diff options
author | Wojtek Kosior <koszko@koszko.org> | 2021-11-20 18:29:59 +0100 |
---|---|---|
committer | Wojtek Kosior <koszko@koszko.org> | 2021-11-20 18:29:59 +0100 |
commit | 96068ada37bfa1d7e6485551138ba36600664caf (patch) | |
tree | 8c471e2b16a37d3ea83843385ee9c89859313046 /common/misc.js | |
parent | bd767301579c2253d34f60d4ebc4a647cbee5a53 (diff) | |
download | browser-extension-96068ada37bfa1d7e6485551138ba36600664caf.tar.gz browser-extension-96068ada37bfa1d7e6485551138ba36600664caf.zip |
replace cookies with synchronous XmlHttpRequest as policy smuggling method.
Note: this breaks Mozilla port of Haketilo. Synchronous XmlHttpRequest doesn't work as well there. This will be fixed with dynamically-registered content scripts later.
Diffstat (limited to 'common/misc.js')
-rw-r--r-- | common/misc.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/common/misc.js b/common/misc.js index 9ffb7ff..5b0addb 100644 --- a/common/misc.js +++ b/common/misc.js @@ -49,7 +49,7 @@ function gen_nonce(length=16) function make_csp_rule(policy) { let rule = "prefetch-src 'none'; script-src-attr 'none';"; - const script_src = policy.has_payload ? + const script_src = policy.nonce !== undefined ? `'nonce-${policy.nonce}'` : "'none'"; rule += ` script-src ${script_src}; script-src-elem ${script_src};`; return rule; |