Security upgrades

node_modules/helmet/dist/middlewares/expect-ct/index.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+function parseMaxAge(value) {
+    if (value === undefined) {
+        return 0;
+    }
+    else if (typeof value === "number" && value >= 0) {
+        return Math.floor(value);
+    }
+    else {
+        throw new Error(value + " is not a valid value for maxAge. Please choose a positive integer.");
+    }
+}
+function getHeaderValueFromOptions(options) {
+    var directives = [];
+    if (options.enforce) {
+        directives.push("enforce");
+    }
+    directives.push("max-age=" + parseMaxAge(options.maxAge));
+    if (options.reportUri) {
+        directives.push("report-uri=\"" + options.reportUri + "\"");
+    }
+    return directives.join(", ");
+}
+function expectCt(options) {
+    if (options === void 0) { options = {}; }
+    var headerValue = getHeaderValueFromOptions(options);
+    return function expectCtMiddleware(_req, res, next) {
+        res.setHeader("Expect-CT", headerValue);
+        next();
+    };
+}
+module.exports = expectCt;
+exports.default = expectCt;

node_modules/helmet/dist/middlewares/x-dns-prefetch-control/index.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+function xDnsPrefetchControl(options) {
+    if (options === void 0) { options = {}; }
+    var headerValue = options.allow ? "on" : "off";
+    return function xDnsPrefetchControlMiddleware(_req, res, next) {
+        res.setHeader("X-DNS-Prefetch-Control", headerValue);
+        next();
+    };
+}
+module.exports = xDnsPrefetchControl;
+exports.default = xDnsPrefetchControl;

node_modules/helmet/dist/middlewares/x-download-options/index.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+function xDownloadOptionsMiddleware(_req, res, next) {
+    res.setHeader("X-Download-Options", "noopen");
+    next();
+}
+function xDownloadOptions() {
+    return xDownloadOptionsMiddleware;
+}
+module.exports = xDownloadOptions;
+exports.default = xDownloadOptions;

node_modules/helmet/dist/middlewares/x-frame-options/index.js

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+function parseActionOption(actionOption) {
+    var invalidActionErr = new Error('action must be undefined, "DENY", "ALLOW-FROM", or "SAMEORIGIN".');
+    if (actionOption === undefined) {
+        actionOption = "SAMEORIGIN";
+    }
+    else if (actionOption instanceof String) {
+        actionOption = actionOption.valueOf();
+    }
+    var result;
+    if (typeof actionOption === "string") {
+        result = actionOption.toUpperCase();
+    }
+    else {
+        throw invalidActionErr;
+    }
+    if (result === "ALLOWFROM") {
+        result = "ALLOW-FROM";
+    }
+    else if (result === "SAME-ORIGIN") {
+        result = "SAMEORIGIN";
+    }
+    if (["DENY", "ALLOW-FROM", "SAMEORIGIN"].indexOf(result) === -1) {
+        throw invalidActionErr;
+    }
+    return result;
+}
+function parseDomainOption(domainOption) {
+    if (domainOption instanceof String) {
+        domainOption = domainOption.valueOf();
+    }
+    if (typeof domainOption !== "string") {
+        throw new Error("ALLOW-FROM action requires a string domain parameter.");
+    }
+    else if (!domainOption.length) {
+        throw new Error("domain parameter must not be empty.");
+    }
+    return domainOption;
+}
+function getHeaderValueFromOptions(options) {
+    var action = parseActionOption(options.action);
+    if (action === "ALLOW-FROM") {
+        var domain = parseDomainOption(options.domain);
+        return action + " " + domain;
+    }
+    else {
+        return action;
+    }
+}
+function xFrameOptions(options) {
+    if (options === void 0) { options = {}; }
+    var headerValue = getHeaderValueFromOptions(options);
+    return function xFrameOptionsMiddleware(_req, res, next) {
+        res.setHeader("X-Frame-Options", headerValue);
+        next();
+    };
+}
+module.exports = xFrameOptions;
+exports.default = xFrameOptions;