summaryrefslogtreecommitdiff
path: root/content
diff options
context:
space:
mode:
Diffstat (limited to 'content')
-rw-r--r--content/main.js33
1 files changed, 26 insertions, 7 deletions
diff --git a/content/main.js b/content/main.js
index 4ae7738..984b3cb 100644
--- a/content/main.js
+++ b/content/main.js
@@ -32,17 +32,36 @@ function accept_node(node, parent)
}
if (!is_privileged_url(document.URL)) {
- const reductor =
- (ac, [_, sig, pol]) => ac[0] && ac || [extract_signed(sig, pol), sig];
- const matches = [...document.cookie.matchAll(/hachette-(\w*)=([^;]*)/g)];
- let [policy, signature] = matches.reduce(reductor, []);
+ /* Signature valid for half an hour. */
+ const min_time = new Date().getTime() - 1800 * 1000;
+ let best_result = {time: -1};
+ let policy = null;
+ const extracted_signatures = [];
+ for (const match of document.cookie.matchAll(/hachette-(\w*)=([^;]*)/g)) {
+ const new_result = extract_signed(...match.slice(1, 3));
+ if (new_result.fail)
+ continue;
- if (!policy || policy.url !== document.URL) {
- console.log("WARNING! Using default policy!!!");
+ extracted_signatures.push(match[1]);
+
+ if (new_result.time < Math.max(min_time, best_result.time))
+ continue;
+
+ /* This should succeed - it's our self-produced valid JSON. */
+ const new_policy = JSON.parse(decodeURIComponent(new_result.data));
+ if (new_policy.url !== document.URL)
+ continue;
+
+ best_result = new_result;
+ policy = new_policy;
+ }
+
+ if (!policy) {
+ console.warn("WARNING! Using default policy!!!");
policy = {allow: false, nonce: gen_nonce()};
}
- if (signature)
+ for (const signature of extracted_signatures)
document.cookie = `hachette-${signature}=; Max-Age=-1;`;
handle_page_actions(policy.nonce);