Content Security Policy Parser npm install --save-dev @damien.garrido/yacspp #!/usr/bin/env node
const { ContentSecurityPolicyParser } = require ( '@damien.garrido/yacspp' ) ;
const header = "default-src 'self'; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self'; img-src 'self' data: www.example.com; object-src 'none'; script-src 'self' 'sha256-2yQBTLGLI1sDcBILfj/o6b5ufMv6CEwPYOk3RZI/WjE=' 'sha256-GeDavzSZ8O71Jggf/pQkKbt52dfZkrdNMQ3e+Ox+AkI='; script-src-attr 'none'; style-src 'self' https: 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; upgrade-insecure-requests;" ;
const originalPolicy = new ContentSecurityPolicyParser ( header ) ;
const updatedPolicy = new ContentSecurityPolicyParser ( header ) ;
const filteredOutDirectives = [ 'block-all-mixed-content' ]
newDirectives = {
'sandbox' : null ,
'my-src' : [ "'self'" , 'http:' , 'https:' ]
}
const augmentedDirectives = {
'default-src' : [ 'http:' , 'https:' ]
}
const diminishedDirectives = {
'img-src' : [ 'www.example.com' ]
}
// Filter out directives
for ( [ directive , sources ] of Object . entries ( originalPolicy . directives ) ) {
if ( filteredOutDirectives . includes ( directive ) ) {
updatedPolicy . remove ( directive )
}
}
// Add new directives
for ( [ directive , sources ] of Object . entries ( newDirectives ) ) {
updatedPolicy . add_source ( directive , sources )
}
// Add sources to directives
for ( [ directive , sources ] of Object . entries ( augmentedDirectives ) ) {
updatedPolicy . add_source ( directive , sources )
}
// Remove sources from directives
for ( [ directive , sources ] of Object . entries ( diminishedDirectives ) ) {
updatedPolicy . remove_source ( directive , sources )
}
console . log ( originalPolicy . directives )
console . log ( updatedPolicy . directives )
console . log ( originalPolicy . toString ( ) )
console . log ( updatedPolicy . toString ( ) )