summaryrefslogtreecommitdiff
path: root/background
diff options
context:
space:
mode:
authorjahoti <jahoti@tilde.team>2021-07-18 00:00:00 +0000
committerjahoti <jahoti@tilde.team>2021-07-18 00:00:00 +0000
commitecb787046271de708b94da70240713e725299d86 (patch)
tree9c7968dd81bd54fcb63debe951207337e95911cd /background
parent8b823e1a6f29e52effc086d02dfe2e2812b2e187 (diff)
downloadbrowser-extension-ecb787046271de708b94da70240713e725299d86.tar.gz
browser-extension-ecb787046271de708b94da70240713e725299d86.zip
Streamline and harden unique values/settings
The base URL is now included in the settings. The unique value no longer uses it directly, as it is included by virtue of the settings; however, the number of full hours since the epoch (UTC) is now incorporated.
Diffstat (limited to 'background')
-rw-r--r--background/policy_injector.js21
1 files changed, 13 insertions, 8 deletions
diff --git a/background/policy_injector.js b/background/policy_injector.js
index 8a767fb..2cd7b6e 100644
--- a/background/policy_injector.js
+++ b/background/policy_injector.js
@@ -17,6 +17,7 @@
* IMPORT gen_nonce
* IMPORT url_item
* IMPORT url_extract_policy
+ * IMPORT sign_policy
* IMPORT get_query_best
* IMPORT csp_rule
* IMPORTS_END
@@ -46,7 +47,7 @@ function is_our_header(header, rule)
function url_inject(details)
{
const targets = url_extract_policy(details.url);
- if (targets.valid_sig) {
+ if (targets.current) {
return;
} else if (targets.policy) {
/* Redirect; update policy */
@@ -59,11 +60,16 @@ function url_inject(details)
/* Defaults */
settings = {};
- const policy = {allow: settings.allow, nonce: gen_nonce()};
- const policy_string = encodeURIComponent(JSON.stringify(policy));
- const sig = gen_unique(policy_string + targets.base_url);
+ const policy = encodeURIComponent(
+ JSON.stringify({
+ allow: settings.allow,
+ nonce: gen_nonce(),
+ base_url: targets.base_url
+ })
+ );
- let redirect_url = targets.base_url + '#' + sig + policy_string;
+ let redirect_url = targets.base_url;
+ redirect_url += '#' + sign_policy(policy, new Date()) + policy;
if (targets.target)
redirect_url += targets.target;
if (targets.target2)
@@ -75,12 +81,11 @@ function url_inject(details)
function inject(details)
{
const targets = url_extract_policy(details.url);
- if (!targets.valid_sig)
- /* Block unsigned requests */
+ if (!targets.current)
+ /* Block mis-/unsigned requests */
return {cancel: true};
const rule = csp_rule(targets.policy.nonce);
-
var headers = details.responseHeaders;
if (!targets.policy.allow || is_mozilla)