diff options
author | jahoti <jahoti@tilde.team> | 2021-08-02 00:00:00 +0000 |
---|---|---|
committer | jahoti <jahoti@tilde.team> | 2021-08-02 00:00:00 +0000 |
commit | 5b419aedd564e6506aa2fc8bddcaa5d601888f17 (patch) | |
tree | 494d1f7fa1f9600451553d5aaaa68ba28c96d250 /background | |
parent | 25817b68c03b25c9b4fcaba2b96ab65f2edfd63c (diff) | |
download | browser-extension-5b419aedd564e6506aa2fc8bddcaa5d601888f17.tar.gz browser-extension-5b419aedd564e6506aa2fc8bddcaa5d601888f17.zip |
[UNTESTED- will test] Add filtering for http-equiv CSP headers
Diffstat (limited to 'background')
-rw-r--r-- | background/policy_injector.js | 40 |
1 files changed, 3 insertions, 37 deletions
diff --git a/background/policy_injector.js b/background/policy_injector.js index f573d48..80a0e3b 100644 --- a/background/policy_injector.js +++ b/background/policy_injector.js @@ -19,7 +19,7 @@ * IMPORT url_extract_target * IMPORT sign_policy * IMPORT get_query_best - * IMPORT parse_csp + * IMPORT sanitize_csp_header * IMPORTS_END */ @@ -79,40 +79,6 @@ function url_inject(details) }; } -function process_csp_header(header, rule, block) -{ - const csp = parse_csp(header.value); - - - if (block) { - /* No snitching */ - delete csp['report-to']; - delete csp['report-uri']; - - delete csp['script-src']; - delete csp['script-src-elem']; - - csp['script-src-attr'] = ["'none'"]; - csp['prefetch-src'] = ["'none'"]; - } - - if ('script-src' in csp) - csp['script-src'].push(rule); - else - csp['script-src'] = [rule]; - - if ('script-src-elem' in csp) - csp['script-src-elem'].push(rule); - else - csp['script-src-elem'] = [rule]; - - const new_policy = Object.entries(csp).map( - i => `${i[0]} ${i[1].join(' ')};` - ); - - return {name: header.name, value: new_policy.join('')}; -} - function headers_inject(details) { const targets = url_extract_target(details.url); @@ -157,10 +123,10 @@ function headers_inject(details) orig_csp_headers = csp_headers = null; for (const header of data) - headers.push(process_csp_header(header, rule, block)); + headers.push(sanitize_csp_header(header, rule, block)); } } else if (is_chrome || !orig_csp_headers) { - csp_headers.push(process_csp_header(header, rule, block)); + csp_headers.push(sanitize_csp_header(header, rule, block)); if (is_mozilla) orig_csp_headers.push(header); } |