From dcfc78b0d175bee7b3b7e273282078d50bd4ca09 Mon Sep 17 00:00:00 2001
From: jahoti <jahoti@tilde.team>
Date: Mon, 12 Jul 2021 00:00:00 +0000
Subject: Stop using the nonce consistently for a URL

Nonces are now randomly generated, either in the page (for non-HTTP(S) pages)
or by a background module which stores them by tab and frame IDs. In order to
support the increased variance in nonce-generating methods and allow them to
be loaded from the background, handle_page_actions is now invoked separately
according to (non-)blocking mechanism.
---
 background/policy_injector.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'background/policy_injector.js')

diff --git a/background/policy_injector.js b/background/policy_injector.js
index eb67963..9f79425 100644
--- a/background/policy_injector.js
+++ b/background/policy_injector.js
@@ -11,7 +11,7 @@
  * IMPORT get_storage
  * IMPORT browser
  * IMPORT is_chrome
- * IMPORT gen_unique
+ * IMPORT retrieve_nonce
  * IMPORT url_item
  * IMPORT get_query_best
  * IMPORT csp_rule
@@ -45,7 +45,7 @@ function inject(details)
 
     const [pattern, settings] = query_best(url);
 
-    const nonce = gen_unique(url);
+    const nonce = retrieve_nonce(details.tabId, details.frameId, true);
     const rule = csp_rule(nonce);
 
     var headers;
-- 
cgit v1.2.3