full site update
This commit is contained in:
16
node_modules/astro/dist/core/csp/common.d.ts
generated
vendored
Normal file
16
node_modules/astro/dist/core/csp/common.d.ts
generated
vendored
Normal file
@@ -0,0 +1,16 @@
|
||||
import type { AstroSettings } from '../../types/astro.js';
|
||||
import type { AstroConfig, CspAlgorithm } from '../../types/public/index.js';
|
||||
import type { BuildInternals } from '../build/internal.js';
|
||||
import type { CspDirective } from './config.js';
|
||||
type EnabledCsp = Exclude<AstroConfig['experimental']['csp'], false>;
|
||||
export declare function shouldTrackCspHashes(csp: any): csp is EnabledCsp;
|
||||
export declare function getAlgorithm(csp: EnabledCsp): CspAlgorithm;
|
||||
export declare function getScriptHashes(csp: EnabledCsp): string[];
|
||||
export declare function getScriptResources(csp: EnabledCsp): string[];
|
||||
export declare function getStyleHashes(csp: EnabledCsp): string[];
|
||||
export declare function getStyleResources(csp: EnabledCsp): string[];
|
||||
export declare function getDirectives(csp: EnabledCsp): CspDirective[];
|
||||
export declare function getStrictDynamic(csp: EnabledCsp): boolean;
|
||||
export declare function trackStyleHashes(internals: BuildInternals, settings: AstroSettings, algorithm: CspAlgorithm): Promise<string[]>;
|
||||
export declare function trackScriptHashes(internals: BuildInternals, settings: AstroSettings, algorithm: CspAlgorithm): Promise<string[]>;
|
||||
export {};
|
||||
116
node_modules/astro/dist/core/csp/common.js
generated
vendored
Normal file
116
node_modules/astro/dist/core/csp/common.js
generated
vendored
Normal file
@@ -0,0 +1,116 @@
|
||||
import { readFileSync } from "node:fs";
|
||||
import { fileURLToPath } from "node:url";
|
||||
import astroIslandPrebuilt from "../../runtime/server/astro-island.prebuilt.js";
|
||||
import astroIslandPrebuiltDev from "../../runtime/server/astro-island.prebuilt-dev.js";
|
||||
import { ISLAND_STYLES } from "../../runtime/server/astro-island-styles.js";
|
||||
import { generateCspDigest } from "../encryption.js";
|
||||
function shouldTrackCspHashes(csp) {
|
||||
return csp === true || typeof csp === "object";
|
||||
}
|
||||
function getAlgorithm(csp) {
|
||||
if (csp === true) {
|
||||
return "SHA-256";
|
||||
}
|
||||
return csp.algorithm;
|
||||
}
|
||||
function getScriptHashes(csp) {
|
||||
if (csp === true) {
|
||||
return [];
|
||||
} else {
|
||||
return csp.scriptDirective?.hashes ?? [];
|
||||
}
|
||||
}
|
||||
function getScriptResources(csp) {
|
||||
if (csp === true) {
|
||||
return [];
|
||||
}
|
||||
return csp.scriptDirective?.resources ?? [];
|
||||
}
|
||||
function getStyleHashes(csp) {
|
||||
if (csp === true) {
|
||||
return [];
|
||||
}
|
||||
return csp.styleDirective?.hashes ?? [];
|
||||
}
|
||||
function getStyleResources(csp) {
|
||||
if (csp === true) {
|
||||
return [];
|
||||
}
|
||||
return csp.styleDirective?.resources ?? [];
|
||||
}
|
||||
function getDirectives(csp) {
|
||||
if (csp === true) {
|
||||
return [];
|
||||
}
|
||||
return csp.directives ?? [];
|
||||
}
|
||||
function getStrictDynamic(csp) {
|
||||
if (csp === true) {
|
||||
return false;
|
||||
}
|
||||
return csp.scriptDirective?.strictDynamic ?? false;
|
||||
}
|
||||
async function trackStyleHashes(internals, settings, algorithm) {
|
