aboutsummaryrefslogtreecommitdiff
path: root/background
diff options
context:
space:
mode:
Diffstat (limited to 'background')
-rw-r--r--background/cookie_filter.js45
-rw-r--r--background/main.js33
-rw-r--r--background/page_actions_server.js11
-rw-r--r--background/policy_injector.js33
-rw-r--r--background/storage.js117
5 files changed, 128 insertions, 111 deletions
diff --git a/background/cookie_filter.js b/background/cookie_filter.js
new file mode 100644
index 0000000..fea2d23
--- /dev/null
+++ b/background/cookie_filter.js
@@ -0,0 +1,45 @@
+/**
+ * part of Hachette
+ * Filtering request headers to remove hachette cookies that might have slipped
+ * through.
+ *
+ * Copyright (C) 2021 Wojtek Kosior
+ * Redistribution terms are gathered in the `copyright' file.
+ */
+
+/*
+ * IMPORTS_START
+ * IMPORT extract_signed
+ * IMPORTS_END
+ */
+
+function is_valid_hachette_cookie(cookie)
+{
+ const match = /^hachette-(\w*)=(.*)$/.exec(cookie);
+ if (!match)
+ return false;
+
+ return !extract_signed(match.slice(1, 3)).fail;
+}
+
+function remove_hachette_cookies(header)
+{
+ if (header.name !== "Cookie")
+ return header;
+
+ const cookies = header.value.split("; ");
+ const value = cookies.filter(c => !is_valid_hachette_cookie(c)).join("; ");
+
+ return value ? {name: "Cookie", value} : null;
+}
+
+function filter_cookie_headers(headers)
+{
+ return headers.map(remove_hachette_cookies).filter(h => h);
+}
+
+/*
+ * EXPORTS_START
+ * EXPORT filter_cookie_headers
+ * EXPORTS_END
+ */
diff --git a/background/main.js b/background/main.js
index 2e9fa50..03cd5d7 100644
--- a/background/main.js
+++ b/background/main.js
@@ -9,6 +9,7 @@
* IMPORTS_START
* IMPORT TYPE_PREFIX
* IMPORT get_storage
+ * IMPORT light_storage
* IMPORT start_storage_server
* IMPORT start_page_actions_server
* IMPORT browser
@@ -17,6 +18,7 @@
* IMPORT gen_nonce
* IMPORT inject_csp_headers
* IMPORT apply_stream_filter
+ * IMPORT filter_cookie_headers
* IMPORT is_chrome
* IMPORTS_END
*/
@@ -49,6 +51,7 @@ browser.runtime.onInstalled.addListener(init_ext);
let storage;
+let policy_observable = {};
function on_headers_received(details)
{
@@ -58,7 +61,8 @@ function on_headers_received(details)
const [pattern, settings] = query_best(storage, details.url);
const has_payload = !!(settings && settings.components);
- const allow = !has_payload && !!(settings && settings.allow);
+ const allow = !has_payload &&
+ !!(settings ? settings.allow : policy_observable.value);
const nonce = gen_nonce();
const policy = {allow, url, nonce, has_payload};
@@ -70,7 +74,7 @@ function on_headers_received(details)
skip = true;
}
- headers = inject_csp_headers(details, headers, policy);
+ headers = inject_csp_headers(headers, policy);
skip = skip || (details.statusCode >= 300 && details.statusCode < 400);
if (!skip) {
@@ -82,19 +86,40 @@ function on_headers_received(details)
return {responseHeaders: headers};
}
+function on_before_send_headers(details)
+{
+ let headers = details.requestHeaders;
+ headers = filter_cookie_headers(headers);
+ return {requestHeaders: headers};
+}
+
+const all_types = [
+ "main_frame", "sub_frame", "stylesheet", "script", "image", "font",
+ "object", "xmlhttprequest", "ping", "csp_report", "media", "websocket",
+ "other", "main_frame", "sub_frame"
+];
+
async function start_webRequest_operations()
{
storage = await get_storage();
- const extra_opts = ["blocking", "responseHeaders"];
+ const extra_opts = ["blocking"];
if (is_chrome)
extra_opts.push("extraHeaders");
browser.webRequest.onHeadersReceived.addListener(
on_headers_received,
{urls: ["<all_urls>"], types: ["main_frame", "sub_frame"]},
- extra_opts
+ extra_opts.concat("responseHeaders")
);
+
+ browser.webRequest.onBeforeSendHeaders.addListener(
+ on_before_send_headers,
+ {urls: ["<all_urls>"], types: all_types},
+ extra_opts.concat("requestHeaders")
+ );
+
+ policy_observable = await light_storage.observe_var("default_allow");
}
start_webRequest_operations();
diff --git a/background/page_actions_server.js b/background/page_actions_server.js
index 58a0073..b0db5f5 100644
--- a/background/page_actions_server.js
+++ b/background/page_actions_server.js
@@ -8,6 +8,7 @@
/*
* IMPORTS_START
* IMPORT get_storage
+ * IMPORT light_storage
* IMPORT TYPE_PREFIX
* IMPORT CONNECTION_TYPE
* IMPORT browser
@@ -20,17 +21,17 @@
var storage;
var handler;
+let policy_observable;
