29 lines
1.1 KiB
JavaScript
29 lines
1.1 KiB
JavaScript
|
"use strict"
|
||
|
Object.defineProperty(exports, "__esModule", { value: true })
|
||
|
const ALLOWED_TOKENS = new Set(["no-referrer", "no-referrer-when-downgrade", "same-origin", "origin", "strict-origin", "origin-when-cross-origin", "strict-origin-when-cross-origin", "unsafe-url", ""])
|
||
|
function getHeaderValueFromOptions({ policy = ["no-referrer"] }) {
|
||
|
const tokens = typeof policy === "string" ? [policy] : policy
|
||
|
if (tokens.length === 0) {
|
||
|
throw new Error("Referrer-Policy received no policy tokens")
|
||
|
}
|
||
|
const tokensSeen = new Set()
|
||
|
tokens.forEach(token => {
|
||
|
if (!ALLOWED_TOKENS.has(token)) {
|
||
|
throw new Error(`Referrer-Policy received an unexpected policy token ${JSON.stringify(token)}`)
|
||
|
} else if (tokensSeen.has(token)) {
|
||
|
throw new Error(`Referrer-Policy received a duplicate policy token ${JSON.stringify(token)}`)
|
||
|
}
|
||
|
tokensSeen.add(token)
|
||
|
})
|
||
|
return tokens.join(",")
|
||
|
}
|
||
|
function referrerPolicy(options = {}) {
|
||
|
const headerValue = getHeaderValueFromOptions(options)
|
||
|
return function referrerPolicyMiddleware(_req, res, next) {
|
||
|
res.setHeader("Referrer-Policy", headerValue)
|
||
|
next()
|
||
|
}
|
||
|
}
|
||
|
module.exports = referrerPolicy
|
||
|
exports.default = referrerPolicy
|