From ecb787046271de708b94da70240713e725299d86 Mon Sep 17 00:00:00 2001 From: jahoti Date: Sun, 18 Jul 2021 00:00:00 +0000 Subject: Streamline and harden unique values/settings The base URL is now included in the settings. The unique value no longer uses it directly, as it is included by virtue of the settings; however, the number of full hours since the epoch (UTC) is now incorporated. --- background/policy_injector.js | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) (limited to 'background') diff --git a/background/policy_injector.js b/background/policy_injector.js index 8a767fb..2cd7b6e 100644 --- a/background/policy_injector.js +++ b/background/policy_injector.js @@ -17,6 +17,7 @@ * IMPORT gen_nonce * IMPORT url_item * IMPORT url_extract_policy + * IMPORT sign_policy * IMPORT get_query_best * IMPORT csp_rule * IMPORTS_END @@ -46,7 +47,7 @@ function is_our_header(header, rule) function url_inject(details) { const targets = url_extract_policy(details.url); - if (targets.valid_sig) { + if (targets.current) { return; } else if (targets.policy) { /* Redirect; update policy */ @@ -59,11 +60,16 @@ function url_inject(details) /* Defaults */ settings = {}; - const policy = {allow: settings.allow, nonce: gen_nonce()}; - const policy_string = encodeURIComponent(JSON.stringify(policy)); - const sig = gen_unique(policy_string + targets.base_url); + const policy = encodeURIComponent( + JSON.stringify({ + allow: settings.allow, + nonce: gen_nonce(), + base_url: targets.base_url + }) + ); - let redirect_url = targets.base_url + '#' + sig + policy_string; + let redirect_url = targets.base_url; + redirect_url += '#' + sign_policy(policy, new Date()) + policy; if (targets.target) redirect_url += targets.target; if (targets.target2) @@ -75,12 +81,11 @@ function url_inject(details) function inject(details) { const targets = url_extract_policy(details.url); - if (!targets.valid_sig) - /* Block unsigned requests */ + if (!targets.current) + /* Block mis-/unsigned requests */ return {cancel: true}; const rule = csp_rule(targets.policy.nonce); - var headers = details.responseHeaders; if (!targets.policy.allow || is_mozilla) -- cgit v1.2.3