Initial commit

node_modules/helmet-csp/dist/lib/check-options/check-directive/boolean.js

@@ -0,0 +1,10 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var is_boolean_1 = __importDefault(require("../../is-boolean"));
+module.exports = function (key, value) {
+    if (!is_boolean_1.default(value)) {
+        throw new Error("\"" + value + "\" is not a valid value for " + key + ". Use `true` or `false`.");
+    }
+};

node_modules/helmet-csp/dist/lib/check-options/check-directive/index.js

@@ -0,0 +1,30 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var config_1 = __importDefault(require("../../config"));
+var boolean_1 = __importDefault(require("./boolean"));
+var plugin_types_1 = __importDefault(require("./plugin-types"));
+var report_uri_1 = __importDefault(require("./report-uri"));
+var require_sri_for_1 = __importDefault(require("./require-sri-for"));
+var sandbox_1 = __importDefault(require("./sandbox"));
+var source_list_1 = __importDefault(require("./source-list"));
+var checkers = {
+    boolean: boolean_1.default,
+    pluginTypes: plugin_types_1.default,
+    reportUri: report_uri_1.default,
+    requireSriFor: require_sri_for_1.default,
+    sandbox: sandbox_1.default,
+    sourceList: source_list_1.default,
+};
+module.exports = function checkDirective(key, value, options) {
+    if (options.loose) {
+        return;
+    }
+    if (!Object.prototype.hasOwnProperty.call(config_1.default.directives, key)) {
+        throw new Error("\"" + key + "\" is an invalid directive. See the documentation for the supported list. Force this by enabling loose mode.");
+    }
+    // This cast is safe thanks to the above check.
+    var directiveType = config_1.default.directives[key].type;
+    checkers[directiveType](key, value);
+};

node_modules/helmet-csp/dist/lib/check-options/check-directive/plugin-types.js

@@ -0,0 +1,33 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var config_1 = __importDefault(require("../../config"));
+var is_function_1 = __importDefault(require("../../is-function"));
+var notAllowed = ['self', "'self'"].concat(config_1.default.unsafes);
+module.exports = function pluginTypesCheck(key, value) {
+    if (!Array.isArray(value)) {
+        throw new Error("\"" + value + "\" is not a valid value for " + key + ". Use an array of strings.");
+    }
+    if (value.length === 0) {
+        throw new Error(key + " must have at least one value. To block everything, set " + key + " to [\"'none'\"].");
+    }
+    value.forEach(function (pluginType) {
+        if (!pluginType) {
+            throw new Error("\"" + pluginType + "\" is not a valid plugin type. Only non-empty strings are allowed.");
+        }
+        if (is_function_1.default(pluginType)) {
+            return;
+        }
+        pluginType = pluginType.valueOf();
+        if (typeof pluginType !== 'string' || pluginType.length === 0) {
+            throw new Error("\"" + pluginType + "\" is not a valid plugin type. Only non-empty strings are allowed.");
+        }
+        if (notAllowed.indexOf(pluginType) !== -1) {
+            throw new Error("\"" + pluginType + "\" does not make sense in " + key + ". Remove it.");
+        }
+        if (config_1.default.mustQuote.indexOf(pluginType) !== -1) {
+            throw new Error("\"" + pluginType + "\" must be quoted in " + key + ". Change it to \"'" + pluginType + "'\" in your source list. Force this by enabling loose mode.");
+        }
+    });
+};

node_modules/helmet-csp/dist/lib/check-options/check-directive/report-uri.js

@@ -0,0 +1,17 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var is_function_1 = __importDefault(require("../../is-function"));
+var is_string_1 = __importDefault(require("../../is-string"));
+module.exports = function (key, value) {
+    if (value === false) {
+        return;
+    }
+    if (is_function_1.default(value)) {
+        return;
+    }
+    if (!is_string_1.default(value) || value.length === 0) {
+        throw new Error("\"" + value + "\" is not a valid value for " + key + ". Use a non-empty string.");
+    }
+};

node_modules/helmet-csp/dist/lib/check-options/check-directive/require-sri-for.js

