ReportUriDirective = false | DirectiveType;
export declare type RequireSriForDirective = false | DirectiveType[];
export interface KebabCaseDirectives {
'base-uri'?: SourceListDirective;
'block-all-mixed-content'?: boolean;
'child-src'?: SourceListDirective;
'connect-src'?: SourceListDirective;
'default-src'?: SourceListDirective;
'font-src'?: SourceListDirective;
'form-action'?: SourceListDirective;
'frame-ancestors'?: SourceListDirective;
'frame-src'?: SourceListDirective;
'img-src'?: SourceListDirective;
'manifest-src'?: SourceListDirective;
'media-src'?: SourceListDirective;
'object-src'?: SourceListDirective;
'sandbox'?: SandboxDirective;
'script-src'?: SourceListDirective;
'style-src'?: SourceListDirective;
'prefetch-src'?: SourceListDirective;
'plugin-types'?: PluginTypesDirective;
'report-to'?: ReportUriDirective;
'report-uri'?: ReportUriDirective;
'require-sri-for'?: RequireSriForDirective;
'upgrade-insecure-requests'?: boolean;
'worker-src'?: SourceListDirective;
}
export interface CamelCaseDirectives {
baseUri?: SourceListDirective;
blockAllMixedContent?: boolean;
childSrc?: SourceListDirective;
connectSrc?: SourceListDirective;
defaultSrc?: SourceListDirective;
fontSrc?: SourceListDirective;
formAction?: SourceListDirective;
frameAncestors?: SourceListDirective;
frameSrc?: SourceListDirective;
imgSrc?: SourceListDirective;
manifestSrc?: SourceListDirective;
mediaSrc?: SourceListDirective;
objectSrc?: SourceListDirective;
scriptSrc?: SourceListDirective;
styleSrc?: SourceListDirective;
prefetchSrc?: SourceListDirective;
pluginTypes?: PluginTypesDirective;
sandbox?: SandboxDirective;
reportTo?: ReportUriDirective;
reportUri?: ReportUriDirective;
requireSriFor?: RequireSriForDirective;
upgradeInsecureRequests?: boolean;
workerSrc?: SourceListDirective;
}
export declare type AllDirectives = CamelCaseDirectives & KebabCaseDirectives;
export interface ParsedDirectives {
[key: string]: string[] | string | boolean;
}
export interface CspOptions {
browserSniff?: boolean;
directives?: AllDirectives;
disableAndroid?: boolean;
loose?: boolean;
reportOnly?: boolean | ((req: IncomingMessage, res: ServerResponse) => boolean);
setAllHeaders?: boolean;
}
export {};

2
node_modules/helmet-csp/dist/lib/types.js generated vendored Normal file
View File

@@ -0,0 +1,2 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });

111
node_modules/helmet-csp/package.json generated vendored Normal file
View File

@@ -0,0 +1,111 @@
{
"_from": "helmet-csp@2.10.0",
"_id": "helmet-csp@2.10.0",
"_inBundle": false,
"_integrity": "sha512-Rz953ZNEFk8sT2XvewXkYN0Ho4GEZdjAZy4stjiEQV3eN7GDxg1QKmYggH7otDyIA7uGA6XnUMVSgeJwbR5X+w==",
"_location": "/helmet-csp",
"_phantomChildren": {},
"_requested": {
"type": "version",
"registry": true,
"raw": "helmet-csp@2.10.0",
"name": "helmet-csp",
"escapedName": "helmet-csp",
"rawSpec": "2.10.0",
"saveSpec": null,
"fetchSpec": "2.10.0"
},
"_requiredBy": [
"/helmet"
],
"_resolved": "https://registry.npmjs.org/helmet-csp/-/helmet-csp-2.10.0.tgz",
"_shasum": "685dde1747bc16c5e28ad9d91e229a69f0a85e84",
"_spec": "helmet-csp@2.10.0",
"_where": "/home/runner/Socketio-Chat-Template/node_modules/helmet",
"author": {
"name": "Adam Baldwin",
"email": "adam@npmjs.com",
"url": "https://evilpacket.net"
},
"bugs": {
"url": "https://github.com/helmetjs/csp/issues",
"email": "me@evanhahn.com"
},
"bundleDependencies": false,
"contributors": [
{
"name": "Evan Hahn",
"email": "me@evanhahn.com",
"url": "https://evanhahn.com"
},
{
"name": "Ryan Cannon",
"email": "ryan@ryancannon.com",
"url": "https://ryancannon.com"
}
],
"dependencies": {
"bowser": "2.9.0",
"camelize": "1.0.0",
"content-security-policy-builder": "2.1.0",
"dasherize": "2.0.0"
},
"deprecated": false,
"description": "Content Security Policy middleware.",
"devDependencies": {
"@types/connect": "^3.4.33",
"@types/jest": "^25.1.4",
"@types/supertest": "^2.0.7",
"@typescript-eslint/eslint-plugin": "^2.25.0",
"@typescript-eslint/parser": "^2.25.0",
"connect": "^3.7.0",
"content-security-policy-parser": "^0.3.0",
"eslint": "^6.8.0",
"eslint-config-helmet": "^0.2.0",
"jest": "^25.1.0",
"supertest": "^4.0.2",
"ts-jest": "^25.2.1",
"typescript": "^3.8.3"
},
"engines": {
"node": ">=4.0.0"
},
"files": [
"CHANGELOG.md",
"LICENSE",
"README.md",
"dist/index.js",
"dist/index.d.ts",
"dist/lib/**/*.js",
"dist/lib/types.d.ts"
],
"homepage": "https://helmetjs.github.io/docs/csp/",
"keywords": [
"helmet",
"security",
"express",
"connect",
"content",
"policy",
"csp",
"xss"
],
"license": "MIT",
"main": "./dist/index.js",
"name": "helmet-csp",
"repository": {
"type": "git",
"url": "git://github.com/helmetjs/csp.git"
},
"scripts": {
"build": "npm run clean && tsc",
"clean": "rm -rf dist",
"generate-supported-directives-docs": "./scripts/generate_supported_directives_docs",
"lint": "eslint --fix '**/*.ts'",
"prepublishOnly": "npm run build",
"pretest": "npm run lint",
"test": "jest --config test/jest-config.json"
},
"typings": "./dist/index.d.ts",
"version": "2.10.0"
}