export function getCsp()

in packages/secure-static-site/lib/responseHeaders.ts [170:186]

• 17 lines of code
• 12 McCabe index (conditional complexity)

export function getCsp(csp: ContentSecurityPolicy = {}): string {
  if (!csp.defaultSrc) csp.defaultSrc = "none";
  if (!csp.scriptSrc) csp.scriptSrc = "self";
  if (!csp.connectSrc) csp.connectSrc = "self";
  if (!csp.styleSrc) csp.styleSrc = "self";
  if (!csp.fontSrc) csp.fontSrc = "self";
  if (!csp.imgSrc) csp.imgSrc = "self";
  if (!csp.formAction) csp.formAction = "none";
  if (!csp.frameAncestors) csp.frameAncestors = "none";
  let cspString = "";
  for (const [k, v] of Object.entries(csp)) {
    let newV = v;
    if (v === "none" || v === "self") newV = `'${v}'`;
    cspString += `${cspDirectives[k as keyof ContentSecurityPolicy]} ${newV}; `;
  }
  return cspString.trim();
}