Merge pull request #28308 from thedillonb/master

Update Helmet Definitions for 3.13.0
2026-05-26 19:04:13 +08:00 · 2018-08-24 14:49:30 -07:00
parent 62c5c2b25b b92b849e5f
commit 0bece8e26f
2 changed files with 55 additions and 34 deletions
--- a/types/helmet/helmet-tests.ts
+++ b/types/helmet/helmet-tests.ts
@@ -206,3 +206,12 @@ function xssFilterTest() {
    app.use(helmet.xssFilter({ setOnOldIE: false }));
    app.use(helmet.xssFilter({ setOnOldIE: true }));
 }
+
+/**
+ * @summary Test for {@see helmet#permittedCrossDomainPolicies} function.
+ */
+function permittedCrossDomainPoliciesTest() {
+    app.use(helmet.permittedCrossDomainPolicies());
+    app.use(helmet.permittedCrossDomainPolicies({}));
+    app.use(helmet.permittedCrossDomainPolicies({ permittedPolicies: 'none' }));
+}
--- a/types/helmet/index.d.ts
+++ b/types/helmet/index.d.ts
@@ -11,18 +11,23 @@ export = helmet;

 declare namespace helmet {
    export interface IHelmetConfiguration {
-        contentSecurityPolicy?: boolean | IHelmetContentSecurityPolicyConfiguration,
-        dnsPrefetchControl?: boolean | IHelmetDnsPrefetchControlConfiguration,
-        frameguard?: boolean | IHelmetFrameguardConfiguration,
-        hidePoweredBy?: boolean | IHelmetHidePoweredByConfiguration,
-        hpkp?: boolean | IHelmetHpkpConfiguration,
-        hsts?: boolean | IHelmetHstsConfiguration,
-        ieNoOpen?: boolean,
-        noCache?: boolean,
-        noSniff?: boolean,
-        referrerPolicy?: boolean | IHelmetReferrerPolicyConfiguration,
-        xssFilter?: boolean | IHelmetXssFilterConfiguration,
-        expectCt?: boolean | IHelmetExpectCtConfiguration,
+        contentSecurityPolicy?: boolean | IHelmetContentSecurityPolicyConfiguration;
+        dnsPrefetchControl?: boolean | IHelmetDnsPrefetchControlConfiguration;
+        frameguard?: boolean | IHelmetFrameguardConfiguration;
+        hidePoweredBy?: boolean | IHelmetHidePoweredByConfiguration;
+        hpkp?: boolean | IHelmetHpkpConfiguration;
+        hsts?: boolean | IHelmetHstsConfiguration;
+        ieNoOpen?: boolean;
+        noCache?: boolean;
+        noSniff?: boolean;
+        referrerPolicy?: boolean | IHelmetReferrerPolicyConfiguration;
+        xssFilter?: boolean | IHelmetXssFilterConfiguration;
+        expectCt?: boolean | IHelmetExpectCtConfiguration;
+        permittedCrossDomainPolicies?: boolean | IHelmetPermittedCrossDomainPoliciesConfiguration;
+    }
+
+    export interface IHelmetPermittedCrossDomainPoliciesConfiguration {
+        permittedPolicies?: string;
    }

    export interface IHelmetContentSecurityPolicyDirectiveFunction {
@@ -31,22 +36,22 @@ declare namespace helmet {
    export type HelmetCspDirectiveValue = string | IHelmetContentSecurityPolicyDirectiveFunction;

    export interface IHelmetContentSecurityPolicyDirectives {
-        baseUri?: HelmetCspDirectiveValue[],
-        childSrc?: HelmetCspDirectiveValue[],
-        connectSrc?: HelmetCspDirectiveValue[],
-        defaultSrc?: HelmetCspDirectiveValue[],
-        fontSrc?: HelmetCspDirectiveValue[],
-        formAction?: HelmetCspDirectiveValue[],
-        frameAncestors?: HelmetCspDirectiveValue[],
-        frameSrc?: HelmetCspDirectiveValue[],
-        imgSrc?: HelmetCspDirectiveValue[],
-        mediaSrc?: HelmetCspDirectiveValue[],
-        objectSrc?: HelmetCspDirectiveValue[],
-        pluginTypes?: HelmetCspDirectiveValue[],
-        reportUri?: string,
-        sandbox?: HelmetCspDirectiveValue[],
-        scriptSrc?: HelmetCspDirectiveValue[],
-        styleSrc?: HelmetCspDirectiveValue[]
+        baseUri?: HelmetCspDirectiveValue[];
+        childSrc?: HelmetCspDirectiveValue[];
+        connectSrc?: HelmetCspDirectiveValue[];
+        defaultSrc?: HelmetCspDirectiveValue[];
+        fontSrc?: HelmetCspDirectiveValue[];
+        formAction?: HelmetCspDirectiveValue[];
+        frameAncestors?: HelmetCspDirectiveValue[];
+        frameSrc?: HelmetCspDirectiveValue[];
+        imgSrc?: HelmetCspDirectiveValue[];
+        mediaSrc?: HelmetCspDirectiveValue[];
+        objectSrc?: HelmetCspDirectiveValue[];
+        pluginTypes?: HelmetCspDirectiveValue[];
+        reportUri?: string;
+        sandbox?: HelmetCspDirectiveValue[];
+        scriptSrc?: HelmetCspDirectiveValue[];
+        styleSrc?: HelmetCspDirectiveValue[];
    }

    export interface IHelmetContentSecurityPolicyConfiguration {
@@ -54,7 +59,7 @@ declare namespace helmet {
        setAllHeaders?: boolean;
        disableAndroid?: boolean;
        browserSniff?: boolean;
-        directives?: IHelmetContentSecurityPolicyDirectives
+        directives?: IHelmetContentSecurityPolicyDirectives;
    }

    export interface IHelmetDnsPrefetchControlConfiguration {
@@ -62,12 +67,12 @@ declare namespace helmet {
    }

    export interface IHelmetFrameguardConfiguration {
-        action?: string,
-        domain?: string
+        action?: string;
+        domain?: string;
    }

    export interface IHelmetHidePoweredByConfiguration {
-        setTo?: string
+        setTo?: string;
    }

    export interface IHelmetSetIfFunction {
@@ -80,14 +85,14 @@ declare namespace helmet {
        includeSubdomains?: boolean;
        reportUri?: string;
        reportOnly?: boolean;
-        setIf?: IHelmetSetIfFunction
+        setIf?: IHelmetSetIfFunction;
    }

    export interface IHelmetHstsConfiguration {
        maxAge?: number;
        includeSubdomains?: boolean;
        preload?: boolean;
-        setIf?: IHelmetSetIfFunction,
+        setIf?: IHelmetSetIfFunction;
        force?: boolean;
    }

@@ -195,5 +200,12 @@ declare namespace helmet {
         * @returns {e.RequestHandler}
         */
        expectCt(options?: IHelmetExpectCtConfiguration): express.RequestHandler;
+
+        /**
+         * @summary Adds the "X-Permitted-Cross-Domain-Policies" header.
+         * @param {helmet.IHelmetPermittedCrossDomainPoliciesConfiguration} options
+         * @returns {express.RequestHandler}
+         */
+        permittedCrossDomainPolicies(options?: IHelmetPermittedCrossDomainPoliciesConfiguration): express.RequestHandler;
    }
 }