summaryrefslogtreecommitdiff
path: root/background/policy_injector.js
AgeCommit message (Collapse)Author
2021-07-19Refer to the extension consistently as "Hachette" and remove TODOS.orgjahoti
from the copyright file
2021-07-18Streamline and harden unique values/settingsjahoti
The base URL is now included in the settings. The unique value no longer uses it directly, as it is included by virtue of the settings; however, the number of full hours since the epoch (UTC) is now incorporated.
2021-07-17Revamp signatures and break header caching on FFjahoti
Signatures, instead of consisting of the secure salt followed by the unique value generated from the URL, are now the unique value generated from the policy value (which will follow them) succeeded by the URL. CSP headers are now _always_ cleared on FF, regardless of whether the page is whitelisted or not. This means whitelisting takes effect on page reload, rather than only when caching occurs. However, it obviously presents security issues; refinment will occur in a future commit.
2021-07-16Use URL-based policy smugglingjahoti
Increase the power of URL-based smuggling by making it (effectively) compulsory in all cases and adapting a <salt><unique value><JSON-encoded settings> structure. While the details still need to be worked out, the potential for future expansion is there.
2021-06-30fix whitelisting under FirefoxWojtek Kosior
2021-06-30refactor 3 miscellaneous fnctionalities to a their single own fileWojtek Kosior
2021-06-30emply an sh-based build system; make some changes to blockingWojtek Kosior
2021-06-25gather all copyright info in 'copyright' fileWojtek Kosior
2021-06-18when possible inject CSP as http(s) header using webRequest instead of ↵Wojtek Kosior
adding a <meta> tag
generated by cgit