├── .github ├── dependabot.yml └── workflows │ └── main.yml ├── .gitignore ├── .mergify.yml ├── CHANGELOG.md ├── CODE_OF_CONDUCT.md ├── LICENSE ├── README.md ├── __tests__ └── handler.test.js ├── ensureSetup.js ├── handler.js ├── package.json ├── server.js ├── serverless-env.yml.sample ├── serverless.yml ├── src ├── features.js.sample └── headers.js.sample └── yarn.lock /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: npm 4 | directory: "/" 5 | schedule: 6 | interval: daily 7 | time: "10:00" 8 | open-pull-requests-limit: 10 9 | -------------------------------------------------------------------------------- /.github/workflows/main.yml: -------------------------------------------------------------------------------- 1 | name: Main 2 | on: push 3 | jobs: 4 | ci: 5 | name: CI 6 | runs-on: ubuntu-latest 7 | env: 8 | CI: true 9 | steps: 10 | - uses: actions/checkout@master 11 | - uses: actions/setup-node@v2-beta 12 | with: 13 | node-version: 14.x 14 | - id: yarn-cache 15 | run: echo "::set-output name=directory::$(yarn cache dir)" 16 | - uses: actions/cache@v1 17 | with: 18 | path: ${{ steps.yarn-cache.outputs.directory }} 19 | key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} 20 | restore-keys: | 21 | ${{ runner.os }}-yarn- 22 | - run: | 23 | yarn install --frozen-lockfile 24 | yarn lint 25 | yarn test 26 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /.eslintcache 2 | /.serverless/ 3 | /coverage/ 4 | /node_modules/ 5 | 6 | /serverless-env.yml 7 | /src/features.js 8 | /src/headers.js 9 | -------------------------------------------------------------------------------- /.mergify.yml: -------------------------------------------------------------------------------- 1 | pull_request_rules: 2 | - name: Automatically merge dependencies 3 | conditions: 4 | - base=master 5 | - label=dependencies 6 | - status-success=CI 7 | actions: 8 | merge: 9 | strict: true 10 | delete_head_branch: {} 11 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | All notable changes to this project will be documented in this file. 4 | 5 | The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). 6 | 7 | ## [Unreleased] 8 | 9 | ## [0.2.0] - 2019-05-28 10 | 11 | ### Added 12 | 13 | - Security headers and the ability to configure the features without forking. 14 | 15 | ## [0.1.0] - 2019-05-23 16 | 17 | ### Added 18 | 19 | - The ability to override the default region and stage from the command line. 20 | - A CloudFront distribution so the result of the lambda can be cached. 21 | 22 | [unreleased]: https://github.com/CultureHQ/polyfill-lambda/compare/v0.2.0...HEAD 23 | [0.2.0]: https://github.com/CultureHQ/polyfill-lambda/compare/v0.1.0...v0.2.0 24 | [0.1.0]: https://github.com/CultureHQ/polyfill-lambda/compare/bef289...v0.1.0 25 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as 6 | contributors and maintainers pledge to making participation in our project and 7 | our community a harassment-free experience for everyone, regardless of age, body 8 | size, disability, ethnicity, sex characteristics, gender identity and expression, 9 | level of experience, education, socio-economic status, nationality, personal 10 | appearance, race, religion, or sexual identity and orientation. 11 | 12 | ## Our Standards 13 | 14 | Examples of behavior that contributes to creating a positive environment 15 | include: 16 | 17 | - Using welcoming and inclusive language 18 | - Being respectful of differing viewpoints and experiences 19 | - Gracefully accepting constructive criticism 20 | - Focusing on what is best for the community 21 | - Showing empathy towards other community members 22 | 23 | Examples of unacceptable behavior by participants include: 24 | 25 | - The use of sexualized language or imagery and unwelcome sexual attention or 26 | advances 27 | - Trolling, insulting/derogatory comments, and personal or political attacks 28 | - Public or private harassment 29 | - Publishing others' private information, such as a physical or electronic 30 | address, without explicit permission 31 | - Other conduct which could reasonably be considered inappropriate in a 32 | professional setting 33 | 34 | ## Our Responsibilities 35 | 36 | Project maintainers are responsible for clarifying the standards of acceptable 37 | behavior and are expected to take appropriate and fair corrective action in 38 | response to any instances of unacceptable behavior. 