diff options
Diffstat (limited to 'background')
-rw-r--r-- | background/policy_injector.js | 65 |
1 files changed, 32 insertions, 33 deletions
diff --git a/background/policy_injector.js b/background/policy_injector.js index 2cd7b6e..ee97333 100644 --- a/background/policy_injector.js +++ b/background/policy_injector.js @@ -15,8 +15,9 @@ * IMPORT is_mozilla * IMPORT gen_unique * IMPORT gen_nonce + * IMPORT is_privileged_url * IMPORT url_item - * IMPORT url_extract_policy + * IMPORT url_extract_target * IMPORT sign_policy * IMPORT get_query_best * IMPORT csp_rule @@ -39,27 +40,24 @@ function is_csp_header(header) return !!csp_header_names[header.name.toLowerCase()]; } -function is_our_header(header, rule) -{ - return header.value === rule -} - function url_inject(details) { - const targets = url_extract_policy(details.url); - if (targets.current) { + if (is_privileged_url(details.url)) return; - } else if (targets.policy) { - /* Redirect; update policy */ - targets.target = targets.target2; - delete targets.target2 - } + + const targets = url_extract_target(details.url); + if (targets.current) + return; + + /* Redirect; update policy */ + if (targets.policy) + targets.target = ""; let [pattern, settings] = query_best(targets.base_url); + /* Defaults */ if (!pattern) - /* Defaults */ settings = {}; - + const policy = encodeURIComponent( JSON.stringify({ allow: settings.allow, @@ -67,39 +65,40 @@ function url_inject(details) base_url: targets.base_url }) ); - - let redirect_url = targets.base_url; - redirect_url += '#' + sign_policy(policy, new Date()) + policy; - if (targets.target) - redirect_url += targets.target; - if (targets.target2) - redirect_url += targets.target2; - - return {redirectUrl: redirect_url}; + + return { + redirectUrl: [ + targets.base_url, + '#', sign_policy(policy, new Date()), policy, + targets.target, + targets.target2 + ].join("") + }; } -function inject(details) +function headers_inject(details) { - const targets = url_extract_policy(details.url); + const targets = url_extract_target(details.url); + /* Block mis-/unsigned requests */ if (!targets.current) - /* Block mis-/unsigned requests */ return {cancel: true}; const rule = csp_rule(targets.policy.nonce); var headers = details.responseHeaders; + /* + * Chrome doesn't have the buggy behavior of caching headers + * we injected. Firefox does and we have to remove it there. + */ if (!targets.policy.allow || is_mozilla) - /* - * Chrome doesn't have the buggy behavior of caching headers - * we injected. Firefox does and we have to remove it there. - */ headers = headers.filter(h => !is_csp_header(h)); - if (!targets.policy.allow) + if (!targets.policy.allow) { headers.push({ name : header_name, value : rule }); + } return {responseHeaders: headers}; } @@ -123,7 +122,7 @@ async function start_policy_injector() ); browser.webRequest.onHeadersReceived.addListener( - inject, + headers_inject, { urls: ["<all_urls>"], types: ["main_frame", "sub_frame"] |