'use strict';

const CSP_HEADER_NAME = "Content-Security-Policy";

const mergeCspConfigsToSet = (configs) => {
  const configsSet = {};
  for (const config of configs) {
    Object.entries(config).forEach(([key, value]) => {
      const directive = key;
      configsSet[directive] ?? (configsSet[directive] = /* @__PURE__ */ new Set());
      value.split(" ").forEach((v) => configsSet[directive]?.add(v));
    });
  }
  return configsSet;
};

const createCspHeader = (config, { includeHeaderName = false, presets = [] } = {}) => {
  const mergedConfigsSet = mergeCspConfigsToSet([config, ...presets]);
  const headerValue = Object.entries(mergedConfigsSet).map(([key, value]) => {
    const valueString = [...value].join(" ");
    return valueString ? `${key} ${valueString}` : key;
  }).join("; ");
  return includeHeaderName ? `${CSP_HEADER_NAME}: ${headerValue}` : headerValue;
};

const mergeCspConfigs = (configs) => {
  const mergedConfigsSet = mergeCspConfigsToSet(configs);
  return Object.fromEntries(
    Object.entries(mergedConfigsSet).map(([key, value]) => [
      key,
      [...value].join(" ")
    ])
  );
};

const CSP_PRESET_DATADOG_INTAKE_URLS = {
  "connect-src": `https://*.datadoghq.com https://browser-intake-datadoghq.com`
};
const CSP_PRESET_DATADOG_WEB_WORKER = {
  "worker-src": `blob:`
};
const CSP_PRESET_DATADOG_CDN_BUNDLE_URL = {
  "script-src": `https://www.datadoghq-browser-agent.com`
};

const CSP_PRESET_GOOGLE_ADS_CONVERSIONS = {
  "frame-src": `https://www.googletagmanager.com https://td.doubleclick.net`,
  "img-src": `https://googleads.g.doubleclick.net https://www.google.com https://google.com`,
  "script-src": `https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com`
};
const CSP_PRESET_GOOGLE_ADS_REMARKETING = {
  "frame-src": `https://bid.g.doubleclick.net https://td.doubleclick.net`,
  "img-src": `https://www.google.com https://google.com`,
  "script-src": `https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com`
};
const CSP_PRESET_GOOGLE_ADS_USER_DATA_BEACON = {
  "frame-src": `https://www.googletagmanager.com`,
  "script-src": `https://www.googletagmanager.com`
};

const CSP_PRESET_GOOGLE_ANALYTICS_4 = {
  "connect-src": `https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com`,
  "img-src": `https://*.google-analytics.com https://*.googletagmanager.com`,
  "script-src": `https://*.googletagmanager.com`
};
const GOOGLE_SUPPORTED_DOMAINS = ".google.com .google.ad .google.ae .google.com.af .google.com.ag .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat";
const GOOGLE_SUPPORTED_DOMAINS_DIRECTIVE_HOSTS_STRING = GOOGLE_SUPPORTED_DOMAINS.split(" ").map((item) => `https://*${item}`).join(" ");
const CSP_PRESET_GOOGLE_ANALYTICS_4_GOOGLE_SIGNALS = {
  "connect-src": `https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com ${GOOGLE_SUPPORTED_DOMAINS_DIRECTIVE_HOSTS_STRING}`,
  "frame-src": `https://td.doubleclick.net`,
  "img-src": `https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com ${GOOGLE_SUPPORTED_DOMAINS_DIRECTIVE_HOSTS_STRING}`,
  "script-src": `https://*.googletagmanager.com`
};

const CSP_PRESET_GOOGLE_IDENTITY = {
  "connect-src": `https://accounts.google.com/gsi/`,
  "frame-src": `https://accounts.google.com/gsi/`,
  "script-src": `https://accounts.google.com/gsi/client`,
  "style-src": `https://accounts.google.com/gsi/style`
};

const CSP_PRESET_GOOGLE_TAG_MANAGER_NONCE = {
  "connect-src": `https://www.googletagmanager.com`,
  "img-src": `https://www.googletagmanager.com`
};
const CSP_PRESET_GOOGLE_TAG_MANAGER_UNSAFE_INLINE = {
  "connect-src": `https://www.googletagmanager.com`,
  "img-src": `https://www.googletagmanager.com`,
  "script-src": `'unsafe-inline' https://www.googletagmanager.com`
};
const CSP_PRESET_GOOGLE_TAG_MANAGER_CUSTOM_JAVASCRIPT_VARIABLES = {
  "script-src": `'unsafe-eval'`
};
const CSP_PRESET_GOOGLE_TAG_MANAGER_PREVIEW_MODE = {
  "font-src": `https://fonts.gstatic.com data:`,
  "img-src": `https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com`,
  "script-src": `https://googletagmanager.com https://tagmanager.google.com`,
  "style-src": `https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com`
};

