aboutsummaryrefslogtreecommitdiff
/**
 * This file is part of Haketilo.
 *
 * Function: Injecting policy to page by modifying HTTP headers.
 *
 * Copyright (C) 2021 Wojtek Kosior
 * Copyright (C) 2021 jahoti
 * Redistribution terms are gathered in the `copyright' file.
 */

/*
 * IMPORTS_START
 * IMPORT make_csp_rule
 * IMPORT csp_header_regex
 * Re-enable the import below once nonce stuff here is ready
 * !mport gen_nonce
 * IMPORTS_END
 */

function inject_csp_headers(headers, policy)
{
    let csp_headers;

    if (policy.payload) {
	headers = headers.filter(h => !csp_header_regex.test(h.name));

	// TODO: make CSP rules with nonces and facilitate passing them to
	// content scripts via dynamic content script registration or
	// synchronous XHRs

	// policy.nonce = gen_nonce();
    }

    if (!policy.allow && (policy.nonce || !policy.payload)) {
	headers.push({
	    name: "content-security-policy",
	    value: make_csp_rule(policy)
	});
    }

    return headers;
}

/*
 * EXPORTS_START
 * EXPORT inject_csp_headers
 * EXPORTS_END
 */