v0.0.1

.gitignore

@@ -0,0 +1,4 @@
+.idea
+.DS_Store
+node_modules
+npm-debug.log

index.js

@@ -0,0 +1,73 @@
+var allowedPolicies = [
+	'base-uri',
+	'default-src',
+	'script-src',
+	'style-src',
+	'img-src',
+	'frame-src',
+	'script-src',
+	'child-src',
+	'connect-src',
+	'object-src',
+	'media-src',
+	'font-src',
+	'form-action',
+	'frame-ancestors',
+	'plugin-types'
+];
+
+/**
+ * Builds Content-Security-Policy header
+ * @param policies {object} Policies
+ * @returns {string}
+ */
+function buildCSPString(policies, reportUri){
+	var cspString = Object.keys(policies).map(function(policyName){
+		return policyName + ' ' + policies[policyName].join(' ');
+	}).join('; ') + ';';
+
+	if(typeof reportUri === 'string'){
+		cspString += ' report-uri ' + reportUri + ';';
+	}
+
+	return cspString;
+}
+
+function csp(params){
+	var policies;
+
+	// params should be an object
+	if(typeof params !== 'object'){
+		return;
+	}
+
+	// property policies is required
+	if(typeof params.policies !== 'object'){
+		return;
+	}
+
+	// filter disallowed policies
+	policies = Object.keys(params.policies).reduce(function(policies, policyName){
+		if(allowedPolicies.indexOf(policyName) > -1){
+			policies[policyName] = params.policies[policyName];
+		}
+		return policies;
+	}, {});
+
+	return buildCSPString(policies, params['report-uri']);
+}
+
+/**
+ * Build nonce param
+ * @param nonceId {string} Nonce param id
+ * @returns {string} Nonce param
+ */
+csp.nonce = function(nonceId){
+	return 'nonce-' + nonceId;
+};
+
+csp.SELF = '\'self\'';
+csp.INLINE = '\'unsafe-inline\'';
+csp.EVAL = '\'unsafe-eval\'';
+
+module.exports = csp;

package.json

@@ -0,0 +1,35 @@
+{
+  "name": "csp-header",
+  "version": "0.0.1",
+  "description": "Content-Security-Policy header generator",
+  "main": "index.js",
+  "scripts": {
+    "test": "mocha test"
+  },
+  "keywords": [
+    "csp",
+    "content-security-policy",
+    "security",
+    "policy"
+  ],
+  "author": "frux",
+  "license": "WTFPL",
+  "devDependencies": {
+    "mocha": "^2.4.5",
+    "should": "^8.3.0"
+  },
+  "directories": {
+    "test": "test"
+  },
+  "dependencies": {
+    "should": "^8.3.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/frux/csp-header.git"
+  },
+  "bugs": {
+    "url": "https://github.com/frux/csp-header/issues"
+  },
+  "homepage": "https://github.com/frux/csp-header#readme"
+}

test/index.test.js

@@ -0,0 +1,51 @@
+var should = require('should');
+var csp = require('../index');
+
+describe('Input params', function(){
+	it('should returns undefined if params was not specified', function(){
+		should(csp()).be.type('undefined');
+	});
+
+	it('should returns undefined if policies property was not specified', function(){
+		should(csp({
+			nonce: true,
+			foo: 'bar'
+		})).be.type('undefined');
+	});
+
+	it('should ignore disallowed policies', function(){
+		csp({
+			policies: {
+				'script-src': [ 'test.com', csp.SELF ],
+				'foo-bar-src': [ 'foo', 'bar' ]
+			}
+		}).should.be.equal('script-src test.com \'self\';');
+	});
+
+	it('should add report-uri param', function(){
+		csp({
+			policies: {
+				'script-src': [ csp.SELF ]
+			},
+			'report-uri': 'https://test.com/cspreport'
+		}).should.be.equal('script-src \'self\'; report-uri https://test.com/cspreport;');
+	});
+});
+
+describe('Utils', function(){
+	it('should build nonce param', function(){
+		csp.nonce('vg3eer#E4gEbw34gwq3fgqGQWBWQh').should.be.equal('nonce-vg3eer#E4gEbw34gwq3fgqGQWBWQh');
+	});
+
+	describe('Constants', function(){
+		it('should contains \'self\'', function(){
+			csp.SELF.should.be.equal('\'self\'');
+		});
+		it('should contains \'unsafe-inline\'', function(){
+			csp.INLINE.should.be.equal('\'unsafe-inline\'');
+		});
+		it('should contains \'unsafe-eval\'', function(){
+			csp.EVAL.should.be.equal('\'unsafe-eval\'');
+		});
+	});
+});