Skip to content

Commit e3e1e7b

Browse files
josh-hemphilljosh-hemphill
committed
fix: 🐛 returned spacing in header strings
1 parent 0c2402b commit e3e1e7b

File tree

2 files changed

+24
-5
lines changed

2 files changed

+24
-5
lines changed

src/index.ts

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -73,19 +73,23 @@ export class CspDirectives {
7373
const val = typeof this.CSP[v] === 'boolean'
7474
? ''
7575
: normalizeArrayString(this.CSP[v])
76-
.map((v) => `'${v}'`).join(' ');
76+
.map((v) => ` '${v}'`).join('');
7777
results['Content-Security-Policy'] +=
78-
` ${v} ${val};`;
78+
` ${v}${val};`;
7979
}
8080
if (this.ReportOnly && this.ReportOnly[v]) {
8181
const val = typeof this.ReportOnly[v] === 'boolean'
8282
? ''
8383
: normalizeArrayString(this.ReportOnly[v])
84-
.map((v) => `'${v}'`).join(' ');
84+
.map((v) => ` '${v}'`).join('');
8585
results['Content-Security-Policy-Report-Only'] +=
86-
` ${v} ${val};`;
86+
` ${v}${val};`;
8787
}
8888
});
89+
results['Content-Security-Policy-Report-Only'] =
90+
results['Content-Security-Policy-Report-Only'].trim();
91+
results['Content-Security-Policy'] =
92+
results['Content-Security-Policy'].trim();
8993
return results;
9094
}
9195
}

tests/basic.test.ts

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,21 @@ describe('new CspDirectives()',() => {
3939
'Referrer-Policy': 'strict-origin-when-cross-origin',
4040
});
4141
});
42+
it('returns boolean directives',() => {
43+
const csp: Directives = {
44+
'upgrade-insecure-requests': true,
45+
};
46+
const inst = new CspDirectives(csp,[],csp);
47+
const getHeaders = jest.spyOn(inst,'getHeaders');
48+
const headers = inst.getHeaders();
49+
expect(getHeaders).toHaveReturned();
50+
expect(headers).toMatchObject({
51+
'Content-Security-Policy-Report-Only': 'upgrade-insecure-requests;',
52+
'Content-Security-Policy': 'upgrade-insecure-requests;',
53+
'Report-To': '',
54+
'Referrer-Policy': 'strict-origin-when-cross-origin',
55+
});
56+
});
4257
it('returns on all set',() => {
4358
const sampleSha256 = `sha256-${sample64Hash('sha256')}` as const;
4459
const csp: Directives = {
@@ -73,7 +88,7 @@ describe('new CspDirectives()',() => {
7388
endpoints: [{url:endpoint}],
7489
},
7590
];
76-
const result = Object.entries(csp).map(([k,v]) => ` ${k} '${v}';`).join('');
91+
const result = Object.entries(csp).map(([k,v]) => `${k} '${v}';`).join(' ');
7792
const inst = new CspDirectives(csp,reportTo,csp,'strict-origin');
7893
const getHeaders = jest.spyOn(inst,'getHeaders');
7994
const headers = inst.getHeaders();

0 commit comments

Comments
 (0)