From 5fcc980828047e966c24fde8a80e7f819a457e36 Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Mon, 26 Jul 2021 12:10:13 +0200
Subject: code maintenance

---
 background/policy_injector.js | 58 ++++++++++++++++++++-----------------------
 1 file changed, 27 insertions(+), 31 deletions(-)

(limited to 'background')

diff --git a/background/policy_injector.js b/background/policy_injector.js
index f58fb71..386cf22 100644
--- a/background/policy_injector.js
+++ b/background/policy_injector.js
@@ -26,27 +26,23 @@
 var storage;
 var query_best;
 
-const csp_header_names = {
-    "content-security-policy" : true,
-    "x-webkit-csp" : true,
-    "x-content-security-policy" : true
-};
-
-const unwanted_csp_directives = {
-    "report-to" : true,
-    "report-uri" : true,
-    "script-src" : true,
-    "script-src-elem" : true,
-    "prefetch-src": true
-};
+const csp_header_names = new Set([
+    "content-security-policy",
+    "x-webkit-csp",
+    "x-content-security-policy"
+]);
+
+/* TODO: variable no longer in use; remove if not needed */
+const unwanted_csp_directives = new Set([
+    "report-to",
+    "report-uri",
+    "script-src",
+    "script-src-elem",
+    "prefetch-src"
+]);
 
 const report_only = "content-security-policy-report-only";
 
-function not_csp_header(header)
-{
-    return !csp_header_names[header.name.toLowerCase()];
-}
-
 function url_inject(details)
 {
     if (is_privileged_url(details.url))
@@ -86,18 +82,18 @@ function url_inject(details)
 function process_csp_header(header, rule, block)
 {
     const csp = parse_csp(header.value);
-    
+
     /* No snitching */
     delete csp['report-to'];
     delete csp['report-uri'];
-    
+
     if (block) {
 	delete csp['script-src'];
 	delete csp['script-src-elem'];
 	csp['script-src-attr'] = ["'none'"];
 	csp['prefetch-src'] = ["'none'"];
     }
-    
+
     if ('script-src' in csp)
 	csp['script-src'].push(rule);
     else
@@ -107,12 +103,12 @@ function process_csp_header(header, rule, block)
 	csp['script-src-elem'].push(rule);
     else
 	csp['script-src-elem'] = [rule];
-    
+
     const new_policy = Object.entries(csp).map(
-	i => i[0] + ' ' + i[1].join(' ') + ';'
+	i => `${i[0]} ${i[1].join(' ')};`
     );
-    
-    return {name: header.name, value: new_policy.join('')}
+
+    return {name: header.name, value: new_policy.join('')};
 }
 
 function headers_inject(details)
@@ -128,13 +124,13 @@ function headers_inject(details)
 
     const rule = `'nonce-${targets.policy.nonce}'`;
     const block = !targets.policy.allow;
-    
-    for (let header of details.responseHeaders) {
-	if (not_csp_header(header)) {
+
+    for (const header of details.responseHeaders) {
+	if (!csp_header_names.has(header)) {
 	    /* Retain all non-snitching headers */
 	    if (header.name.toLowerCase() !== report_only) {
 		headers.push(header);
-		
+
 		/* If these are the original CSP headers, use them instead */
 		/* Test based on url_extract_target() in misc.js */
 		if (is_mozilla && header.name === "x-orig-csp") {
@@ -157,7 +153,7 @@ function headers_inject(details)
 		    }
 
 		    orig_csp_headers = csp_headers = null;
-		    for (let header of data)
+		    for (const header of data)
 			headers.push(process_csp_header(header, rule, block));
 		}
 	    }
@@ -166,7 +162,7 @@ function headers_inject(details)
 	}
 	if (is_mozilla && !orig_csp_headers)
 	    continue;
-	
+
 	csp_headers.push(process_csp_header(header, rule, block));
 	if (is_mozilla)
 	    orig_csp_headers.push(header);
-- 
cgit v1.2.3