API inicial

node_modules/helmet/dist/middlewares/x-frame-options/index.d.ts

@@ -0,0 +1,6 @@
+import { IncomingMessage, ServerResponse } from "http"
+export interface XFrameOptionsOptions {
+	action?: string
+}
+declare function xFrameOptions(options?: Readonly<XFrameOptionsOptions>): (_req: IncomingMessage, res: ServerResponse, next: () => void) => void
+export default xFrameOptions

node_modules/helmet/dist/middlewares/x-frame-options/index.js

@@ -0,0 +1,25 @@
+"use strict"
+Object.defineProperty(exports, "__esModule", { value: true })
+function getHeaderValueFromOptions({ action = "SAMEORIGIN" }) {
+	const normalizedAction = typeof action === "string" ? action.toUpperCase() : action
+	switch (normalizedAction) {
+		case "SAME-ORIGIN":
+			return "SAMEORIGIN"
+		case "DENY":
+		case "SAMEORIGIN":
+			return normalizedAction
+		case "ALLOW-FROM":
+			throw new Error("X-Frame-Options no longer supports `ALLOW-FROM` due to poor browser support. See <https://github.com/helmetjs/helmet/wiki/How-to-use-X%E2%80%93Frame%E2%80%93Options's-%60ALLOW%E2%80%93FROM%60-directive> for more info.")
+		default:
+			throw new Error(`X-Frame-Options received an invalid action ${JSON.stringify(action)}`)
+	}
+}
+function xFrameOptions(options = {}) {
+	const headerValue = getHeaderValueFromOptions(options)
+	return function xFrameOptionsMiddleware(_req, res, next) {
+		res.setHeader("X-Frame-Options", headerValue)
+		next()
+	}
+}
+module.exports = xFrameOptions
+exports.default = xFrameOptions