Added some new directives

New directives:

– script-src-attr
– script-src-elem
– style-src-attr
– style-src-elem

New constants:

– HASHES contains new values 'unsafe-hashes'. Can be used in any of the new directives.

Bug fix

Fixed typo in 'no-referrer'

v2.1.1

• Added constants for data: and blob: literals

import { BLOB, DATA} from 'csp-header';

console.log(BLOB); // blob:
console.log(DATA); // data:

• Bug fixes

v2.0.0

Breaking changes

🔨 No default export

For compability with JS we have to export getCSP as a named export.

const { getCSP } = require('csp-header');

🔨 policies was renamed to directives

🔨 Minimal supported version of Node.JS is 8

🔨 Dropped support of extend

extend was marked as deprecated in previous versions. It doesn't work anymore. Use presets instead.

🔨 Dropped support of specifying presets as a string

csp-header used to require preset if you specify it as a string. Now, you should require it by yourself.
Before:

{
    //...
    presets: ['csp-preset-myservice']
}

Now:

{
    //...
    presets: [require('csp-preset-myservice')]
}

🔨 Calling with no arguments returns an empty string

It used to return undefined.

prefetch-src

#8 Added support of prefetch-src rule (@thisislawatts)

Typescript typings

Added Typescript typings (thanks to @xkr47)

Extend, presets, node4

• It's time to start using ES6. So node >=4.
• Support extending policies
• Support CSP presets