@@ -0,0 +1,22 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var config_1 = __importDefault(require("../../config"));
+var is_function_1 = __importDefault(require("../../is-function"));
+module.exports = function requireSriForCheck(key, value) {
+    if (!Array.isArray(value)) {
+        throw new Error("\"" + value + "\" is not a valid value for " + key + ". Use an array of strings.");
+    }
+    if (value.length === 0) {
+        throw new Error(key + " must have at least one value. To require nothing, omit the directive.");
+    }
+    value.forEach(function (expression) {
+        if (is_function_1.default(expression)) {
+            return;
+        }
+        if (config_1.default.requireSriForValues.indexOf(expression) === -1) {
+            throw new Error("\"" + expression + "\" is not a valid " + key + " value. Remove it.");
+        }
+    });
+};

node_modules/helmet-csp/dist/lib/check-options/check-directive/sandbox.js

@@ -0,0 +1,28 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var config_1 = __importDefault(require("../../config"));
+var is_function_1 = __importDefault(require("../../is-function"));
+module.exports = function sandboxCheck(key, value) {
+    if (value === false) {
+        return;
+    }
+    if (value === true) {
+        return;
+    }
+    if (!Array.isArray(value)) {
+        throw new Error("\"" + value + "\" is not a valid value for " + key + ". Use an array of strings or `true`.");
+    }
+    if (value.length === 0) {
+        throw new Error(key + " must have at least one value. To block everything, set " + key + " to `true`.");
+    }
+    value.forEach(function (expression) {
+        if (is_function_1.default(expression)) {
+            return;
+        }
+        if (config_1.default.sandboxDirectives.indexOf(expression) === -1) {
+            throw new Error("\"" + expression + "\" is not a valid " + key + " directive. Remove it.");
+        }
+    });
+};

node_modules/helmet-csp/dist/lib/check-options/check-directive/source-list.js

@@ -0,0 +1,37 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var config_1 = __importDefault(require("../../config"));
+var is_function_1 = __importDefault(require("../../is-function"));
+module.exports = function sourceListCheck(key, value) {
+    if (value === false) {
+        return;
+    }
+    if (!Array.isArray(value)) {
+        throw new Error("\"" + value + "\" is not a valid value for " + key + ". Use an array of strings.");
+    }
+    if (value.length === 0) {
+        throw new Error(key + " must have at least one value. To block everything, set " + key + " to [\"'none'\"].");
+    }
+    value.forEach(function (sourceExpression) {
+        if (!sourceExpression) {
+            throw new Error("\"" + sourceExpression + "\" is not a valid source expression. Only non-empty strings are allowed.");
+        }
+        if (is_function_1.default(sourceExpression)) {
+            return;
+        }
+        sourceExpression = sourceExpression.valueOf();
+        if (typeof sourceExpression !== 'string' || sourceExpression.length === 0) {
+            throw new Error("\"" + sourceExpression + "\" is not a valid source expression. Only non-empty strings are allowed.");
+        }
+        var directiveInfo = config_1.default.directives[key];
+        if (!directiveInfo.hasUnsafes && config_1.default.unsafes.indexOf(sourceExpression) !== -1 ||
+            !directiveInfo.hasStrictDynamic && config_1.default.strictDynamics.indexOf(sourceExpression) !== -1) {
+            throw new Error("\"" + sourceExpression + "\" does not make sense in " + key + ". Remove it.");
+        }
+        if (config_1.default.mustQuote.indexOf(sourceExpression) !== -1) {
+            throw new Error("\"" + sourceExpression + "\" must be quoted in " + key + ". Change it to \"'" + sourceExpression + "'\" in your source list. Force this by enabling loose mode.");
+        }
+    });
+};

node_modules/helmet-csp/dist/lib/check-options/index.js

@@ -0,0 +1,22 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var dasherize_1 = __importDefault(require("dasherize"));
+var check_directive_1 = __importDefault(require("./check-directive"));
+function isObject(value) {
+    return Object.prototype.toString.call(value) === '[object Object]';
+}
+module.exports = function (options) {
+    if (!isObject(options)) {
+        throw new Error('csp must be called with an object argument. See the documentation.');
+    }
+    var directives = options.directives;
+    if (!isObject(directives) || Object.keys(directives).length === 0) {
+        throw new Error('csp must have at least one directive under the "directives" key. See the documentation.');
+    }
+    Object.keys(directives).forEach(function (directiveKey) {
+        var typedKey = directiveKey;
+        check_directive_1.default(dasherize_1.default(directiveKey), directives[typedKey], options);
+    });
+};