diff options
Diffstat (limited to 'background/policy_injector.js')
| -rw-r--r-- | background/policy_injector.js | 87 |
1 files changed, 0 insertions, 87 deletions
diff --git a/background/policy_injector.js b/background/policy_injector.js deleted file mode 100644 index 36c950e..0000000 --- a/background/policy_injector.js +++ /dev/null @@ -1,87 +0,0 @@ -/** - * This file is part of Haketilo. - * - * Function: Injecting policy to page by modifying HTTP headers. - * - * Copyright (C) 2021, Wojtek Kosior - * Copyright (C) 2021, jahoti - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * As additional permission under GNU GPL version 3 section 7, you - * may distribute forms of that code without the copy of the GNU - * GPL normally required by section 4, provided you include this - * license notice and, in case of non-source distribution, a URL - * through which recipients can access the Corresponding Source. - * If you modify file(s) with this exception, you may extend this - * exception to your version of the file(s), but you are not - * obligated to do so. If you do not wish to do so, delete this - * exception statement from your version. - * - * As a special exception to the GPL, any HTML file which merely - * makes function calls to this code, and for that purpose - * includes it by reference shall be deemed a separate work for - * copyright law purposes. If you modify this code, you may extend - * this exception to your version of the code, but you are not - * obligated to do so. If you do not wish to do so, delete this - * exception statement from your version. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <https://www.gnu.org/licenses/>. - * - * - * I, Wojtek Kosior, thereby promise not to sue for violation of this file's - * license. Although I request that you do not make use of this code in a - * proprietary program, I am not going to enforce this in court. - */ - -#FROM common/misc.js IMPORT csp_header_regex - -/* Re-enable the import below once nonce stuff here is ready */ -#IF NEVER -#FROM common/misc.js IMPORT gen_nonce -#ENDIF - -/* CSP rule that blocks scripts according to policy's needs. */ -function make_csp_rule(policy) -{ - let rule = "prefetch-src 'none'; script-src-attr 'none';"; - const script_src = policy.nonce !== undefined ? - `'nonce-${policy.nonce}'` : "'none'"; - rule += ` script-src ${script_src}; script-src-elem ${script_src};`; - return rule; -} - -function inject_csp_headers(headers, policy) -{ - let csp_headers; - - if (policy.payload) { - headers = headers.filter(h => !csp_header_regex.test(h.name)); - - // TODO: make CSP rules with nonces and facilitate passing them to - // content scripts via dynamic content script registration or - // synchronous XHRs - - // policy.nonce = gen_nonce(); - } - - if (!policy.allow && (policy.nonce || !policy.payload)) { - headers.push({ - name: "content-security-policy", - value: make_csp_rule(policy) - }); - } - - return headers; -} - -#EXPORT inject_csp_headers |