diff options
| author | jahoti <jahoti@tilde.team> | 2021-07-18 00:00:00 +0000 |
|---|---|---|
| committer | jahoti <jahoti@tilde.team> | 2021-07-18 00:00:00 +0000 |
| commit | ecb787046271de708b94da70240713e725299d86 (patch) | |
| tree | 9c7968dd81bd54fcb63debe951207337e95911cd /background | |
| parent | 8b823e1a6f29e52effc086d02dfe2e2812b2e187 (diff) | |
| download | browser-extension-ecb787046271de708b94da70240713e725299d86.tar.gz browser-extension-ecb787046271de708b94da70240713e725299d86.zip | |
Streamline and harden unique values/settings
The base URL is now included in the settings. The unique value no longer uses
it directly, as it is included by virtue of the settings; however, the number
of full hours since the epoch (UTC) is now incorporated.
Diffstat (limited to 'background')
| -rw-r--r-- | background/policy_injector.js | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/background/policy_injector.js b/background/policy_injector.js index 8a767fb..2cd7b6e 100644 --- a/background/policy_injector.js +++ b/background/policy_injector.js @@ -17,6 +17,7 @@ * IMPORT gen_nonce * IMPORT url_item * IMPORT url_extract_policy + * IMPORT sign_policy * IMPORT get_query_best * IMPORT csp_rule * IMPORTS_END @@ -46,7 +47,7 @@ function is_our_header(header, rule) function url_inject(details) { const targets = url_extract_policy(details.url); - if (targets.valid_sig) { + if (targets.current) { return; } else if (targets.policy) { /* Redirect; update policy */ @@ -59,11 +60,16 @@ function url_inject(details) /* Defaults */ settings = {}; - const policy = {allow: settings.allow, nonce: gen_nonce()}; - const policy_string = encodeURIComponent(JSON.stringify(policy)); - const sig = gen_unique(policy_string + targets.base_url); + const policy = encodeURIComponent( + JSON.stringify({ + allow: settings.allow, + nonce: gen_nonce(), + base_url: targets.base_url + }) + ); - let redirect_url = targets.base_url + '#' + sig + policy_string; + let redirect_url = targets.base_url; + redirect_url += '#' + sign_policy(policy, new Date()) + policy; if (targets.target) redirect_url += targets.target; if (targets.target2) @@ -75,12 +81,11 @@ function url_inject(details) function inject(details) { const targets = url_extract_policy(details.url); - if (!targets.valid_sig) - /* Block unsigned requests */ + if (!targets.current) + /* Block mis-/unsigned requests */ return {cancel: true}; const rule = csp_rule(targets.policy.nonce); - var headers = details.responseHeaders; if (!targets.policy.allow || is_mozilla) |