From 96068ada37bfa1d7e6485551138ba36600664caf Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Sat, 20 Nov 2021 18:29:59 +0100
Subject: replace cookies with synchronous XmlHttpRequest as policy smuggling
 method.

Note: this breaks Mozilla port of Haketilo. Synchronous XmlHttpRequest doesn't work as well there. This will be fixed with dynamically-registered content scripts later.
---
 content/page_actions.js | 27 ++++++++++++---------------
 1 file changed, 12 insertions(+), 15 deletions(-)

(limited to 'content/page_actions.js')

diff --git a/content/page_actions.js b/content/page_actions.js
index db7c352..845e452 100644
--- a/content/page_actions.js
+++ b/content/page_actions.js
@@ -12,19 +12,17 @@
  * IMPORT CONNECTION_TYPE
  * IMPORT browser
  * IMPORT report_script
- * IMPORT report_settings
  * IMPORT report_document_type
  * IMPORTS_END
  */
 
-let policy_received_callback;
+let policy;
 /* Snapshot url and content type early; these can be changed by other code. */
 let url;
 let is_html;
 let port;
 let loaded = false;
 let scripts_awaiting = [];
-let nonce;
 
 function handle_message(message)
 {
@@ -38,9 +36,8 @@ function handle_message(message)
 		scripts_awaiting.push(script_text);
 	}
     }
-    if (action === "settings") {
-	report_settings(data);
-	policy_received_callback({url, allow: data[1].allow});
+    else {
+	console.error(`Bad page action '${action}'.`);
     }
 }
 
@@ -61,27 +58,27 @@ function add_script(script_text)
 
     let script = document.createElement("script");
     script.textContent = script_text;
-    script.setAttribute("nonce", nonce);
+    script.setAttribute("nonce", policy.nonce);
     script.haketilo_payload = true;
     document.body.appendChild(script);
 
     report_script(script_text);
 }
 
-function handle_page_actions(script_nonce, policy_received_cb,
-			     doc_ready_promise) {
-    policy_received_callback = policy_received_cb;
+function handle_page_actions(_policy, doc_ready_promise) {
+    policy = _policy;
+
     url = document.URL;
     is_html = document instanceof HTMLDocument;
     report_document_type(is_html);
 
     doc_ready_promise.then(document_ready);
 
-    port = browser.runtime.connect({name : CONNECTION_TYPE.PAGE_ACTIONS});
-    port.onMessage.addListener(handle_message);
-    port.postMessage({url});
-
-    nonce = script_nonce;
+    if (policy.payload) {
+	port = browser.runtime.connect({name : CONNECTION_TYPE.PAGE_ACTIONS});
+	port.onMessage.addListener(handle_message);
+	port.postMessage({payload: policy.payload});
+    }
 }
 
 /*
-- 
cgit v1.2.3