||||
const clientStyleHashes = [];
|
||||
for (const [_, page] of internals.pagesByViteID.entries()) {
|
||||
for (const style of page.styles) {
|
||||
if (style.sheet.type === "inline") {
|
||||
clientStyleHashes.push(await generateCspDigest(style.sheet.content, algorithm));
|
||||
}
|
||||
}
|
||||
}
|
||||
for (const clientAsset in internals.clientChunksAndAssets) {
|
||||
const contents = readFileSync(
|
||||
fileURLToPath(new URL(clientAsset, settings.config.build.client)),
|
||||
"utf-8"
|
||||
);
|
||||
if (clientAsset.endsWith(".css") || clientAsset.endsWith(".css")) {
|
||||
clientStyleHashes.push(await generateCspDigest(contents, algorithm));
|
||||
}
|
||||
}
|
||||
if (settings.renderers.length > 0) {
|
||||
clientStyleHashes.push(await generateCspDigest(ISLAND_STYLES, algorithm));
|
||||
}
|
||||
return clientStyleHashes;
|
||||
}
|
||||
async function trackScriptHashes(internals, settings, algorithm) {
|
||||
const clientScriptHashes = [];
|
||||
for (const script of internals.inlinedScripts.values()) {
|
||||
clientScriptHashes.push(await generateCspDigest(script, algorithm));
|
||||
}
|
||||
for (const directiveContent of Array.from(settings.clientDirectives.values())) {
|
||||
clientScriptHashes.push(await generateCspDigest(directiveContent, algorithm));
|
||||
}
|
||||
for (const clientAsset in internals.clientChunksAndAssets) {
|
||||
const contents = readFileSync(
|
||||
fileURLToPath(new URL(clientAsset, settings.config.build.client)),
|
||||
"utf-8"
|
||||
);
|
||||
if (clientAsset.endsWith(".js") || clientAsset.endsWith(".mjs")) {
|
||||
clientScriptHashes.push(await generateCspDigest(contents, algorithm));
|
||||
}
|
||||
}
|
||||
for (const script of settings.scripts) {
|
||||
const { content, stage } = script;
|
||||
if (stage === "head-inline" || stage === "before-hydration") {
|
||||
clientScriptHashes.push(await generateCspDigest(content, algorithm));
|
||||
}
|
||||
}
|
||||
if (settings.renderers.length > 0) {
|
||||
clientScriptHashes.push(await generateCspDigest(astroIslandPrebuilt, algorithm));
|
||||
clientScriptHashes.push(await generateCspDigest(astroIslandPrebuiltDev, algorithm));
|
||||
}
|
||||
return clientScriptHashes;
|
||||
}
|
||||
export {
|
||||
getAlgorithm,
|
||||
getDirectives,
|
||||
getScriptHashes,
|
||||
getScriptResources,
|
||||
getStrictDynamic,
|
||||
getStyleHashes,
|
||||
getStyleResources,
|
||||
shouldTrackCspHashes,
|
||||
trackScriptHashes,
|
||||
trackStyleHashes
|
||||
};
|
||||
16
node_modules/astro/dist/core/csp/config.d.ts
generated
vendored
Normal file
16
node_modules/astro/dist/core/csp/config.d.ts
generated
vendored
Normal file
@@ -0,0 +1,16 @@
|
||||
import { z } from 'zod';
|
||||
export declare const ALGORITHMS: {
|
||||
readonly 'SHA-256': "sha256-";
|
||||
readonly 'SHA-384': "sha384-";
|
||||
readonly 'SHA-512': "sha512-";
|
||||
};
|
||||
type Algorithms = typeof ALGORITHMS;
|
||||
export type CspAlgorithm = keyof Algorithms;
|
||||
export declare const cspAlgorithmSchema: z.ZodDefault<z.ZodOptional<z.ZodEnum<["SHA-256", "SHA-384", "SHA-512"]>>>;
|
||||
export declare const cspHashSchema: z.ZodType<`sha256-${string}` | `sha384-${string}` | `sha512-${string}`, z.ZodTypeDef, `sha256-${string}` | `sha384-${string}` | `sha512-${string}`>;
|
||||
export type CspHash = z.infer<typeof cspHashSchema>;
|
||||
