Skip to content

Commit

Permalink
Support unsafe-none in COEP
Browse files Browse the repository at this point in the history
`unsafe-none` is a valid value for `Cross-Origin-Embedder-Policy`, so
add support for it.

See [#446][0] and [#447][1].

[0]: #446
[1]: #447
  • Loading branch information
mxxk authored Nov 5, 2023
1 parent 3123831 commit e0baa58
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 8 deletions.
8 changes: 6 additions & 2 deletions middlewares/cross-origin-embedder-policy/index.ts
Original file line number Diff line number Diff line change
@@ -1,10 +1,14 @@
import type { IncomingMessage, ServerResponse } from "http";

export interface CrossOriginEmbedderPolicyOptions {
policy?: "require-corp" | "credentialless";
policy?: "require-corp" | "credentialless" | "unsafe-none";
}

const ALLOWED_POLICIES = new Set(["require-corp", "credentialless"]);
const ALLOWED_POLICIES = new Set([
"require-corp",
"credentialless",
"unsafe-none",
]);

function getHeaderValueFromOptions({
policy = "require-corp",
Expand Down
14 changes: 8 additions & 6 deletions test/cross-origin-embedder-policy.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,15 @@ describe("Cross-Origin-Embedder-Policy middleware", () => {
);
});

(["require-corp", "credentialless"] as const).forEach((policy) => {
it(`sets "Cross-Origin-Embedder-Policy: ${policy}" when told to`, async () => {
await check(crossOriginEmbedderPolicy({ policy }), {
"cross-origin-embedder-policy": policy,
(["require-corp", "credentialless", "unsafe-none"] as const).forEach(
(policy) => {
it(`sets "Cross-Origin-Embedder-Policy: ${policy}" when told to`, async () => {
await check(crossOriginEmbedderPolicy({ policy }), {
"cross-origin-embedder-policy": policy,
});
});
});
});
},
);

it("throws when setting the policy to an invalid value", () => {
const invalidValues = [
Expand Down

0 comments on commit e0baa58

Please sign in to comment.