Security upgrades

node_modules/helmet/dist/middlewares/x-frame-options/index.js

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+function parseActionOption(actionOption) {
+    var invalidActionErr = new Error('action must be undefined, "DENY", "ALLOW-FROM", or "SAMEORIGIN".');
+    if (actionOption === undefined) {
+        actionOption = "SAMEORIGIN";
+    }
+    else if (actionOption instanceof String) {
+        actionOption = actionOption.valueOf();
+    }
+    var result;
+    if (typeof actionOption === "string") {
+        result = actionOption.toUpperCase();
+    }
+    else {
+        throw invalidActionErr;
+    }
+    if (result === "ALLOWFROM") {
+        result = "ALLOW-FROM";
+    }
+    else if (result === "SAME-ORIGIN") {
+        result = "SAMEORIGIN";
+    }
+    if (["DENY", "ALLOW-FROM", "SAMEORIGIN"].indexOf(result) === -1) {
+        throw invalidActionErr;
+    }
+    return result;
+}
+function parseDomainOption(domainOption) {
+    if (domainOption instanceof String) {
+        domainOption = domainOption.valueOf();
+    }
+    if (typeof domainOption !== "string") {
+        throw new Error("ALLOW-FROM action requires a string domain parameter.");
+    }
+    else if (!domainOption.length) {
+        throw new Error("domain parameter must not be empty.");
+    }
+    return domainOption;
+}
+function getHeaderValueFromOptions(options) {
+    var action = parseActionOption(options.action);
+    if (action === "ALLOW-FROM") {
+        var domain = parseDomainOption(options.domain);
+        return action + " " + domain;
+    }
+    else {
+        return action;
+    }
+}
+function xFrameOptions(options) {
+    if (options === void 0) { options = {}; }
+    var headerValue = getHeaderValueFromOptions(options);
+    return function xFrameOptionsMiddleware(_req, res, next) {
+        res.setHeader("X-Frame-Options", headerValue);
+        next();
+    };
+}
+module.exports = xFrameOptions;
+exports.default = xFrameOptions;