39 | 40 | Project maintainers have the right and responsibility to remove, edit, or 41 | reject comments, commits, code, wiki edits, issues, and other contributions 42 | that are not aligned to this Code of Conduct, or to ban temporarily or 43 | permanently any contributor for other behaviors that they deem inappropriate, 44 | threatening, offensive, or harmful. 45 | 46 | ## Scope 47 | 48 | This Code of Conduct applies both within project spaces and in public spaces 49 | when an individual is representing the project or its community. Examples of 50 | representing a project or community include using an official project e-mail 51 | address, posting via an official social media account, or acting as an appointed 52 | representative at an online or offline event. Representation of a project may be 53 | further defined and clarified by project maintainers. 54 | 55 | ## Enforcement 56 | 57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 58 | reported by contacting the project team at support@culturehq.com. All 59 | complaints will be reviewed and investigated and will result in a response that 60 | is deemed necessary and appropriate to the circumstances. The project team is 61 | obligated to maintain confidentiality with regard to the reporter of an incident. 62 | Further details of specific enforcement policies may be posted separately. 63 | 64 | Project maintainers who do not follow or enforce the Code of Conduct in good 65 | faith may face temporary or permanent repercussions as determined by other 66 | members of the project's leadership. 67 | 68 | ## Attribution 69 | 70 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, 71 | available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html 72 | 73 | [homepage]: https://www.contributor-covenant.org 74 | 75 | For answers to common questions about this code of conduct, see 76 | https://www.contributor-covenant.org/faq 77 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2018-present CultureHQ 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # polyfill-lambda 2 | 3 | [![Build Status](https://github.com/CultureHQ/polyfill-lambda/workflows/Main/badge.svg)](https://github.com/CultureHQ/polyfill-lambda/actions) 4 | 5 | `polyfill-lambda` is a service deployed to Amazon Web Services that returns JavaScript polyfills based on the user agent of the requesting browser. You can use this package to deploy your own version for your service or organization. 6 | 7 | ## Getting started 8 | 9 | Ensure you have `node` and `yarn` installed. 10 | 11 | 1. Run `yarn` in the root of the repository to get the dependencies. 12 | 2. Create a `src/features.js` file (you can copy the sample) containing the features that you want polyfilled. You can take a look at [polyfill.io's docs](https://polyfill.io/v3/url-builder/) for the available options. 13 | 3. Create a `src/headers.js` file (you can copy the sample) containing the desired headers to be served alongside the JavaScript. 14 | 15 | Now you can run `yarn start` to start a local server at `http://localhost:8080`. Visit that location in different browsers to view the polyfill. Note that since this server is running in development, it returns unminified JavaScript. 16 | 17 | ## Deployment 18 | 19 | First, copy `serverless-env.yml.sample` to `serverless-env.yml` and fill in the relevant information. Below are the explanation for the options: 20 | 21 | - `bucket.name` - any name unique to S3. Nothing actually gets stored in here, it's just used as the origin for CloudFront 22 | - `distribution.alias` - the domain that will be used for the CloudFront distribution (presumably something like `polyfill.culturehq.com`) 23 | - `distribution.cert-arn` - the ARN of an AWS Certificate Manager certificate that matches the alias (as in, as certificate for `polyfill.culturehq.com`) 24 | 25 | With the config in place, install [`serverless`](https://serverless.com/) by running `npm install -g serverless`. You can then run `sls deploy --aws-profile [PROFILE]` to deploy the lambda function, S3 bucket, and CloudFront distribution. 26 | 27 | Once everything has been deployed, you can associate the CloudFront distribution with your domain through AWS Route53 by creating an alias record for the appropriate hosted zone. Then you can include script tag like the below to conditionally load only the correct polyfills: 28 | 29 | ```html 30 | 31 | ``` 32 | 33 | ## Contributing 34 | 35 | Bug reports and pull requests are welcome on GitHub at https://github.com/CultureHQ/polyfill-lambda. 