From 871d133da33f6a0b074f23bcb0fbe421d89c1dd7 Mon Sep 17 00:00:00 2001 From: StephanBijzitter Date: Wed, 15 Sep 2021 15:33:42 +0200 Subject: [PATCH] Allow nonceEnabled and hashEnabled to take single boolean values Providing a single boolean value to either of these options will now apply the value to each provided policy directive. Closes slackhq/csp-html-webpack-plugin#98 --- plugin.js | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/plugin.js b/plugin.js index 56b927c..dc158ca 100644 --- a/plugin.js +++ b/plugin.js @@ -46,6 +46,17 @@ const defaultProcessFn = (builtPolicy, htmlPluginData, $) => { : $.html(); }; +const convert = (keys, value) => + typeof value !== 'boolean' + ? value + : keys.reduce( + (previousValue, currentValue) => ({ + ...previousValue, + [currentValue]: value, + }), + {} + ); + const defaultPolicy = { 'base-uri': "'self'", 'object-src': "'none'", @@ -56,14 +67,8 @@ const defaultPolicy = { const defaultAdditionalOpts = { enabled: true, hashingMethod: 'sha256', - hashEnabled: { - 'script-src': true, - 'style-src': true, - }, - nonceEnabled: { - 'script-src': true, - 'style-src': true, - }, + hashEnabled: true, + nonceEnabled: true, processFn: defaultProcessFn, }; @@ -112,14 +117,22 @@ class CspHtmlWebpackPlugin { this.validatePolicy(compilation); // 2. Lets set which hashes and nonces are enabled for this HtmlWebpackPlugin instance + const policyKeys = Object.keys(this.policy); + this.hashEnabled = Object.freeze({ - ...this.opts.hashEnabled, - ...get(htmlPluginData, 'plugin.options.cspPlugin.hashEnabled', {}), + ...convert(policyKeys, this.opts.hashEnabled), + ...convert( + policyKeys, + get(htmlPluginData, 'plugin.options.cspPlugin.hashEnabled', {}) + ), }); this.nonceEnabled = Object.freeze({ - ...this.opts.nonceEnabled, - ...get(htmlPluginData, 'plugin.options.cspPlugin.nonceEnabled', {}), + ...convert(policyKeys, this.opts.nonceEnabled), + ...convert( + policyKeys, + get(htmlPluginData, 'plugin.options.cspPlugin.nonceEnabled', {}) + ), }); // 3. Get the processFn for this HtmlWebpackPlugin instance.