aboutsummaryrefslogtreecommitdiff
path: root/background
AgeCommit message (Collapse)Author
2022-03-24serialize and deserialize entire Response object when relaying fetch() calls ↵Wojtek Kosior
to other contexts using sendMessage
2022-03-11don't double-modify response headers retrieved from cacheWojtek Kosior
2022-03-10fix application of default blocking rule under ChromiumWojtek Kosior
2022-03-10fix chromium synchronous policy fetching for file:/// URLsWojtek Kosior
2022-03-10fix incorrect variable referenceWojtek Kosior
2022-03-04prepend all generated console messages with 'Haketilo:'Wojtek Kosior
2022-02-15change store names and data keys to singularWojtek Kosior
2022-02-14restore chromium supportWojtek Kosior
2022-02-09make resource dependency specifier an objectWojtek Kosior
2022-02-09adapt to changes in file path formatWojtek Kosior
From now on we assume Hydrilla serves file contents at 'file/sha256/<hash>' instead of 'file/sha256-<hash>'. With this commit we also stop using the "hash_key" property internally.
2022-01-29make Haketilo buildable again (for Mozilla)Wojtek Kosior
How cool it is to throw away 5755 lines of code...
2022-01-27facilitate querying IndexedDB for script files of resource and its dependenciesWojtek Kosior
2022-01-26add new root content scriptWojtek Kosior
2022-01-22add a mapping/resources installation dialogWojtek Kosior
2022-01-18facilitate caching repository responses in content scriptsWojtek Kosior
2022-01-18facilitate making CORS-agnostic requests through background scriptWojtek Kosior
2022-01-15make blocking rules queryable in pattern tree just as mappings areWojtek Kosior
2022-01-04fix license promise typoWojtek Kosior
2022-01-03improve and test the dafult policy dialogWojtek Kosior
This commit also fixes some bugs that manifested themselves spuriously.
2021-12-31utilize Pattern Tree to decide the policy to use and modify HTTP response ↵Wojtek Kosior
headers according to that policy This commit also enhances the build script so that preprocessor conditionals can now use operators '&&' and '||'. The features being developed are not yet included in the actual Haketilo build. Some of the new source files contain similar functionality to other ones already existing in the source tree. At some point the latter will be removed.
2021-12-27facilitate egistering dynamic content scripts with mappings dataWojtek Kosior
2021-12-22reworked build system; added missing license noticesWojtek Kosior
2021-12-14facilitate broadcasting messages to different execution contexts within the ↵Wojtek Kosior
webextension
2021-12-08facilitate initialization of IndexedDB for use by HaketiloWojtek Kosior
2021-12-03merge `master` (license notices) and `koszko` (v1.0 development)Wojtek Kosior
2021-12-01facilitate testing javascript functionsWojtek Kosior
Haketilo's .js files can now be loaded together with their dependencies and executed on a page opened in a selenium-driven Firefox instance.
2021-11-20replace cookies with synchronous XmlHttpRequest as policy smuggling method.Wojtek Kosior
Note: this breaks Mozilla port of Haketilo. Synchronous XmlHttpRequest doesn't work as well there. This will be fixed with dynamically-registered content scripts later.
2021-10-30Fix license notices on JS and SH filesjahoti
Other files have been left, as no model notice is available
2021-09-13rename the extension to "Haketilo"Wojtek Kosior
2021-09-10Make it impossible to check "Allow native scripts" for pages with payload.Wojtek Kosior
2021-09-09simplify CSP handlingWojtek Kosior
All page's CSP rules are now removed when a payload is to be injected. When there is no payload, CSP rules are not modified but only supplemented with Hachette's own.
2021-09-04merge changes before version 0.1Wojtek Kosior
2021-09-03only apply stream filter modifications when reasonably necessaryWojtek Kosior
2021-09-02enable toggling of global script blocking policy\n\nThis commit also ↵Wojtek Kosior
introduces `light_storage' module which is later going to replace the storage code we use right now.\nAlso included is a hack to properly display scrollbars under Mozilla (needs testing on newer Mozilla browsers).
2021-08-27put simplest, asynchronous local storage operations in a separate fileWojtek Kosior
2021-08-26filter HTTP request headers to remove Hachette cookies in case they slip throughWojtek Kosior
2021-08-26improve signing\n\nSignature timestamp is now handled in a saner way. Sha256 ↵Wojtek Kosior
implementation is no longer pulled in contexts that don't require it.
2021-08-23use StreamFilter under Mozilla to prevent csp <meta> tags from blocking our ↵Wojtek Kosior
injected scripts
2021-08-20sanitize `<meta>' tags containing CSP rules under ChromiumWojtek Kosior
This commit adds a mechanism of hijacking document when it loads and injecting sanitized nodes to the DOM from the level of content script.
2021-08-18remove unneeded policy-related cosole messages; restore IceCat 60 compatibilityWojtek Kosior
2021-08-18implement smuggling via cookies instead of URLWojtek Kosior
2021-08-14merge facility to install from HydrillaWojtek Kosior
2021-08-06Facilitate installation of scripts from the repositoryWojtek Kosior
This commit includes: * removal of page_info_server * running of storage client in popup context * extraction of some common CSS to a separate file * extraction of scripts import view to a separate file * addition of a facility to conveniently clone complex structures from DOM (in DOM_helpers.js) * addition of hydrilla repo url to default settings * other minor changes and of course changes related to the actual installation of scripts from the repo
2021-08-04make settings_query.js use storage object passed as an argumentWojtek Kosior
2021-08-02[UNTESTED- will test] Add filtering for http-equiv CSP headersjahoti
2021-07-28Rationalize CSP violation report blocking.jahoti
Report blocking now applies iff scripts are blocked.
2021-07-26code maintenanceWojtek Kosior
2021-07-26Squash more CSP-filtering bugsjahoti
On Firefox, original CSP headers are now smuggled (signed) in an x-orig-csp header to prevent re-processing issues with caching. Additionally, a default header is added for non-whitelisted domains in case there are no existing headers we can attach to.
2021-07-26Fix some bugs in the refined CSP handlingjahoti
2021-07-26[UNTESTED- will test] Use more nuanced CSP filteringjahoti
CSP headers are now parsed and processed, rather than treated as simple units. This allows us to ensure policies delivered as HTTP headers do not interfere with our script filtering, as well as to preserve useful protections while removing the ones that could be problematic. Additionally, prefetching should now be blocked on pages where native scripts aren't allowed, and all reporting of CSP violations has been stripped (is this appropriate?).