36 | 37 | ## License 38 | 39 | The code is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT). 40 | -------------------------------------------------------------------------------- /__tests__/handler.test.js: -------------------------------------------------------------------------------- 1 | const { handle } = require("../handler"); 2 | 3 | const userAgents = { 4 | "Safari 9": "Mozilla/5.0 (iPad; CPU OS 9_3_2 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13F69 Safari/601.1", 5 | "Chrome 63": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36", 6 | "Firefox 56": "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0", 7 | "IE 9": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)", 8 | "IE 11": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko", 9 | "Edge 25": "Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586" 10 | }; 11 | 12 | Object.keys(userAgents).forEach(browser => { 13 | test(`returns a reasonable response for ${browser}`, done => { 14 | const event = { Records: [{ cf: { request: { headers: { "user-agent": [{ value: userAgents[browser] }] } } } }] }; 15 | 16 | handle(event, null, (error, response) => { 17 | expect(error).toBe(null); 18 | 19 | const { status, headers, body } = response; 20 | 21 | expect(status).toEqual(200); 22 | expect(headers["Content-Type"][0].value.startsWith("application/javascript")).toBe(true); 23 | expect(body).toContain("Symbol"); 24 | 25 | done(); 26 | }); 27 | }); 28 | }); 29 | -------------------------------------------------------------------------------- /ensureSetup.js: -------------------------------------------------------------------------------- 1 | const fs = require("fs"); 2 | 3 | const copySampleSync = path => { 4 | if (!fs.existsSync(path)) { 5 | fs.copyFileSync(`${path}.sample`, path); 6 | } 7 | }; 8 | 9 | copySampleSync("./src/features.js"); 10 | copySampleSync("./src/headers.js"); 11 | -------------------------------------------------------------------------------- /handler.js: -------------------------------------------------------------------------------- 1 | "use strict"; 2 | 3 | const { getPolyfillString } = require("polyfill-library"); 4 | 5 | const features = require("./src/features"); 6 | const headers = require("./src/headers"); 7 | 8 | const makePolyfill = ({ uaString, cache }) => ( 9 | getPolyfillString({ uaString, minify: cache, features, unknown: "polyfill" }) 10 | .then(polyfill => { 11 | const polyfillHeaders = { 12 | ...headers, 13 | "Cache-Control": cache ? "max-age=31536000" : "no-cache", 14 | "Content-Type": "application/javascript;charset=utf-8" 15 | }; 16 | 17 | return { 18 | status: 200, 19 | statusDescription: "OK", 20 | headers: Object.keys(polyfillHeaders).reduce( 21 | (accum, key) => ({ ...accum, [key]: [{ key, value: polyfillHeaders[key] }] }), {} 22 | ), 23 | body: polyfill 24 | }; 25 | }) 26 | ); 27 | 28 | const handle = (event, context, callback) => { 29 | const uaString = event.Records[0].cf.request.headers["user-agent"][0].value; 30 | 31 | makePolyfill({ uaString, cache: true }) 32 | .then(response => callback(null, response)) 33 | .catch(callback); 34 | }; 35 | 36 | module.exports = { makePolyfill, handle }; 37 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "polyfill-lambda", 3 | "version": "0.2.0", 4 | "description": "Polyfills based on the user agent", 5 | "main": "handler.js", 6 | "scripts": { 7 | "lint": "node ensureSetup.js && chq-scripts lint", 8 | "test": "chq-scripts test" 9 | }, 10 | "repository": { 11 | "type": "git", 12 | "url": "git+https://github.com/CultureHQ/polyfill-lambda.git" 13 | }, 14 | "author": "Kevin Deisz", 15 | "license": "MIT", 16 | "bugs": { 17 | "url": "https://github.com/CultureHQ/polyfill-lambda/issues" 18 | }, 19 | "homepage": "https://github.com/CultureHQ/polyfill-lambda#readme", 20 | "dependencies": { 21 | "polyfill-library": "^3.110.1" 22 | }, 23 | "devDependencies": { 24 | "@culturehq/scripts": "^6.0.1", 25 | "@silvermine/serverless-plugin-cloudfront-lambda-edge": "2.2.3", 26 | "express": "^4.17.2" 27 | }, 28 | "eslintConfig": { 29 | "extends": [ 30 | "@culturehq" 31 | ], 32 | "rules": { 33 | "strict": "off" 34 | } 35 | }, 36 | "jest": { 37 | "roots": [ 38 | "." 