61 lines
1.8 KiB
JavaScript
61 lines
1.8 KiB
JavaScript
"use strict";
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
function parseActionOption(actionOption) {
|
|
var invalidActionErr = new Error('action must be undefined, "DENY", "ALLOW-FROM", or "SAMEORIGIN".');
|
|
if (actionOption === undefined) {
|
|
actionOption = "SAMEORIGIN";
|
|
}
|
|
else if (actionOption instanceof String) {
|
|
actionOption = actionOption.valueOf();
|
|
}
|
|
var result;
|
|
if (typeof actionOption === "string") {
|
|
result = actionOption.toUpperCase();
|
|
}
|
|
else {
|
|
throw invalidActionErr;
|
|
}
|
|
if (result === "ALLOWFROM") {
|
|
result = "ALLOW-FROM";
|
|
}
|
|
else if (result === "SAME-ORIGIN") {
|
|
result = "SAMEORIGIN";
|
|
}
|
|
if (["DENY", "ALLOW-FROM", "SAMEORIGIN"].indexOf(result) === -1) {
|
|
throw invalidActionErr;
|
|
}
|
|
return result;
|
|
}
|
|
function parseDomainOption(domainOption) {
|
|
if (domainOption instanceof String) {
|
|
domainOption = domainOption.valueOf();
|
|
}
|
|
if (typeof domainOption !== "string") {
|
|
throw new Error("ALLOW-FROM action requires a string domain parameter.");
|
|
}
|
|
else if (!domainOption.length) {
|
|
throw new Error("domain parameter must not be empty.");
|
|
}
|
|
return domainOption;
|
|
}
|
|
function getHeaderValueFromOptions(options) {
|
|
var action = parseActionOption(options.action);
|
|
if (action === "ALLOW-FROM") {
|
|
var domain = parseDomainOption(options.domain);
|
|
return action + " " + domain;
|
|
}
|
|
else {
|
|
return action;
|
|
}
|
|
}
|
|
function xFrameOptions(options) {
|
|
if (options === void 0) { options = {}; }
|
|
var headerValue = getHeaderValueFromOptions(options);
|
|
return function xFrameOptionsMiddleware(_req, res, next) {
|
|
res.setHeader("X-Frame-Options", headerValue);
|
|
next();
|
|
};
|
|
}
|
|
module.exports = xFrameOptions;
|
|
exports.default = xFrameOptions;
|