aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWojtek Kosior <koszko@koszko.org>2021-11-20 18:29:59 +0100
committerWojtek Kosior <koszko@koszko.org>2021-11-20 18:29:59 +0100
commit96068ada37bfa1d7e6485551138ba36600664caf (patch)
tree8c471e2b16a37d3ea83843385ee9c89859313046
parentbd767301579c2253d34f60d4ebc4a647cbee5a53 (diff)
downloadbrowser-extension-96068ada37bfa1d7e6485551138ba36600664caf.tar.gz
browser-extension-96068ada37bfa1d7e6485551138ba36600664caf.zip
replace cookies with synchronous XmlHttpRequest as policy smuggling method.
Note: this breaks Mozilla port of Haketilo. Synchronous XmlHttpRequest doesn't work as well there. This will be fixed with dynamically-registered content scripts later.
-rw-r--r--background/cookie_filter.js46
-rw-r--r--background/main.js120
-rw-r--r--background/page_actions_server.js32
-rw-r--r--background/policy_injector.js67
-rw-r--r--background/stream_filter.js6
-rwxr-xr-xbuild.sh16
-rw-r--r--common/misc.js2
-rw-r--r--common/signing.js74
-rw-r--r--content/activity_info_server.js4
-rw-r--r--content/main.js138
-rw-r--r--content/page_actions.js27
-rw-r--r--dummy0
-rw-r--r--html/display-panel.js13
-rw-r--r--manifest.json3
14 files changed, 180 insertions, 368 deletions
diff --git a/background/cookie_filter.js b/background/cookie_filter.js
deleted file mode 100644
index 64d18b2..0000000
--- a/background/cookie_filter.js
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * This file is part of Haketilo.
- *
- * Function: Filtering request headers to remove haketilo cookies that might
- * have slipped through.
- *
- * Copyright (C) 2021 Wojtek Kosior
- * Redistribution terms are gathered in the `copyright' file.
- */
-
-/*
- * IMPORTS_START
- * IMPORT extract_signed
- * IMPORTS_END
- */
-
-function is_valid_haketilo_cookie(cookie)
-{
- const match = /^haketilo-(\w*)=(.*)$/.exec(cookie);
- if (!match)
- return false;
-
- return !extract_signed(match.slice(1, 3)).fail;
-}
-
-function remove_haketilo_cookies(header)
-{
- if (header.name !== "Cookie")
- return header;
-
- const cookies = header.value.split("; ");
- const value = cookies.filter(c => !is_valid_haketilo_cookie(c)).join("; ");
-
- return value ? {name: "Cookie", value} : null;
-}
-
-function filter_cookie_headers(headers)
-{
- return headers.map(remove_haketilo_cookies).filter(h => h);
-}
-
-/*
- * EXPORTS_START
- * EXPORT filter_cookie_headers
- * EXPORTS_END
- */
diff --git a/background/main.js b/background/main.js
index 40b3a9e..9cdfb97 100644
--- a/background/main.js
+++ b/background/main.js
@@ -17,11 +17,10 @@
* IMPORT browser
* IMPORT is_privileged_url
* IMPORT query_best
- * IMPORT gen_nonce
* IMPORT inject_csp_headers
* IMPORT apply_stream_filter
- * IMPORT filter_cookie_headers
* IMPORT is_chrome
+ * IMPORT is_mozilla
* IMPORTS_END
*/
@@ -51,34 +50,53 @@ async function init_ext(install_details)
browser.runtime.onInstalled.addListener(init_ext);
+/*
+ * The function below implements a more practical interface for what it does by
+ * wrapping the old query_best() function.
