const fs = require('fs')
const YAML = require('yaml')

const helmet = require('helmet')

module.exports = (path) => {
  let csppolicy
  const zero = {
    contentSecurityPolicy: false,
    crossOriginEmbedderPolicy: false,
    crossOriginOpenerPolicy: false,
    crossOriginResourcePolicy: false,
    originAgentCluster: false,
    referrerPolicy: false,
    strictTransportSecurity: false,
    xContentTypeOptions: false,
    dnsPrefetchControl: false,
    frameguard: false,
    permittedCrossDomainPolicies: false,
    hidePoweredBy: false,
  };
  try {
    csppolicy = fs.readFileSync(path, 'utf8')
  } catch (e) {
    csppolicy = 'contentSecurityPolicy:\n  useDefaults: true\n';
  }
  const csp = YAML.parse(csppolicy)

  // Mandatory
  csp.xXssProtection = false
  csp.xDownloadOptions = false
  csp.expectCt = false

  return helmet({...zero,...csp})
}