From 4eddf6359f2a9bea2a0bbe92e01c5f3fe5674d23 Mon Sep 17 00:00:00 2001
From: Dario Longo <dario.longo@dufercodev.com>
Date: Mon, 21 Mar 2022 15:31:06 +0100
Subject: [PATCH] [Add] Added upgrade-insecure-requests directive in CSP
 Headers

---
 src/rules/content-security-policy.ts | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/rules/content-security-policy.ts b/src/rules/content-security-policy.ts
index 23dbe34..6165608 100644
--- a/src/rules/content-security-policy.ts
+++ b/src/rules/content-security-policy.ts
@@ -76,6 +76,10 @@ type ReportingDirective = {
   reportTo: string;
   "report-to": string;
 };
+type OtherDirective = {
+  upgradeInsecureRequests: boolean;
+  "upgrade-insecure-requests": boolean;
+};
 
 export type ContentSecurityPolicyOption =
   | false
@@ -83,7 +87,8 @@ export type ContentSecurityPolicyOption =
       directives: Partial<FetchDirective> &
         Partial<DocumentDirective> &
         Partial<NavigationDirective> &
-        Partial<ReportingDirective>;
+        Partial<ReportingDirective> &
+        Partial<OtherDirective>;
       reportOnly?: boolean;
     };
 
@@ -203,12 +208,24 @@ export const convertReportingDirectiveToString = (directive?: Partial<ReportingD
   return strings.join(directiveValueSepartor);
 };
 
+export const convertOtherDirectiveToString = (directive?: Partial<OtherDirective>) => {
+  if (directive == undefined) return "";
+
+  const strings: string[] = [];
+
+  const upgradeInsecureRequests = directive.upgradeInsecureRequests ?? directive["upgrade-insecure-requests"];
+  if (upgradeInsecureRequests) strings.push(createDirectiveValue("upgrade-insecure-requests", []));
+
+  return strings.join(directiveValueSepartor);
+};
+
 export const createContentSecurityPolicyOptionHeaderValue = (
   option?: ContentSecurityPolicyOption,
   fetchDirectiveToStringConverter = convertFetchDirectiveToString,
   documentDirectiveToStringConverter = convertDocumentDirectiveToString,
   navigationDirectiveToStringConverter = convertNavigationDirectiveToString,
   reportingDirectiveToStringConverter = convertReportingDirectiveToString,
+  othersDirectiveToStringConverter = convertOtherDirectiveToString,
 ): string | undefined => {
   if (option == undefined) return;
   if (option === false) return;
@@ -218,6 +235,7 @@ export const createContentSecurityPolicyOptionHeaderValue = (
     documentDirectiveToStringConverter(option.directives),
     navigationDirectiveToStringConverter(option.directives),
     reportingDirectiveToStringConverter(option.directives),
+    othersDirectiveToStringConverter(option.directives),
   ]
     .filter((string) => string.length > 0)
     .join(directiveValueSepartor);