+ */
+function decide_policy_for_url(storage, policy_observable, url)
+{
+ if (storage === undefined)
+ return {allow: false};
+
+ const settings =
+ {allow: policy_observable !== undefined && policy_observable.value};
+
+ const [pattern, queried_settings] = query_best(storage, url);
+
+ if (queried_settings) {
+ settings.payload = queried_settings.components;
+ settings.allow = !!queried_settings.allow && !settings.payload;
+ settings.pattern = pattern;
+ }
+
+ return settings;
+}
let storage;
let policy_observable = {};
-function on_headers_received(details)
+function sanitize_web_page(details)
{
const url = details.url;
if (is_privileged_url(details.url))
return;
- const [pattern, settings] = query_best(storage, details.url);
- const has_payload = !!(settings && settings.components);
- const allow = !has_payload &&
- !!(settings ? settings.allow : policy_observable.value);
- const nonce = gen_nonce();
- const policy = {allow, url, nonce, has_payload};
+ const policy =
+ decide_policy_for_url(storage, policy_observable, details.url);
let headers = details.responseHeaders;
+
+ headers = inject_csp_headers(headers, policy);
+
let skip = false;
for (const header of headers) {
if ((header.name.toLowerCase().trim() === "content-disposition" &&
/^\s*attachment\s*(;.*)$/i.test(header.value)))
skip = true;
}
-
- headers = inject_csp_headers(headers, policy);
-
skip = skip || (details.statusCode >= 300 && details.statusCode < 400);
+
if (!skip) {
/* Check for API availability. */
if (browser.webRequest.filterResponseData)
@@ -88,11 +106,49 @@ function on_headers_received(details)
return {responseHeaders: headers};
}
-function on_before_send_headers(details)
+const request_url_regex = /^[^?]*\?url=(.*)$/;
+const redirect_url_template = browser.runtime.getURL("dummy") + "?settings=";
+
+function synchronously_smuggle_policy(details)
{
- let headers = details.requestHeaders;
- headers = filter_cookie_headers(headers);
- return {requestHeaders: headers};
+ /*
+ * Content script will make a synchronous XmlHttpRequest to extension's
+ * `dummy` file to query settings for given URL. We smuggle that
+ * information in query parameter of the URL we redirect to.
+ * A risk of fingerprinting arises if a page with script execution allowed
+ * guesses the dummy file URL and makes an AJAX call to it. It is currently
+ * a problem in ManifestV2 Chromium-family port of Haketilo because Chromium
+ * uses predictable URLs for web-accessible resources. We plan to fix it in
+ * the future ManifestV3 port.
+ */
+ if (details.type !== "xmlhttprequest")
+ return {cancel: true};
+
+ console.debug(`Settings queried using XHR for '${details.url}'.`);
+
+ let policy = {allow: false};
+
+ try {
+ /*
+ * request_url should be of the following format:
+ * <url_for_extension's_dummy_file>?url=<valid_urlencoded_url>
+ */
+ const match = request_url_regex.exec(details.url);
+ const queried_url = decodeURIComponent(match[1]);
+
+ if (details.initiator && !queried_url.startsWith(details.initiator)) {
+ console.warn(`Blocked suspicious query of '${url}' by '${details.initiator}'. This might be the result of page fingerprinting the browser.`);
+ return {cancel: true};
+ }
+
+ policy = decide_policy_for_url(storage, policy_observable, queried_url);
+ } catch (e) {
+ console.warn(`Bad request! Expected ${browser.runtime.getURL("dummy")}?url=<valid_urlencoded_url>. Got ${request_url}. This might be the result of page fingerprinting the browser.`);