const CSP_PRESET_GOOGLE_UNIVERSAL_ANALYTICS = {
  "connect-src": `https://www.google-analytics.com`,
  "img-src": `https://www.google-analytics.com`,
  "script-src": `https://www.google-analytics.com https://ssl.google-analytics.com`
};

const CSP_PRESET_HOTJAR = {
  "connect-src": `https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com`,
  "font-src": `https://script.hotjar.com`,
  "img-src": `https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com`,
  "script-src": `https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'`,
  "style-src": `https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'`
};

const CSP_PRESET_REDDIT_EMBED = {
  "frame-src": `https://embed.reddit.com`,
  "script-src": `https://embed.reddit.com`
};

const CSP_PRESET_TIKTOK_EMBED = {
  "frame-src": `https://www.tiktok.com`,
  "script-src": `https://www.tiktok.com`
};

const CSP_PRESET_VIMEO_EMBED = {
  "connect-src": `https://vimeo.com`,
  "frame-src": `https://player.vimeo.com`,
  "img-src": `https://i.vimeocdn.com`,
  "script-src": `https://player.vimeo.com`
};

const CSP_PRESET_X_EMBED = {
  "frame-src": `https://platform.twitter.com`,
  "script-src": `https://platform.twitter.com`
};

const CSP_PRESET_YOUTUBE_EMBED = {
  "frame-src": `https://www.youtube.com https://www.youtube-nocookie.com`
};

exports.CSP_HEADER_NAME = CSP_HEADER_NAME;
exports.CSP_PRESET_DATADOG_CDN_BUNDLE_URL = CSP_PRESET_DATADOG_CDN_BUNDLE_URL;
exports.CSP_PRESET_DATADOG_INTAKE_URLS = CSP_PRESET_DATADOG_INTAKE_URLS;
exports.CSP_PRESET_DATADOG_WEB_WORKER = CSP_PRESET_DATADOG_WEB_WORKER;
exports.CSP_PRESET_GOOGLE_ADS_CONVERSIONS = CSP_PRESET_GOOGLE_ADS_CONVERSIONS;
exports.CSP_PRESET_GOOGLE_ADS_REMARKETING = CSP_PRESET_GOOGLE_ADS_REMARKETING;
exports.CSP_PRESET_GOOGLE_ADS_USER_DATA_BEACON = CSP_PRESET_GOOGLE_ADS_USER_DATA_BEACON;
exports.CSP_PRESET_GOOGLE_ANALYTICS_4 = CSP_PRESET_GOOGLE_ANALYTICS_4;
exports.CSP_PRESET_GOOGLE_ANALYTICS_4_GOOGLE_SIGNALS = CSP_PRESET_GOOGLE_ANALYTICS_4_GOOGLE_SIGNALS;
exports.CSP_PRESET_GOOGLE_IDENTITY = CSP_PRESET_GOOGLE_IDENTITY;
exports.CSP_PRESET_GOOGLE_TAG_MANAGER_CUSTOM_JAVASCRIPT_VARIABLES = CSP_PRESET_GOOGLE_TAG_MANAGER_CUSTOM_JAVASCRIPT_VARIABLES;
exports.CSP_PRESET_GOOGLE_TAG_MANAGER_NONCE = CSP_PRESET_GOOGLE_TAG_MANAGER_NONCE;
exports.CSP_PRESET_GOOGLE_TAG_MANAGER_PREVIEW_MODE = CSP_PRESET_GOOGLE_TAG_MANAGER_PREVIEW_MODE;
exports.CSP_PRESET_GOOGLE_TAG_MANAGER_UNSAFE_INLINE = CSP_PRESET_GOOGLE_TAG_MANAGER_UNSAFE_INLINE;
exports.CSP_PRESET_GOOGLE_UNIVERSAL_ANALYTICS = CSP_PRESET_GOOGLE_UNIVERSAL_ANALYTICS;
exports.CSP_PRESET_HOTJAR = CSP_PRESET_HOTJAR;
exports.CSP_PRESET_REDDIT_EMBED = CSP_PRESET_REDDIT_EMBED;
exports.CSP_PRESET_TIKTOK_EMBED = CSP_PRESET_TIKTOK_EMBED;
exports.CSP_PRESET_VIMEO_EMBED = CSP_PRESET_VIMEO_EMBED;
exports.CSP_PRESET_X_EMBED = CSP_PRESET_X_EMBED;
exports.CSP_PRESET_YOUTUBE_EMBED = CSP_PRESET_YOUTUBE_EMBED;
exports.createCspHeader = createCspHeader;
exports.mergeCspConfigs = mergeCspConfigs;
exports.mergeCspConfigsToSet = mergeCspConfigsToSet;