diff options
author | Wojtek Kosior <koszko@koszko.org> | 2021-11-20 18:29:59 +0100 |
---|---|---|
committer | Wojtek Kosior <koszko@koszko.org> | 2021-11-20 18:29:59 +0100 |
commit | 96068ada37bfa1d7e6485551138ba36600664caf (patch) | |
tree | 8c471e2b16a37d3ea83843385ee9c89859313046 /background/stream_filter.js | |
parent | bd767301579c2253d34f60d4ebc4a647cbee5a53 (diff) | |
download | browser-extension-96068ada37bfa1d7e6485551138ba36600664caf.tar.gz browser-extension-96068ada37bfa1d7e6485551138ba36600664caf.zip |
replace cookies with synchronous XmlHttpRequest as policy smuggling method.
Note: this breaks Mozilla port of Haketilo. Synchronous XmlHttpRequest doesn't work as well there. This will be fixed with dynamically-registered content scripts later.
Diffstat (limited to 'background/stream_filter.js')
-rw-r--r-- | background/stream_filter.js | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/background/stream_filter.js b/background/stream_filter.js index e5e0827..e5d124c 100644 --- a/background/stream_filter.js +++ b/background/stream_filter.js @@ -174,8 +174,7 @@ function filter_data(properties, event) * as harmless anyway). */ - const dummy_script = - `<script data-haketilo-deleteme="${properties.policy.nonce}" nonce="${properties.policy.nonce}">null</script>`; + const dummy_script = `<script>null</script>`; const doctype_decl = /^(\s*<!doctype[^<>"']*>)?/i.exec(decoded)[0]; decoded = doctype_decl + dummy_script + decoded.substring(doctype_decl.length); @@ -189,11 +188,10 @@ function filter_data(properties, event) function apply_stream_filter(details, headers, policy) { - if (!policy.has_payload) + if (!policy.payload) return headers; const properties = properties_from_headers(headers); - properties.policy = policy; properties.filter = browser.webRequest.filterResponseData(details.requestId); |