+ }
+
+ const encoded_policy = encodeURIComponent(JSON.stringify(policy));
+
+ return {redirectUrl: redirect_url_template + encoded_policy};
}
const all_types = [
@@ -110,18 +166,40 @@ async function start_webRequest_operations()
extra_opts.push("extraHeaders");
browser.webRequest.onHeadersReceived.addListener(
- on_headers_received,
+ sanitize_web_page,
{urls: ["<all_urls>"], types: ["main_frame", "sub_frame"]},
extra_opts.concat("responseHeaders")
);
- browser.webRequest.onBeforeSendHeaders.addListener(
- on_before_send_headers,
- {urls: ["<all_urls>"], types: all_types},
- extra_opts.concat("requestHeaders")
+ const dummy_url_pattern = browser.runtime.getURL("dummy") + "?url=*";
+ browser.webRequest.onBeforeRequest.addListener(
+ synchronously_smuggle_policy,
+ {urls: [dummy_url_pattern], types: ["xmlhttprequest"]},
+ extra_opts
);
policy_observable = await light_storage.observe_var("default_allow");
}
start_webRequest_operations();
+
+const code = `\
+console.warn("Hi, I'm Mr Dynamic!");
+
+console.debug("let's see how window.killtheweb looks like now");
+
+console.log("killtheweb", window.killtheweb);
+`
+
+async function test_dynamic_content_scripts()
+{
+ browser.contentScripts.register({
+ "js": [{code}],
+ "matches": ["<all_urls>"],
+ "allFrames": true,
+ "runAt": "document_start"
+});
+}
+
+if (is_mozilla)
+ test_dynamic_content_scripts();
diff --git a/background/page_actions_server.js b/background/page_actions_server.js
index 156a79f..74783c9 100644
--- a/background/page_actions_server.js
+++ b/background/page_actions_server.js
@@ -16,34 +16,12 @@
* IMPORT browser
* IMPORT listen_for_connection
* IMPORT sha256
- * IMPORT query_best
* IMPORT make_ajax_request
* IMPORTS_END
*/
var storage;
var handler;
-let policy_observable;
-
-function send_actions(url, port)
-{
- const [pattern, queried_settings] = query_best(storage, url);
-
- const settings = {allow: policy_observable && policy_observable.value};
- Object.assign(settings, queried_settings);
- if (settings.components)
- settings.allow = false;
-
- const repos = storage.get_all(TYPE_PREFIX.REPO);
-
- port.postMessage(["settings", [pattern, settings, repos]]);
-
- const components = settings.components;
- const processed_bags = new Set();
-
- if (components !== undefined)
- send_scripts([components], port, processed_bags);
-}
// TODO: parallelize script fetching
async function send_scripts(components, port, processed_bags)
@@ -116,9 +94,11 @@ async function fetch_remote_script(script_data)
function handle_message(port, message, handler)
{
port.onMessage.removeListener(handler[0]);
- let url = message.url;
- console.log({url});
- send_actions(url, port);
+ console.debug(`Loading payload '${message.payload}'.`);
+
+ const processed_bags = new Set();
+
+ send_scripts([message.payload], port, processed_bags);
}
function new_connection(port)
@@ -134,8 +114,6 @@ async function start_page_actions_server()
storage = await get_storage();
listen_for_connection(CONNECTION_TYPE.PAGE_ACTIONS, new_connection);
-
- policy_observable = await light_storage.observe_var("default_allow");
}
/*
diff --git a/background/policy_injector.js b/background/policy_injector.js
index 881595b..b49ec47 100644
--- a/background/policy_injector.js
+++ b/background/policy_injector.js
@@ -10,77 +10,28 @@
/*
* IMPORTS_START
- * IMPORT sign_data
- * IMPORT extract_signed
* IMPORT make_csp_rule