function send_actions(url, port)
{
- const [pattern, settings] = query_best(storage, url);
+ let [pattern, settings] = query_best(storage, url);
+ if (!settings)
+ settings = {allow: policy_observable && policy_observable.value};
const repos = storage.get_all(TYPE_PREFIX.REPO);
port.postMessage(["settings", [pattern, settings, repos]]);
- if (settings === undefined)
- return;
-
let components = settings.components;
let processed_bags = new Set();
@@ -127,6 +128,8 @@ async function start_page_actions_server()
storage = await get_storage();
listen_for_connection(CONNECTION_TYPE.PAGE_ACTIONS, new_connection);
+
+ policy_observable = await light_storage.observe_var("default_allow");
}
/*
diff --git a/background/policy_injector.js b/background/policy_injector.js
index 1d4db6f..72318d4 100644
--- a/background/policy_injector.js
+++ b/background/policy_injector.js
@@ -16,25 +16,27 @@
* IMPORTS_END
*/
-function inject_csp_headers(details, headers, policy)
+function inject_csp_headers(headers, policy)
{
- const url = details.url;
-
- let orig_csp_headers;
+ let csp_headers;
let old_signature;
let hachette_header;
for (const header of headers.filter(h => h.name === "x-hachette")) {
- const match = /^([^%])(%.*)$/.exec(header.value);
+ /* x-hachette header has format: <signature>_0_<data> */
+ const match = /^([^_]+)_(0_.*)$/.exec(header.value);
if (!match)
continue;
- const old_data = extract_signed(...match.splice(1, 2), [[0]]);
- if (!old_data || old_data.url !== url)
+ const result = extract_signed(...match.slice(1, 3));
+ if (result.fail)
continue;
+ /* This should succeed - it's our self-produced valid JSON. */
+ const old_data = JSON.parse(decodeURIComponent(result.data));
+
/* Confirmed- it's the originals, smuggled in! */
- orig_csp_headers = old_data.csp_headers;
+ csp_headers = old_data.csp_headers;
old_signature = old_data.policy_sig;
hachette_header = header;
@@ -46,24 +48,23 @@ function inject_csp_headers(details, headers, policy)
headers.push(hachette_header);
}
- orig_csp_headers = orig_csp_headers ||
+ csp_headers = csp_headers ||
headers.filter(h => is_csp_header_name(h.name));
/* When blocking remove report-only CSP headers that snitch on us. */
headers = headers.filter(h => !is_csp_header_name(h.name, !policy.allow));
if (old_signature)
- headers = headers.filter(h => h.name.search(old_signature) === -1);
+ headers = headers.filter(h => h.value.search(old_signature) === -1);
- const sanitizer = h => sanitize_csp_header(h, policy);
- headers.push(...orig_csp_headers.map(sanitizer));
+ headers.push(...csp_headers.map(h => sanitize_csp_header(h, policy)));
const policy_str = encodeURIComponent(JSON.stringify(policy));
- const policy_sig = sign_data(policy_str, new Date());
+ const signed_policy = sign_data(policy_str, new Date().getTime());
const later_30sec = new Date(new Date().getTime() + 30000).toGMTString();
headers.push({
name: "Set-Cookie",
- value: `hachette-${policy_sig}=${policy_str}; Expires=${later_30sec};`
+ value: `hachette-${signed_policy.join("=")}; Expires=${later_30sec};`
});
/*
@@ -71,9 +72,9 @@ function inject_csp_headers(details, headers, policy)
* These are signed with a time of 0, as it's not clear there is a limit on
* how long Firefox might retain headers in the cache.
*/
- let hachette_data = {csp_headers: orig_csp_headers, policy_sig, url};
+ let hachette_data = {csp_headers, policy_sig: signed_policy[0]};
hachette_data = encodeURIComponent(JSON.stringify(hachette_data));
- hachette_header.value = sign_data(hachette_data, 0) + hachette_data;
+ hachette_header.value = sign_data(hachette_data, 0).join("_");
/* To ensure there is a CSP header if required */
if (!policy.allow)
diff --git a/background/storage.js b/background/storage.js
index c2160b0..12c0c61 100644
--- a/background/storage.js
+++ b/background/storage.js
@@ -7,7 +7,7 @@
/*
* IMPORTS_START
- * IMPORT TYPE_PREFIX
+ * IMPORT raw_storage
* IMPORT TYPE_NAME
* IMPORT list_prefixes
* IMPORT make_lock
@@ -15,76 +15,17 @@
* IMPORT unlock
* IMPORT make_once
* IMPORT browser
- * IMPORT is_chrome
* IMPORT observables
* IMPORTS_END
*/
var exports = {};
-/* We're yet to decide how to handle errors... */
-
-/* Here are some basic wrappers for storage API functions */
-
-async function get(key)
-{
- try {
- /* Fix for fact that Chrome does not use promises here */
- let promise = is_chrome ?
