diff options
Diffstat (limited to 'common')
-rw-r--r-- | common/misc.js | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/common/misc.js b/common/misc.js index 91d60d2..97fc2dc 100644 --- a/common/misc.js +++ b/common/misc.js @@ -146,6 +146,17 @@ function sanitize_csp_header(header, policy) return {name: header.name, value: new_csp.join('')}; } +/* csp rule that blocks all scripts except for those injected by us */ +function make_csp_rule(policy) +{ + let rule = "prefetch-src 'none'; ", nonce = `'nonce-${policy.nonce}'`; + if (!policy.allow) { + rule += `script-src ${nonce}; script-src-elem ${nonce}; ` + + "script-src-attr 'none'; "; + } + return rule; +} + /* Regexes and objects to use as/in schemas for parse_json_with_schema(). */ const nonempty_string_matcher = /.+/; @@ -161,7 +172,7 @@ const matchers = { /* * EXPORTS_START * EXPORT gen_nonce - * EXPORT csp_rule + * EXPORT make_csp_rule * EXPORT is_csp_header_name * EXPORT nice_name * EXPORT open_in_settings |