* IMPORT csp_header_regex
+ * Re-enable the import below once nonce stuff here is ready
+ * !mport gen_nonce
* IMPORTS_END
*/
function inject_csp_headers(headers, policy)
{
let csp_headers;
- let old_signature;
- let haketilo_header;
- for (const header of headers.filter(h => h.name === "x-haketilo")) {
- /* x-haketilo header has format: <signature>_0_<data> */
- const match = /^([^_]+)_(0_.*)$/.exec(header.value);
- if (!match)
- continue;
+ if (policy.payload) {
+ headers = headers.filter(h => !csp_header_regex.test(h.name));
- const result = extract_signed(...match.slice(1, 3));
- if (result.fail)
- continue;
+ // TODO: make CSP rules with nonces and facilitate passing them to
+ // content scripts via dynamic content script registration or
+ // synchronous XHRs
- /* This should succeed - it's our self-produced valid JSON. */
- const old_data = JSON.parse(decodeURIComponent(result.data));
-
- /* Confirmed- it's the originals, smuggled in! */
- csp_headers = old_data.csp_headers;
- old_signature = old_data.policy_sig;
-
- haketilo_header = header;
- break;
+ // policy.nonce = gen_nonce();
}
- if (policy.has_payload) {
- csp_headers = [];
- const non_csp_headers = [];
- const header_list =
- h => csp_header_regex.test(h) ? csp_headers : non_csp_headers;
- headers.forEach(h => header_list(h.name).push(h));
- headers = non_csp_headers;
- } else {
- headers.push(...csp_headers || []);
- }
-
- if (!haketilo_header) {
- haketilo_header = {name: "x-haketilo"};
- headers.push(haketilo_header);
- }
-
- if (old_signature)
- headers = headers.filter(h => h.value.search(old_signature) === -1);
-
- const policy_str = encodeURIComponent(JSON.stringify(policy));
- const signed_policy = sign_data(policy_str, new Date().getTime());
- const later_30sec = new Date(new Date().getTime() + 30000).toGMTString();
- headers.push({
- name: "Set-Cookie",
- value: `haketilo-${signed_policy.join("=")}; Expires=${later_30sec};`
- });
-
- /*
- * Smuggle in the signature and the original CSP headers for future use.
- * These are signed with a time of 0, as it's not clear there is a limit on
- * how long Firefox might retain headers in the cache.
- */
- let haketilo_data = {csp_headers, policy_sig: signed_policy[0]};
- haketilo_data = encodeURIComponent(JSON.stringify(haketilo_data));
- haketilo_header.value = sign_data(haketilo_data, 0).join("_");
-
- if (!policy.allow) {
+ if (!policy.allow && (policy.nonce || !policy.payload)) {
headers.push({
name: "content-security-policy",
value: make_csp_rule(policy)
diff --git a/background/stream_filter.js b/background/stream_filter.js
index e5e0827..e5d124c 100644
--- a/background/stream_filter.js
+++ b/background/stream_filter.js
@@ -174,8 +174,7 @@ function filter_data(properties, event)
* as harmless anyway).
*/
- const dummy_script =
- `<script data-haketilo-deleteme="${properties.policy.nonce}" nonce="${properties.policy.nonce}">null</script>`;
+ const dummy_script = `<script>null</script>`;
const doctype_decl = /^(\s*<!doctype[^<>"']*>)?/i.exec(decoded)[0];
decoded = doctype_decl + dummy_script +
decoded.substring(doctype_decl.length);
@@ -189,11 +188,10 @@ function filter_data(properties, event)
function apply_stream_filter(details, headers, policy)
{
- if (!policy.has_payload)
+ if (!policy.payload)
return headers;
const properties = properties_from_headers(headers);
- properties.policy = policy;
properties.filter =
browser.webRequest.filterResponseData(details.requestId);
