replace cookies with synchronous XmlHttpRequest as policy smuggling method.

Note: this breaks Mozilla port of Haketilo. Synchronous XmlHttpRequest doesn't work as well there. This will be fixed with dynamically-registered content scripts later.
author: Wojtek Kosior <koszko@koszko.org> 2021-11-20 18:29:59 +0100
committer: Wojtek Kosior <koszko@koszko.org> 2021-11-20 18:29:59 +0100
commit: 96068ada37bfa1d7e6485551138ba36600664caf (patch)
tree: 8c471e2b16a37d3ea83843385ee9c89859313046 /common/misc.js
parent: bd767301579c2253d34f60d4ebc4a647cbee5a53 (diff)
download: browser-extension-96068ada37bfa1d7e6485551138ba36600664caf.tar.gz
browser-extension-96068ada37bfa1d7e6485551138ba36600664caf.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/common/misc.js b/common/misc.js
index 9ffb7ff..5b0addb 100644
--- a/common/misc.js
+++ b/common/misc.js
@@ -49,7 +49,7 @@ function gen_nonce(length=16)
 function make_csp_rule(policy)
 {
     let rule = "prefetch-src 'none'; script-src-attr 'none';";
-    const script_src = policy.has_payload ?
+    const script_src = policy.nonce !== undefined ?
 	  `'nonce-${policy.nonce}'` : "'none'";
     rule += ` script-src ${script_src}; script-src-elem ${script_src};`;
     return rule;
author	Wojtek Kosior <koszko@koszko.org>	2021-11-20 18:29:59 +0100
committer	Wojtek Kosior <koszko@koszko.org>	2021-11-20 18:29:59 +0100
commit	96068ada37bfa1d7e6485551138ba36600664caf (patch)
tree	8c471e2b16a37d3ea83843385ee9c89859313046 /common/misc.js
parent	bd767301579c2253d34f60d4ebc4a647cbee5a53 (diff)
download	browser-extension-96068ada37bfa1d7e6485551138ba36600664caf.tar.gz browser-extension-96068ada37bfa1d7e6485551138ba36600664caf.zip