teddit/node_modules/helmet/dist/middlewares/x-frame-options/index.js

27 lines
1.0 KiB
JavaScript
Raw Normal View History

2020-11-17 21:44:32 +01:00
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
function getHeaderValueFromOptions({ action = "SAMEORIGIN", }) {
action = String(action).toUpperCase();
if (action === "SAME-ORIGIN") {
return "SAMEORIGIN";
}
else if (action === "DENY" || action === "SAMEORIGIN") {
return action;
}
else if (action === "ALLOW-FROM") {
throw new Error("X-Frame-Options no longer supports `ALLOW-FROM` due to poor browser support. See <https://github.com/helmetjs/helmet/wiki/How-to-use-X%E2%80%93Frame%E2%80%93Options's-%60ALLOW%E2%80%93FROM%60-directive> for more info.");
}
else {
throw new Error(`X-Frame-Options received an invalid action ${JSON.stringify(action)}`);
}
}
function xFrameOptions(options = {}) {
const headerValue = getHeaderValueFromOptions(options);
return function xFrameOptionsMiddleware(_req, res, next) {
res.setHeader("X-Frame-Options", headerValue);
next();
};
}
module.exports = xFrameOptions;
exports.default = xFrameOptions;