diff options
Diffstat (limited to 'background/policy_injector.js')
-rw-r--r-- | background/policy_injector.js | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/background/policy_injector.js b/background/policy_injector.js index 2544e8e..b1fc733 100644 --- a/background/policy_injector.js +++ b/background/policy_injector.js @@ -43,13 +43,23 @@ * proprietary program, I am not going to enforce this in court. */ -#FROM common/misc.js IMPORT make_csp_rule, csp_header_regex +#FROM common/misc.js IMPORT csp_header_regex /* Re-enable the import below once nonce stuff here is ready */ #IF NEVER #FROM common/misc.js IMPORT gen_nonce #ENDIF +/* CSP rule that blocks scripts according to policy's needs. */ +function make_csp_rule(policy) +{ + let rule = "prefetch-src 'none'; script-src-attr 'none';"; + const script_src = policy.nonce !== undefined ? + `'nonce-${policy.nonce}'` : "'none'"; + rule += ` script-src ${script_src}; script-src-elem ${script_src};`; + return rule; +} + function inject_csp_headers(headers, policy) { let csp_headers; |