aboutsummaryrefslogtreecommitdiff
path: root/background/policy_injector.js
blob: b49ec4773300cd9ff7b30928ebad7976f5f3a6a5 (about) (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
/**
 * This file is part of Haketilo.
 *
 * Function: Injecting policy to page by modifying HTTP headers.
 *
 * Copyright (C) 2021 Wojtek Kosior
 * Copyright (C) 2021 jahoti
 * Redistribution terms are gathered in the `copyright' file.
 */

/*
 * IMPORTS_START
 * IMPORT make_csp_rule
 * IMPORT csp_header_regex
 * Re-enable the import below once nonce stuff here is ready
 * !mport gen_nonce
 * IMPORTS_END
 */

function inject_csp_headers(headers, policy)
{
    let csp_headers;

    if (policy.payload) {
	headers = headers.filter(h => !csp_header_regex.test(h.name));

	// TODO: make CSP rules with nonces and facilitate passing them to
	// content scripts via dynamic content script registration or
	// synchronous XHRs

	// policy.nonce = gen_nonce();
    }

    if (!policy.allow && (policy.nonce || !policy.payload)) {
	headers.push({
	    name: "content-security-policy",
	    value: make_csp_rule(policy)
	});
    }

    return headers;
}

/*
 * EXPORTS_START
 * EXPORT inject_csp_headers
 * EXPORTS_END
 */