diff --git a/build.sh b/build.sh
index 936ab06..ed6a141 100755
--- a/build.sh
+++ b/build.sh
@@ -180,7 +180,6 @@ build_main() {
mkdir -p "$BUILDDIR"/$DIR
done
- CHROMIUM_KEY=''
CHROMIUM_UPDATE_URL=''
GECKO_APPLICATIONS=''
@@ -189,20 +188,7 @@ build_main() {
fi
if [ "$BROWSER" = "chromium" ]; then
- CHROMIUM_KEY="$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)"
- CHROMIUM_KEY=$(echo chromium-key-dummy-file-$CHROMIUM_KEY | tr / -)
- touch "$BUILDDIR"/$CHROMIUM_KEY
-
CHROMIUM_UPDATE_URL="$UPDATE_URL"
-
- CHROMIUM_KEY="\n\
- // WARNING!!!\n\
- // EACH USER SHOULD REPLACE DUMMY FILE's VALUE WITH A UNIQUE ONE!!!\n\
- // OTHERWISE, SECURITY CAN BE TRIVIALLY COMPROMISED!\n\
- // Only relevant to users of chrome-based browsers.\n\
- // Users of Firefox forks are safe.\n\
- \"$CHROMIUM_KEY\"\
-"
else
GECKO_APPLICATIONS="\n\
\"applications\": {\n\
@@ -215,7 +201,6 @@ build_main() {
sed "\
s^_GECKO_APPLICATIONS_^$GECKO_APPLICATIONS^
-s^_CHROMIUM_KEY_^$CHROMIUM_KEY^
s^_CHROMIUM_UPDATE_URL_^$CHROMIUM_UPDATE_URL^
s^_BGSCRIPTS_^$BGSCRIPTS^
s^_CONTENTSCRIPTS_^$CONTENTSCRIPTS^" \
@@ -279,6 +264,7 @@ EOF
fi
cp -r copyright licenses/ "$BUILDDIR"
+ cp dummy "$BUILDDIR"
cp html/*.css "$BUILDDIR"/html
mkdir "$BUILDDIR"/icons
cp icons/*.png "$BUILDDIR"/icons
diff --git a/common/misc.js b/common/misc.js
index 9ffb7ff..5b0addb 100644
--- a/common/misc.js
+++ b/common/misc.js
@@ -49,7 +49,7 @@ function gen_nonce(length=16)
function make_csp_rule(policy)
{
let rule = "prefetch-src 'none'; script-src-attr 'none';";
- const script_src = policy.has_payload ?
+ const script_src = policy.nonce !== undefined ?
`'nonce-${policy.nonce}'` : "'none'";
rule += ` script-src ${script_src}; script-src-elem ${script_src};`;
return rule;
diff --git a/common/signing.js b/common/signing.js
deleted file mode 100644
index 11cd442..0000000
--- a/common/signing.js
+++ /dev/null
@@ -1,74 +0,0 @@
-/**
- * This file is part of Haketilo.
- *
- * Functions: Operations related to "signing" of data.
- *
- * Copyright (C) 2021 Wojtek Kosior
- * Redistribution terms are gathered in the `copyright' file.
- */
-
-/*
- * IMPORTS_START
- * IMPORT sha256
- * IMPORT browser
- * IMPORT is_mozilla
- * IMPORTS_END
- */
-
-/*
- * In order to make certain data synchronously accessible in certain contexts,
- * Haketilo smuggles it in string form in places like cookies, URLs and headers.
- * When using the smuggled data, we first need to make sure it isn't spoofed.
- * For that, we use this pseudo-signing mechanism.
- *
- * Despite what name suggests, no assymetric cryptography is involved, as it
- * would bring no additional benefits and would incur bigger performance
- * overhead. Instead, we hash the string data together with some secret value
- * that is supposed to be known only by this browser instance. Resulting hash
- * sum plays the role of the signature. In the hash we also include current
- * time. This way, even if signed data leaks (which shouldn't happen in the
- * first place), an attacker won't be able to re-use it indefinitely.
- *
- * The secret shared between execution contexts has to be available
- * synchronously. Under Mozilla, this is the extension's per-session id. Under
- * Chromium, this is a dummy web-accessible-resource name that resides in the
- * manifest and is supposed to be constructed by each user using a unique value
- * (this is done automatically by `build.sh').
