Allow nonceEnabled and hashEnabled to take single boolean values

Providing a single boolean value to either of these options will now apply the value to each provided policy directive. Closes slackhq#98
StephanBijzitter · Sep 15, 2021 · 1be6906 · 1be6906
1 parent c000a55
commit 1be6906
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -83,8 +83,8 @@ This `CspHtmlWebpackPlugin` accepts 2 params with the following structure:
     - The `htmlPluginData` is passed into the function as it's first param.
     - If `enabled` is set the false, it will disable generating a CSP for all instances of `HtmlWebpackPlugin` in your webpack config.
   - `{string}` hashingMethod - accepts 'sha256', 'sha384', 'sha512' - your node version must also accept this hashing method.
-  - `{object}` hashEnabled - a `<string, boolean>` entry for which policy rules are allowed to include hashes
-  - `{object}` nonceEnabled - a `<string, boolean>` entry for which policy rules are allowed to include nonces
+  - `{boolean|object}` hashEnabled - a `<string, boolean>` entry for which policy rules are allowed to include hashes, or a single boolean value to apply to all policy rules
+  - `{boolean|object}` nonceEnabled - a `<string, boolean>` entry for which policy rules are allowed to include nonces, or a single boolean value to apply to all policy rules
   - `{Function}` processFn - allows the developer to overwrite the default method of what happens to the CSP after it has been created
     - Parameters are:
       - `builtPolicy`: a `string` containing the completed policy;

diff --git a/plugin.js b/plugin.js
@@ -46,6 +46,17 @@ const defaultProcessFn = (builtPolicy, htmlPluginData, $) => {
     : $.html();
 };
 
+const convert = (keys, value) =>
+  typeof value !== 'boolean'
+    ? value
+    : keys.reduce(
+        (previousValue, currentValue) => ({
+          ...previousValue,
+          [currentValue]: value,
+        }),
+        {}
+      );
+
 const defaultPolicy = {
   'base-uri': "'self'",
   'object-src': "'none'",
@@ -56,14 +67,8 @@ const defaultPolicy = {
 const defaultAdditionalOpts = {
   enabled: true,
   hashingMethod: 'sha256',
-  hashEnabled: {
-    'script-src': true,
-    'style-src': true,
-  },
-  nonceEnabled: {
-    'script-src': true,
-    'style-src': true,
-  },
+  hashEnabled: true,
+  nonceEnabled: true,
   processFn: defaultProcessFn,
 };
 
@@ -112,14 +117,22 @@ class CspHtmlWebpackPlugin {
     this.validatePolicy(compilation);
 
     // 2. Lets set which hashes and nonces are enabled for this HtmlWebpackPlugin instance
+    const policyKeys = Object.keys(this.policy);
+
     this.hashEnabled = Object.freeze({
-      ...this.opts.hashEnabled,
-      ...get(htmlPluginData, 'plugin.options.cspPlugin.hashEnabled', {}),
+      ...convert(policyKeys, this.opts.hashEnabled),
+      ...convert(
+        policyKeys,
+        get(htmlPluginData, 'plugin.options.cspPlugin.hashEnabled', {})
+      ),
     });
 
     this.nonceEnabled = Object.freeze({
-      ...this.opts.nonceEnabled,
-      ...get(htmlPluginData, 'plugin.options.cspPlugin.nonceEnabled', {}),
+      ...convert(policyKeys, this.opts.nonceEnabled),
+      ...convert(
+        policyKeys,
+        get(htmlPluginData, 'plugin.options.cspPlugin.nonceEnabled', {})
+      ),
     });
 
     // 3. Get the processFn for this HtmlWebpackPlugin instance.