From dcfc78b0d175bee7b3b7e273282078d50bd4ca09 Mon Sep 17 00:00:00 2001
From: jahoti <jahoti@tilde.team>
Date: Mon, 12 Jul 2021 00:00:00 +0000
Subject: Stop using the nonce consistently for a URL

Nonces are now randomly generated, either in the page (for non-HTTP(S) pages)
or by a background module which stores them by tab and frame IDs. In order to
support the increased variance in nonce-generating methods and allow them to
be loaded from the background, handle_page_actions is now invoked separately
according to (non-)blocking mechanism.
---
 background/nonce_store.js | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 background/nonce_store.js

(limited to 'background/nonce_store.js')

diff --git a/background/nonce_store.js b/background/nonce_store.js
new file mode 100644
index 0000000..9370876
--- /dev/null
+++ b/background/nonce_store.js
@@ -0,0 +1,30 @@
+/**
+ * Central management of HTTP(S) nonces
+ *
+ * Copyright (C) 2021 jahoti
+ * Redistribution terms are gathered in the `copyright' file.
+ */
+
+/*
+ * IMPORTS_START
+ * IMPORT gen_nonce
+ * IMPORTS_END
+ */
+
+var nonces = {};
+
+function retrieve_nonce(tabId, frameId, update)
+{
+    let code = tabId + '.' + frameId;
+    console.log('Nonce for ' + code + ' ' + (update ? 'created/updated' : 'requested'));
+    if (update)
+        nonces[code] = gen_nonce();
+    
+    return nonces[code];
+}
+
+/*
+ * EXPORTS_START
+ * EXPORT retrieve_nonce
+ * EXPORTS_END
+ */
-- 
cgit v1.2.3