- */
-
-function get_secret()
-{
- if (is_mozilla)
- return browser.runtime.getURL("dummy");
-
- return chrome.runtime.getManifest().web_accessible_resources
- .map(r => /^chromium-key-dummy-file-(.*)/.exec(r)).filter(r => r)[0][1];
-}
-
-function extract_signed(signature, signed_data)
-{
- const match = /^([1-9][0-9]{12}|0)_(.*)$/.exec(signed_data);
- if (!match)
- return {fail: "bad format"};
-
- const result = {time: parseInt(match[1]), data: match[2]};
- if (sign_data(result.data, result.time)[0] !== signature)
- result.fail = "bad signature";
-
- return result;
-}
-
-/*
- * Sign a given string for a given time. Time should be either 0 or in the range
- * 10^12 <= time < 10^13.
- */
-function sign_data(data, time) {
- return [sha256(get_secret() + time + data), `${time}_${data}`];
-}
-
-/*
- * EXPORTS_START
- * EXPORT extract_signed
- * EXPORT sign_data
- * EXPORTS_END
- */
diff --git a/content/activity_info_server.js b/content/activity_info_server.js
index d1dfe36..aa92b75 100644
--- a/content/activity_info_server.js
+++ b/content/activity_info_server.js
@@ -42,7 +42,9 @@ function report_script(script_data)
function report_settings(settings)
{
- report_activity("settings", settings);
+ const settings_clone = {};
+ Object.assign(settings_clone, settings)
+ report_activity("settings", settings_clone);
}
function report_document_type(is_html)
diff --git a/content/main.js b/content/main.js
index cec9943..ce1ff7a 100644
--- a/content/main.js
+++ b/content/main.js
@@ -11,15 +11,15 @@
/*
* IMPORTS_START
* IMPORT handle_page_actions
- * IMPORT extract_signed
- * IMPORT sign_data
* IMPORT gen_nonce
* IMPORT is_privileged_url
+ * IMPORT browser
* IMPORT is_chrome
* IMPORT is_mozilla
* IMPORT start_activity_info_server
* IMPORT make_csp_rule
* IMPORT csp_header_regex
+ * IMPORT report_settings
* IMPORTS_END
*/
@@ -29,69 +29,6 @@ const wait_loaded = e => e.content_loaded ? Promise.resolve() :
wait_loaded(document).then(() => document.content_loaded = true);
-function extract_cookie_policy(cookie, min_time)
-{
- let best_result = {time: -1};
- let policy = null;
- const extracted_signatures = [];
-
- for (const match of cookie.matchAll(/haketilo-(\w*)=([^;]*)/g)) {
- const new_result = extract_signed(...match.slice(1, 3));
- if (new_result.fail)
- continue;
-
- extracted_signatures.push(match[1]);
-
- if (new_result.time < Math.max(min_time, best_result.time))
- continue;
-
- /* This should succeed - it's our self-produced valid JSON. */
- const new_policy = JSON.parse(decodeURIComponent(new_result.data));
- if (new_policy.url !== document.URL)
- continue;
-
- best_result = new_result;
- policy = new_policy;
- }
-
- return [policy, extracted_signatures];
-}
-
-function extract_url_policy(url, min_time)
-{
- const [base_url, payload, anchor] =
- /^([^#]*)#?([^#]*)(#?.*)$/.exec(url).splice(1, 4);
-
- const match = /^haketilo_([^_]+)_(.*)$/.exec(payload);
- if (!match)
- return [null, url];
-
- const result = extract_signed(...match.slice(1, 3));
- if (result.fail)
- return [null, url];
-
- const original_url = base_url + anchor;
- const policy = result.time < min_time ? null :
- JSON.parse(decodeURIComponent(result.data));
-
- return [policy.url === original_url ? policy : null, original_url];
-}
-
-function employ_nonhttp_policy(policy)
-{
- if (!policy.allow)
- return;
-
- policy.nonce = gen_nonce();
- const [base_url, target] = /^([^#]*)(#?.*)$/.exec(policy.url).slice(1, 3);
- const encoded_policy = encodeURIComponent(JSON.stringify(policy));
- const payload = "haketilo_" +
