Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow nonceEnabled and hashEnabled to take single boolean values #101

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Allow nonceEnabled and hashEnabled to take single boolean values #101

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,8 +83,8 @@ This `CspHtmlWebpackPlugin` accepts 2 params with the following structure:
- The `htmlPluginData` is passed into the function as it's first param.
- If `enabled` is set the false, it will disable generating a CSP for all instances of `HtmlWebpackPlugin` in your webpack config.
- `{string}` hashingMethod - accepts 'sha256', 'sha384', 'sha512' - your node version must also accept this hashing method.
- `{object}` hashEnabled - a `<string, boolean>` entry for which policy rules are allowed to include hashes
- `{object}` nonceEnabled - a `<string, boolean>` entry for which policy rules are allowed to include nonces
- `{boolean|object}` hashEnabled - a `<string, boolean>` entry for which policy rules are allowed to include hashes, or a single boolean value to apply to all policy rules
- `{boolean|object}` nonceEnabled - a `<string, boolean>` entry for which policy rules are allowed to include nonces, or a single boolean value to apply to all policy rules
- `{Function}` processFn - allows the developer to overwrite the default method of what happens to the CSP after it has been created
- Parameters are:
- `builtPolicy`: a `string` containing the completed policy;
Expand Down
37 changes: 25 additions & 12 deletions plugin.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,17 @@ const defaultProcessFn = (builtPolicy, htmlPluginData, $) => {
: $.html();
};

const convert = (keys, value) =>
typeof value !== 'boolean'
? value
: keys.reduce(
(previousValue, currentValue) => ({
...previousValue,
[currentValue]: value,
}),
{}
);

const defaultPolicy = {
'base-uri': "'self'",
'object-src': "'none'",
Expand All @@ -56,14 +67,8 @@ const defaultPolicy = {
const defaultAdditionalOpts = {
enabled: true,
hashingMethod: 'sha256',
hashEnabled: {
'script-src': true,
'style-src': true,
},
nonceEnabled: {
'script-src': true,
'style-src': true,
},
hashEnabled: true,
nonceEnabled: true,
processFn: defaultProcessFn,
};

Expand Down Expand Up @@ -112,14 +117,22 @@ class CspHtmlWebpackPlugin {
this.validatePolicy(compilation);

// 2. Lets set which hashes and nonces are enabled for this HtmlWebpackPlugin instance
const policyKeys = Object.keys(this.policy);

this.hashEnabled = Object.freeze({
...this.opts.hashEnabled,
...get(htmlPluginData, 'plugin.options.cspPlugin.hashEnabled', {}),
...convert(policyKeys, this.opts.hashEnabled),
...convert(
policyKeys,
get(htmlPluginData, 'plugin.options.cspPlugin.hashEnabled', {})
),
});

this.nonceEnabled = Object.freeze({
...this.opts.nonceEnabled,
...get(htmlPluginData, 'plugin.options.cspPlugin.nonceEnabled', {}),
...convert(policyKeys, this.opts.nonceEnabled),
...convert(
policyKeys,
get(htmlPluginData, 'plugin.options.cspPlugin.nonceEnabled', {})
),
});

// 3. Get the processFn for this HtmlWebpackPlugin instance.
Expand Down