Merge pull request #47 from sambauers/main

fix(buildCSPHeaders): remove 'none' when appropriate
trezy · Jan 12, 2023 · e5cee58 · e5cee58
2 parents b4c1556 + 3e83778
commit e5cee58
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/lib/buildCSPHeaders.js b/lib/buildCSPHeaders.js
@@ -34,8 +34,13 @@ function getCSPDirective(value, defaultValue, mergeDefaultDirectives = false) {
 	// de-duplicate merged values
 	const uniqueValueArray = [...new Set(mergedValueArray)]
 
+	// remove value "'none'" if the array contains other values
+	const validValueArray = uniqueValueArray.length > 1
+		? uniqueValueArray.filter((v) => v !== "'none'")
+		: uniqueValueArray
+
 	// only return user configured values if present, otherwise return default
-	return uniqueValueArray.length > 0 ? uniqueValueArray : defaultValueArray
+	return validValueArray.length > 0 ? validValueArray : defaultValueArray
 }
 
 module.exports = function buildCSPHeaders(options = {}) {