20 lines
809 B
JavaScript
20 lines
809 B
JavaScript
|
"use strict"
|
||
|
Object.defineProperty(exports, "__esModule", { value: true })
|
||
|
const ALLOWED_PERMITTED_POLICIES = new Set(["none", "master-only", "by-content-type", "all"])
|
||
|
function getHeaderValueFromOptions({ permittedPolicies = "none" }) {
|
||
|
if (ALLOWED_PERMITTED_POLICIES.has(permittedPolicies)) {
|
||
|
return permittedPolicies
|
||
|
} else {
|
||
|
throw new Error(`X-Permitted-Cross-Domain-Policies does not support ${JSON.stringify(permittedPolicies)}`)
|
||
|
}
|
||
|
}
|
||
|
function xPermittedCrossDomainPolicies(options = {}) {
|
||
|
const headerValue = getHeaderValueFromOptions(options)
|
||
|
return function xPermittedCrossDomainPoliciesMiddleware(_req, res, next) {
|
||
|
res.setHeader("X-Permitted-Cross-Domain-Policies", headerValue)
|
||
|
next()
|
||
|
}
|
||
|
}
|
||
|
module.exports = xPermittedCrossDomainPolicies
|
||
|
exports.default = xPermittedCrossDomainPolicies
|