Merge pull request #5 from mdarrik/fix-cloudfront-url-glob

mdarrik · web-flow · commit 622678dae7aa · 2020-08-03T23:19:47.000-07:00
Fix url patterns
diff --git a/index.js b/index.js
@@ -96,9 +96,9 @@ function visitNode(tree) {
         sha256Hash.update(node.children[0].value)
         hashLists[node.tagName].push(`'sha256-${sha256Hash.digest('base64')}'`)
         } else if(node.properties.src) {
-            hashLists[node.tagName].push(`'${node.properties.src}'`);
+            hashLists[node.tagName].push(`${node.properties.src}`);
         } else if(node.tagName === 'link') {
-            hashLists.style.push(`'${node.properties.href}'`);
+            hashLists.style.push(`${node.properties.href}`);
         }
     })
     return hashLists
@@ -117,7 +117,7 @@ const url = filePath.replace(publishPath, '').replace(/^\/index.html/, '/');
 return (
 `${url} ${reportToHeader === '' ? '' : `
     ${reportToHeader}`}
-    Content-Security-Policy: default-src 'self' ${allowCloudfrontSource ? `'https://*.cloudfront.net'` : ''}; script-src 'self' 'strict-dynamic' 'unsafe-inline' ${hashes['script'].join(" ")}; style-src 'self' 'unsafe-inline' ${unsafeInlineStyles ? '' : hashes['style'].join(' ')}; ${ reportUrl == null ? null : `report-to netlify-csp-endpoint; report-uri ${reportUrl};`}
+    Content-Security-Policy: default-src 'self' ${allowCloudfrontSource ? `https://*.cloudfront.net` : ''}; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' ${hashes['script'].join(" ")}; style-src 'self' 'unsafe-inline' ${unsafeInlineStyles ? '' : hashes['style'].join(' ')}; ${ reportUrl == null ? null : `report-to netlify-csp-endpoint; report-uri ${reportUrl};`}
 `)
 }
 /**
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "netlify-plugin-csp-headers",
-  "version": "0.0.1-alpha.07",
+  "version": "0.0.1-alpha.08",
   "main": "index.js",
   "repository": "https://github.com/mdarrik/netlify-plugin-csp-hash.git",
   "author": "Darrik <30670444+mdarrik@users.noreply.github.com>",

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "netlify-plugin-csp-headers",`
`3`		`- "version": "0.0.1-alpha.07",`
	`3`	`+ "version": "0.0.1-alpha.08",`
`4`	`4`	`"main": "index.js",`
`5`	`5`	`"repository": "https://github.com/mdarrik/netlify-plugin-csp-hash.git",`
`6`	`6`	`"author": "Darrik <30670444+mdarrik@users.noreply.github.com>",`