- sign_data(encoded_policy, new Date().getTime()).join("_");
- const resulting_url = `${base_url}#${payload}${target}`;
- location.href = resulting_url;
- location.reload();
-}
-
/*
* In the case of HTML documents:
* 1. When injecting some payload we need to sanitize <meta> CSP tags before
@@ -306,7 +243,7 @@ http-equiv="Content-Security-Policy" content="${make_csp_rule(policy)}"\
start_data_urls_sanitizing(doc);
}
-async function disable_service_workers()
+async function _disable_service_workers()
{
if (!navigator.serviceWorker)
return;
@@ -315,7 +252,7 @@ async function disable_service_workers()
if (registrations.length === 0)
return;
- console.warn("Service Workers detected on this page! Unregistering and reloading");
+ console.warn("Service Workers detected on this page! Unregistering and reloading.");
try {
await Promise.all(registrations.map(r => r.unregister()));
@@ -327,50 +264,57 @@ async function disable_service_workers()
return new Promise(() => 0);
}
-if (!is_privileged_url(document.URL)) {
- let policy_received_callback = () => undefined;
- let policy;
-
- /* Signature valid for half an hour. */
- const min_time = new Date().getTime() - 1800 * 1000;
-
- if (/^https?:/.test(document.URL)) {
- let signatures;
- [policy, signatures] = extract_cookie_policy(document.cookie, min_time);
- for (const signature of signatures)
- document.cookie = `haketilo-${signature}=; Max-Age=-1;`;
- } else {
- const scheme = /^([^:]*)/.exec(document.URL)[1];
- const known_scheme = ["file", "ftp"].includes(scheme);
-
- if (!known_scheme)
- console.warn(`Unknown url scheme: \`${scheme}'!`);
-
- let original_url;
- [policy, original_url] = extract_url_policy(document.URL, min_time);
- history.replaceState(null, "", original_url);
-
- if (known_scheme && !policy)
- policy_received_callback = employ_nonhttp_policy;
+/*
+ * Trying to use servce workers APIs might result in exceptions, for example
+ * when in a non-HTML document. Because of this, we wrap the function that does
+ * the actual work in a try {} block.
+ */
+async function disable_service_workers()
+{
+ try {
+ await _disable_service_workers()
+ } catch (e) {
+ console.debug("Exception thrown during an attempt to detect and disable service workers.", e);
}
+}
- if (!policy) {
- console.debug("Using fallback policy!");
- policy = {allow: false, nonce: gen_nonce()};
+function synchronously_get_policy(url)
+{
+ const encoded_url = encodeURIComponent(url);
+ const request_url = `${browser.runtime.getURL("dummy")}?url=${encoded_url}`;
+
+ try {
+ var xhttp = new XMLHttpRequest();
+ xhttp.open("GET", request_url, false);
+ xhttp.send();
+ } catch(e) {
+ console.error("Failure to synchronously fetch policy for url.", e);
+ return {allow: false};
}
+ const policy = /^[^?]*\?settings=(.*)$/.exec(xhttp.responseURL)[1];
+ return JSON.parse(decodeURIComponent(policy));
+}
+
+if (!is_privileged_url(document.URL)) {
+ const policy = synchronously_get_policy(document.URL);
+
if (!(document instanceof HTMLDocument))
- policy.has_payload = false;
+ delete policy.payload;
console.debug("current policy", policy);
+ report_settings(policy);
+
+ policy.nonce = gen_nonce();
+
const doc_ready = Promise.all([
policy.allow ? Promise.resolve() : sanitize_document(document, policy),
policy.allow ? Promise.resolve() : disable_service_workers(),
wait_loaded(document)
]);
- handle_page_actions(policy.nonce, policy_received_callback, doc_ready);
+ handle_page_actions(policy, doc_ready);
start_activity_info_server();
}
diff --git a/content/page_actions.js b/content/page_actions.js
index db7c352..845e452 100644
