aboutsummaryrefslogtreecommitdiff
path: root/background
diff options
context:
space:
mode:
authorjahoti <jahoti@tilde.team>2021-08-02 00:00:00 +0000
committerjahoti <jahoti@tilde.team>2021-08-02 00:00:00 +0000
commit5b419aedd564e6506aa2fc8bddcaa5d601888f17 (patch)
tree494d1f7fa1f9600451553d5aaaa68ba28c96d250 /background
parent25817b68c03b25c9b4fcaba2b96ab65f2edfd63c (diff)
downloadbrowser-extension-5b419aedd564e6506aa2fc8bddcaa5d601888f17.tar.gz
browser-extension-5b419aedd564e6506aa2fc8bddcaa5d601888f17.zip
[UNTESTED- will test] Add filtering for http-equiv CSP headers
Diffstat (limited to 'background')
-rw-r--r--background/policy_injector.js40
1 files changed, 3 insertions, 37 deletions
diff --git a/background/policy_injector.js b/background/policy_injector.js
index f573d48..80a0e3b 100644
--- a/background/policy_injector.js
+++ b/background/policy_injector.js
@@ -19,7 +19,7 @@
* IMPORT url_extract_target
* IMPORT sign_policy
* IMPORT get_query_best
- * IMPORT parse_csp
+ * IMPORT sanitize_csp_header
* IMPORTS_END
*/
@@ -79,40 +79,6 @@ function url_inject(details)
};
}
-function process_csp_header(header, rule, block)
-{
- const csp = parse_csp(header.value);
-
-
- if (block) {
- /* No snitching */
- delete csp['report-to'];
- delete csp['report-uri'];
-
- delete csp['script-src'];
- delete csp['script-src-elem'];
-
- csp['script-src-attr'] = ["'none'"];
- csp['prefetch-src'] = ["'none'"];
- }
-
- if ('script-src' in csp)
- csp['script-src'].push(rule);
- else
- csp['script-src'] = [rule];
-
- if ('script-src-elem' in csp)
- csp['script-src-elem'].push(rule);
- else
- csp['script-src-elem'] = [rule];
-
- const new_policy = Object.entries(csp).map(
- i => `${i[0]} ${i[1].join(' ')};`
- );
-
- return {name: header.name, value: new_policy.join('')};
-}
-
function headers_inject(details)
{
const targets = url_extract_target(details.url);
@@ -157,10 +123,10 @@ function headers_inject(details)
orig_csp_headers = csp_headers = null;
for (const header of data)
- headers.push(process_csp_header(header, rule, block));
+ headers.push(sanitize_csp_header(header, rule, block));
}
} else if (is_chrome || !orig_csp_headers) {
- csp_headers.push(process_csp_header(header, rule, block));
+ csp_headers.push(sanitize_csp_header(header, rule, block));
if (is_mozilla)
orig_csp_headers.push(header);
}