39 | ], 40 | "setupFilesAfterEnv": [ 41 | "./ensureSetup.js" 42 | ] 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /server.js: -------------------------------------------------------------------------------- 1 | "use strict"; 2 | 3 | /* eslint-disable import/no-extraneous-dependencies, no-console */ 4 | const express = require("express"); 5 | const { makePolyfill } = require("./handler"); 6 | 7 | const app = express(); 8 | 9 | app.use((req, res, next) => { 10 | console.log(`[${new Date().toUTCString()}] ${req.method} ${req.path}`); 11 | 12 | res.setHeader("Access-Control-Allow-Origin", "*"); 13 | res.setHeader("Access-Control-Allow-Methods", "OPTIONS, GET"); 14 | 15 | next(); 16 | }); 17 | 18 | app.get("/", (request, response, next) => { 19 | const uaString = request.headers["user-agent"]; 20 | 21 | makePolyfill({ uaString, cache: false }).then(({ headers, body }) => { 22 | Object.keys(headers).forEach(header => { 23 | response.setHeader(header, headers[header][0].value); 24 | }); 25 | 26 | response.send(body); 27 | }).catch(next); 28 | }); 29 | 30 | app.listen(8080, () => console.log("Listening on port 8080...")); 31 | -------------------------------------------------------------------------------- /serverless-env.yml.sample: -------------------------------------------------------------------------------- 1 | bucket: 2 | name: [mydomain]-polyfill-production 3 | 4 | distribution: 5 | alias: polyfill.[mydomain].com 6 | cert-arn: arn:aws:acm:us-east-1:012345:certificate/012345-0123-012345 7 | -------------------------------------------------------------------------------- /serverless.yml: -------------------------------------------------------------------------------- 1 | service: polyfill 2 | 3 | plugins: 4 | - '@silvermine/serverless-plugin-cloudfront-lambda-edge' 5 | 6 | provider: 7 | name: aws 8 | runtime: nodejs10.x 9 | stage: ${opt:stage, 'production'} 10 | region: us-east-1 11 | 12 | package: 13 | exclude: 14 | - server.js 15 | - coverage/ 16 | - test/ 17 | 18 | functions: 19 | polyfill: 20 | handler: handler.handle 21 | lambdaAtEdge: 22 | distribution: PolyfillDistribution 23 | eventType: origin-request 24 | 25 | resources: 26 | Resources: 27 | PolyfillBucket: 28 | Type: AWS::S3::Bucket 29 | Properties: 30 | BucketName: ${file(./serverless-env.yml):bucket.name} 31 | AccessControl: PublicRead 32 | WebsiteConfiguration: 33 | IndexDocument: index.html 34 | ErrorDocument: error.html 35 | PolyfillDistribution: 36 | Type: AWS::CloudFront::Distribution 37 | Properties: 38 | DistributionConfig: 39 | Aliases: 40 | - ${file(./serverless-env.yml):distribution.alias} 41 | DefaultCacheBehavior: 42 | Compress: true 43 | ForwardedValues: 44 | Cookies: 45 | Forward: none 46 | Headers: 47 | - User-Agent 48 | QueryString: true 49 | TargetOriginId: polyfill-lambda 50 | ViewerProtocolPolicy: redirect-to-https 51 | DefaultRootObject: index.html 52 | Enabled: true 53 | HttpVersion: http2 54 | Origins: 55 | - DomainName: 56 | Fn::GetAtt: 57 | - PolyfillBucket 58 | - DomainName 59 | Id: polyfill-lambda 60 | S3OriginConfig: 61 | OriginAccessIdentity: "" 62 | ViewerCertificate: 63 | AcmCertificateArn: ${file(./serverless-env.yml):distribution.cert-arn} 64 | SslSupportMethod: sni-only 65 | -------------------------------------------------------------------------------- /src/features.js.sample: -------------------------------------------------------------------------------- 1 | "use strict"; 2 | 3 | const features = { 4 | "default-3.6": {}, 5 | es6: {}, 6 | es7: {} 7 | }; 8 | 9 | module.exports = features; 10 | -------------------------------------------------------------------------------- /src/headers.js.sample: -------------------------------------------------------------------------------- 1 | "use strict"; 2 | 3 | const report = "https://culturehq.report-uri.com"; 4 | const headers = { 5 | "Access-Control-Allow-Origin": "https://platform.culturehq.com", 6 | "Content-Security-Policy": "default-src 'self'", 7 | "Expect-CT": `max-age=86400, enforce, report-uri="${report}/r/d/ct/enforce"`, 8 | "Feature-Policy": "camera 'none'; microphone 'none'; speaker 'none'", 9 | NEL: "{\"report_to\":\"default\",\"max_age\":31536000,\"include_subdomains\":true}", 10 | "Referrer-Policy": "same-origin", 11 | "Report-To": `{"group":"default","max_age":31536000,"endpoints":[{"url":"${report}/a/d/g"}],"include_subdomains":true}`, 12 | "Strict-Transport-Security": "max-age=31536000; includeSubdomains; preload", 13 | "X-Content-Type-Options": "nosniff", 14 | "X-Download-Options": "noopen", 15 | "X-Frame-Options": "DENY", 16 | "X-Permitted-Cross-Domain-Policies": "none", 17 | "X-XSS-Protection": `1; mode=block; report="${report}/r/d/xss/enforce"` 18 | }; 19 | 20 | module.exports = headers; 21 | --------------------------------------------------------------------------------