declare const ALLOWED_DIRECTIVES: readonly ["base-uri", "child-src", "connect-src", "default-src", "fenced-frame-src", "font-src", "form-action", "frame-ancestors", "frame-src", "img-src", "manifest-src", "media-src", "object-src", "referrer", "report-to", "report-uri", "require-trusted-types-for", "sandbox", "trusted-types", "upgrade-insecure-requests", "worker-src"];
|
||||
type AllowedDirectives = (typeof ALLOWED_DIRECTIVES)[number];
|
||||
export type CspDirective = `${AllowedDirectives}${string | undefined}`;
|
||||
export declare const allowedDirectivesSchema: z.ZodType<`base-uri${string}` | `child-src${string}` | `connect-src${string}` | `default-src${string}` | `fenced-frame-src${string}` | `font-src${string}` | `form-action${string}` | `frame-ancestors${string}` | `frame-src${string}` | `img-src${string}` | `manifest-src${string}` | `media-src${string}` | `object-src${string}` | `referrer${string}` | `report-to${string}` | `report-uri${string}` | `require-trusted-types-for${string}` | `sandbox${string}` | `trusted-types${string}` | `upgrade-insecure-requests${string}` | `worker-src${string}`, z.ZodTypeDef, `base-uri${string}` | `child-src${string}` | `connect-src${string}` | `default-src${string}` | `fenced-frame-src${string}` | `font-src${string}` | `form-action${string}` | `frame-ancestors${string}` | `frame-src${string}` | `img-src${string}` | `manifest-src${string}` | `media-src${string}` | `object-src${string}` | `referrer${string}` | `report-to${string}` | `report-uri${string}` | `require-trusted-types-for${string}` | `sandbox${string}` | `trusted-types${string}` | `upgrade-insecure-requests${string}` | `worker-src${string}`>;
|
||||
export {};
|
||||
53
node_modules/astro/dist/core/csp/config.js
generated
vendored
Normal file
53
node_modules/astro/dist/core/csp/config.js
generated
vendored
Normal file
@@ -0,0 +1,53 @@
|
||||
import { z } from "zod";
|
||||
const ALGORITHMS = {
|
||||
"SHA-256": "sha256-",
|
||||
"SHA-384": "sha384-",
|
||||
"SHA-512": "sha512-"
|
||||
};
|
||||
const ALGORITHM_VALUES = Object.values(ALGORITHMS);
|
||||
const cspAlgorithmSchema = z.enum(Object.keys(ALGORITHMS)).optional().default("SHA-256");
|
||||
const cspHashSchema = z.custom((value) => {
|
||||
if (typeof value !== "string") {
|
||||
return false;
|
||||
}
|
||||
return ALGORITHM_VALUES.some((allowedValue) => {
|
||||
return value.startsWith(allowedValue);
|
||||
});
|
||||
});
|
||||
const ALLOWED_DIRECTIVES = [
|
||||
"base-uri",
|
||||
"child-src",
|
||||
"connect-src",
|
||||
"default-src",
|
||||
"fenced-frame-src",
|
||||
"font-src",
|
||||
"form-action",
|
||||
"frame-ancestors",
|
||||
"frame-src",
|
||||
"img-src",
|
||||
"manifest-src",
|
||||
"media-src",
|
||||
"object-src",
|
||||
"referrer",
|
||||
"report-to",
|
||||
"report-uri",
|
||||
"require-trusted-types-for",
|
||||
"sandbox",
|
||||
"trusted-types",
|
||||
"upgrade-insecure-requests",
|
||||
"worker-src"
|
||||
];
|
||||
const allowedDirectivesSchema = z.custom((value) => {
|
||||
if (typeof value !== "string") {
|
||||
return false;
|
||||
}
|
||||
return ALLOWED_DIRECTIVES.some((allowedValue) => {
|
||||
return value.startsWith(allowedValue);
|
||||
});
|
||||
});
|
||||
export {
|
||||
ALGORITHMS,
|
||||
allowedDirectivesSchema,
|
||||
cspAlgorithmSchema,
|
||||
cspHashSchema
|
||||
};
|
||||
Reference in New Issue
Block a user