Compare commits

...

2 commits

Author SHA1 Message Date
e9c600b869 Flaska: Add support for appendHeaders in constructor.
All checks were successful
continuous-integration/appveyor/branch AppVeyor build succeeded
* Allows to append individual headers to the defaultHeaders without completely
  replacing the default values.
2022-06-16 09:59:30 +00:00
568c620782 Flaska: Add support for appendHeaders to compliment default headers instead of completely replacing them 2022-06-16 09:58:11 +00:00
3 changed files with 40 additions and 1 deletions

View file

@ -644,6 +644,13 @@ export class Flaska {
nonceCacheLength: opts.nonceCacheLength || 25
}
if (opts.appendHeaders) {
let appendKeys = Object.keys(opts.appendHeaders)
for (let key of appendKeys) {
options.defaultHeaders[key] = opts.appendHeaders[key]
}
}
if (!options.defaultHeaders && options.nonce.length) {
// throw error
}

View file

@ -1,6 +1,6 @@
{
"name": "flaska",
"version": "1.2.4",
"version": "1.2.5",
"description": "Flaska is a micro web-framework for node. It is designed to be fast, simple and lightweight, and is distributed as a single file module with no dependencies.",
"main": "flaska.mjs",
"scripts": {

View file

@ -90,6 +90,38 @@ t.describe('#constructor', function() {
assert.strictEqual(flaska._after.length, 0)
})
t.test('should have before ready setting headers on context if appendHeaders is specified', function() {
const appendHeaders = {
'Server': 'nginx/1.16.1',
'Herp': 'Derp',
}
let flaska = new Flaska({
appendHeaders: appendHeaders,
}, faker)
assert.strictEqual(flaska._before.length, 1)
let ctx = {}
flaska._before[0](ctx)
assert.deepEqual(
Object.keys(ctx.headers).sort(),
['Server', 'Herp', 'X-Content-Type-Options','Content-Security-Policy','Cross-Origin-Opener-Policy','Cross-Origin-Resource-Policy','Cross-Origin-Embedder-Policy','Date'].sort()
)
assert.notStrictEqual(ctx.headers['Server'], 'Flaska')
assert.strictEqual(ctx.headers['Server'], appendHeaders.Server)
assert.strictEqual(ctx.headers['Herp'], 'Derp')
assert.strictEqual(ctx.headers['X-Content-Type-Options'], 'nosniff')
assert.strictEqual(ctx.headers['Content-Security-Policy'], `default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'`)
assert.strictEqual(ctx.headers['Cross-Origin-Opener-Policy'], 'same-origin')
assert.strictEqual(ctx.headers['Cross-Origin-Resource-Policy'], 'same-origin')
assert.strictEqual(ctx.headers['Cross-Origin-Embedder-Policy'], 'require-corp')
assert.ok(new Date(ctx.headers['Date']).getDate())
assert.strictEqual(flaska._after.length, 0)
})
})
t.describe('#_nonce', function() {