- new Promise((resolve, reject) =>
- chrome.storage.local.get(key,
- val => resolve(val))) :
- browser.storage.local.get(key);
-
- return (await promise)[key];
- } catch (e) {
- console.log(e);
- }
-}
-
-async function set(key, value)
-{
- try {
- return browser.storage.local.set({[key]: value});
- } catch (e) {
- console.log(e);
- }
-}
-
-async function setn(keys_and_values)
-{
- let obj = Object();
- while (keys_and_values.length > 1) {
- let value = keys_and_values.pop();
- let key = keys_and_values.pop();
- obj[key] = value;
- }
-
- try {
- return browser.storage.local.set(obj);
- } catch (e) {
- console.log(e);
- }
-}
-
-async function set_var(name, value)
-{
- return set(TYPE_PREFIX.VAR + name, value);
-}
-
-async function get_var(name)
-{
- return get(TYPE_PREFIX.VAR + name);
-}
-
-/*
- * A special case of persisted variable is one that contains list
- * of items.
- */
+/* A special case of persisted variable is one that contains list of items. */
async function get_list_var(name)
{
- let list = await get_var(name);
+ let list = await raw_storage.get_var(name);
return list === undefined ? [] : list;
}
@@ -97,7 +38,7 @@ async function list(prefix)
let map = new Map();
for (let item of await get_list_var(name))
- map.set(item, await get(prefix + item));
+ map.set(item, await raw_storage.get(prefix + item));
return {map, prefix, name, observable: observables.make(),
lock: make_lock()};
@@ -175,19 +116,19 @@ async function set_item(item, value, list)
}
async function _set_item(item, value, list)
{
- let key = list.prefix + item;
- let old_val = list.map.get(item);
+ const key = list.prefix + item;
+ const old_val = list.map.get(item);
+ const set_obj = {[key]: value};
if (old_val === undefined) {
- let items = list_items(list);
+ const items = list_items(list);
items.push(item);
- await setn([key, value, "_" + list.name, items]);
- } else {
- await set(key, value);
+ set_obj["_" + list.name] = items;
}
- list.map.set(item, value)
+ await raw_storage.set(set_obj);
+ list.map.set(item, value);
- let change = {
+ const change = {
prefix : list.prefix,
item,
old_val,
@@ -212,20 +153,21 @@ async function remove_item(item, list)
}
async function _remove_item(item, list)
{
- let old_val = list.map.get(item);
+ const old_val = list.map.get(item);
if (old_val === undefined)
return;
- let key = list.prefix + item;
- let items = list_items(list);
- let index = items.indexOf(item);
+ const items = list_items(list);
+ const index = items.indexOf(item);
items.splice(index, 1);
- await setn([key, undefined, "_" + list.name, items]);
-
+ await raw_storage.set({
+ [list.prefix + item]: undefined,
+ ["_" + list.name]: items
+ });
list.map.delete(item);
- let change = {
+ const change = {
prefix : list.prefix,
item,
old_val,
@@ -247,11 +189,11 @@ async function replace_item(old_item, new_item, list, new_val=undefined)
}
async function _replace_item(old_item, new_item, list, new_val=undefined)
{
- let old_val = list.map.get(old_item);
+ const old_val = list.map.get(old_item);
if (new_val === undefined) {
if (old_val === undefined)
return;
- new_val = old_val
+ new_val = old_val;
} else if (new_val === old_val && new_item === old_item) {
return old_val;
}
@@ -261,17 +203,18 @@ async function _replace_item(old_item, new_item, list, new_val=undefined)
return old_val;
}
- let new_key = list.prefix + new_item;
- let old_key = list.prefix + old_item;
- let items = list_items(list);
- let index = items.indexOf(old_item);
+ const items = list_items(list);
+ const index = items.indexOf(old_item);
items[index] = new_item;
- await setn([old_key, undefined, new_key, new_val,
- "_" + list.name, items]);
+ await raw_storage.set({
+ [list.prefix + old_item]: undefined,
+ [list.prefix + new_item]: new_val,
+ ["_" + list.name]: items
+ });
list.map.delete(old_item);
- let change = {
+ const change = {
prefix : list.prefix,
item : old_item,
old_val,
generated by cgit