Merge branch 'develop'

.travis.yml

@@ -0,0 +1,10 @@
+language: node_js
+node_js:
+- 4.0.0
+- 5.3.0
+sudo: false
+install:
+- npm install
+notifications:
+  slack:
+    secure: m91zkX2cLVDRDMBAUnR1d+hbZqtSHXLkuPencHadhJ3C3wm53Box8U25co/goAmjnW5HNJ1SMSIg+DojtgDhqTbReSh5gSbU0uU8YaF8smbvmUv3b2Q8PRCA7f6hQiea+a8+jAb7BOvwh66dV4Al/1DJ2b4tCjPuVuxQ96Wll7Pnj1S7yW/Hb8fQlr9wc+INXUZOe8erFin+508r5h1L4Xv0N5ZmNw+Gqvn2kPJD8f/YBPpx0AeZdDssTL0IOcol1+cDtDzMw5PAkGnqwamtxhnsw+i8OW4avFt1GrRNlz3eci5Cb3NQGjHxJf+JIALvBeSqkOEFJIFGqwAXMctJ9q8/7XyXk7jVFUg5+0Z74HIkBwdtLwi/BTyXMZAgsnDjndmR9HsuBP7OSTJF5/V7HCJZAaO9shEgS8DwR78owv9Fr5er5m9IMI+EgSH3qtb8iuuQaPtflbk+cPD3nmYbDqmPwkSCXcXRfq3IxdcV9hkiaAw52AIqqhnAXJWZfL6+Ct32i2mtSaov9FYtp/G0xb4tjrUAsDUd/AGmMJNEBVoHtP7mKjrVQ35cEtFwJr/8SmZxGvOaJXPaLs43dhXKa2tAGl11wF02d+Rz1HhbOoq9pJvJuqkLAVvRdBHUJrB4/hnTta5B0W5pe3mIgLw3AmOpk+s/H4hAP4Hp0gOWlPA=

package.json

@@ -8,7 +8,8 @@
     "test": "test"
   },
   "scripts": {
-    "test": "_mocha test/ --bail",
+    "test": "npm run standard && istanbul cover _mocha --report lcovonly -- -R spec test && cat ./coverage/lcov.info | coveralls && rm -rf ./coverage",
+    "standard": "standard src/**/*.js",
     "coverage": "istanbul cover _mocha test/"
   },
   "keywords": [

readme.md

@@ -1,5 +1,11 @@
 # Node Csp
 
+![](http://i1117.photobucket.com/albums/k594/thetutlage/poppins-1_zpsg867sqyl.png)
+
+![](https://img.shields.io/travis/poppinss/node-csp.svg?style=flat-square)
+[![Coverage Status](https://img.shields.io/coveralls/poppinss/node-csp/master.svg?style=flat-square)](https://coveralls.io/github/poppinss/node-csp?branch=master)
+[![License](https://img.shields.io/npm/l/node-csp.svg?style=flat-square)](https://opensource.org/licenses/MIT)
+
 Node Csp is a general purpose module to add `Content Security Policy` header to your http response. It can be used with any node http server.
 
 ## Features
@@ -50,4 +56,26 @@ http.createServer(function (req, res) {
    setAllHeaders: false, // sets all csp headers as per http://content-security-policy.com/
    disableAndroid: false // csp is buggy on android
 }
-```
+```
+
+## The MIT License
+Copyright (c) 2016 Harminder Virk
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+ -->

src/Csp/headers.js

@@ -27,9 +27,9 @@ const cspHeaders = [
  */
 headers.IE = function (browser) {
   const version = parseFloat(browser.version)
-  if(version < 12 & version > 9) {
+  if (version < 12 & version > 9) {
     return ['X-Content-Security-Policy']
-  } else if(version > 12) {
+  } else if (version > 12) {
     return ['Content-Security-Policy']
   } else {
     return []
@@ -47,7 +47,7 @@ headers.Firefox = function (browser) {
   const version = parseFloat(browser.version)
   if (version >= 23) {
     return ['Content-Security-Policy']
-  } else if (version >=4 && version < 23) {
+  } else if (version >= 4 && version < 23) {
     return ['X-Content-Security-Policy']
   } else {
     return []

src/Csp/index.js

@@ -54,7 +54,7 @@ const directivesList = [
 Csp.add = function (request, response, options) {
   const cspHeaders = Csp.build(request, options)
   const headerKeys = Object.keys(cspHeaders)
-  if(headerKeys.length) {
+  if (headerKeys.length) {
     headerKeys.forEach(function (key) {
       response.setHeader(key, cspHeaders[key])
     })
@@ -74,24 +74,24 @@ Csp.build = function (request, options) {
   const userAgent = request.headers['user-agent']
   let cspHeaders = headers.getAllHeaders()
 
-  if(userAgent && !options.setAllHeaders) {
+  if (userAgent && !options.setAllHeaders) {
     const browser = platform.parse(userAgent) || {}
-    cspHeaders = typeof(headers[browser.name]) === 'function' ? headers[browser.name](browser, options) : headers.getAllHeaders()
+    cspHeaders = typeof (headers[browser.name]) === 'function' ? headers[browser.name](browser, options) : headers.getAllHeaders()
   }
 
-  if(!cspHeaders.length) {
+  if (!cspHeaders.length) {
     return {}
   }
 
   const cspString = Csp._quoteKeywords(Csp._makeDirectives(options.directives)).replace('@nonce', `'nonce-${(options.nonce || '')}'`)
 
-  if(cspString.trim().length <= 0) {
+  if (cspString.trim().length <= 0) {
     return {}
   }
 
   let cspBuildHeaders = {}
   cspHeaders.forEach(function (headerKey) {
-    if(options.reportOnly) {
+    if (options.reportOnly) {
       headerKey += '-Report-Only'
     }
     cspBuildHeaders[headerKey] = cspString
@@ -114,7 +114,7 @@ Csp._makeDirectives = function (directives) {
   directiveNames.forEach(function (name) {
     const directive = directives[name]
     name = Csp._formatDirectiveName(name)
-    if(directivesList.indexOf(name) <= -1) {
+    if (directivesList.indexOf(name) <= -1) {
       throw new Error(`invalid directive: ${name}`)
     }
     cspString += `${name} ${directive.join(' ')}; `