Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-07-17 | Revamp signatures and break header caching on FF | jahoti | |
Signatures, instead of consisting of the secure salt followed by the unique value generated from the URL, are now the unique value generated from the policy value (which will follow them) succeeded by the URL. CSP headers are now _always_ cleared on FF, regardless of whether the page is whitelisted or not. This means whitelisting takes effect on page reload, rather than only when caching occurs. However, it obviously presents security issues; refinment will occur in a future commit. | |||
2021-07-16 | Use URL-based policy smuggling | jahoti | |
Increase the power of URL-based smuggling by making it (effectively) compulsory in all cases and adapting a <salt><unique value><JSON-encoded settings> structure. While the details still need to be worked out, the potential for future expansion is there. | |||
2021-06-30 | fix whitelisting under Firefox | Wojtek Kosior | |
2021-06-30 | refactor 3 miscellaneous fnctionalities to a their single own file | Wojtek Kosior | |
2021-06-30 | emply an sh-based build system; make some changes to blocking | Wojtek Kosior | |
2021-06-25 | gather all copyright info in 'copyright' file | Wojtek Kosior | |
2021-06-18 | when possible inject CSP as http(s) header using webRequest instead of ↵ | Wojtek Kosior | |
adding a <meta> tag |