--- a/content/page_actions.js
+++ b/content/page_actions.js
@@ -12,19 +12,17 @@
* IMPORT CONNECTION_TYPE
* IMPORT browser
* IMPORT report_script
- * IMPORT report_settings
* IMPORT report_document_type
* IMPORTS_END
*/
-let policy_received_callback;
+let policy;
/* Snapshot url and content type early; these can be changed by other code. */
let url;
let is_html;
let port;
let loaded = false;
let scripts_awaiting = [];
-let nonce;
function handle_message(message)
{
@@ -38,9 +36,8 @@ function handle_message(message)
scripts_awaiting.push(script_text);
}
}
- if (action === "settings") {
- report_settings(data);
- policy_received_callback({url, allow: data[1].allow});
+ else {
+ console.error(`Bad page action '${action}'.`);
}
}
@@ -61,27 +58,27 @@ function add_script(script_text)
let script = document.createElement("script");
script.textContent = script_text;
- script.setAttribute("nonce", nonce);
+ script.setAttribute("nonce", policy.nonce);
script.haketilo_payload = true;
document.body.appendChild(script);
report_script(script_text);
}
-function handle_page_actions(script_nonce, policy_received_cb,
- doc_ready_promise) {
- policy_received_callback = policy_received_cb;
+function handle_page_actions(_policy, doc_ready_promise) {
+ policy = _policy;
+
url = document.URL;
is_html = document instanceof HTMLDocument;
report_document_type(is_html);
doc_ready_promise.then(document_ready);
- port = browser.runtime.connect({name : CONNECTION_TYPE.PAGE_ACTIONS});
- port.onMessage.addListener(handle_message);
- port.postMessage({url});
-
- nonce = script_nonce;
+ if (policy.payload) {
+ port = browser.runtime.connect({name : CONNECTION_TYPE.PAGE_ACTIONS});
+ port.onMessage.addListener(handle_message);
+ port.postMessage({payload: policy.payload});
+ }
}
/*
diff --git a/dummy b/dummy
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/dummy
diff --git a/html/display-panel.js b/html/display-panel.js
index c078850..4fe0173 100644
--- a/html/display-panel.js
+++ b/html/display-panel.js
@@ -229,14 +229,14 @@ function handle_activity_report(message)
const [type, data] = message;
if (type === "settings") {
- let [pattern, settings] = data;
+ const settings = data;
blocked_span.textContent = settings.allow ? "no" : "yes";
- if (pattern) {
+ if (settings.pattern) {
pattern_span.textContent = pattern;
const settings_opener =
- () => open_in_settings(TYPE_PREFIX.PAGE, pattern);
+ () => open_in_settings(TYPE_PREFIX.PAGE, settings.pattern);
view_pattern_but.classList.remove("hide");
view_pattern_but.addEventListener("click", settings_opener);
} else {
@@ -244,11 +244,10 @@ function handle_activity_report(message)
blocked_span.textContent = blocked_span.textContent + " (default)";
}
- const components = settings.components;
- if (components) {
- payload_span.textContent = nice_name(...components);
+ if (settings.payload) {
+ payload_span.textContent = nice_name(...settings.payload);
payload_buttons_div.classList.remove("hide");
- const settings_opener = () => open_in_settings(...components);
+ const settings_opener = () => open_in_settings(...settings.payload);
view_payload_but.addEventListener("click", settings_opener);
} else {
payload_span.textContent = "none";
diff --git a/manifest.json b/manifest.json
index b18ea3e..7b4cb26 100644
--- a/manifest.json
+++ b/manifest.json
@@ -44,8 +44,7 @@
"page": "html/options.html",
"open_in_tab": true
}_CHROMIUM_UPDATE_URL_,
- "web_accessible_resources": [_CHROMIUM_KEY_
- ],
+ "web_accessible_resources": ["dummy"],
"background": {
"persistent": true,
"scripts": [_BGSCRIPTS_]