aboutsummaryrefslogtreecommitdiff
path: root/.gitignore
diff options
context:
space:
mode:
Diffstat (limited to '.gitignore')
0 files changed, 0 insertions, 0 deletions
generated by cgit
gs containing CSP rules under ChromiumWojtek Kosior This commit adds a mechanism of hijacking document when it loads and injecting sanitized nodes to the DOM from the level of content script. 2021-08-18remove unneeded policy-related cosole messages; restore IceCat 60 compatibilityWojtek Kosior 2021-08-18implement smuggling via cookies instead of URLWojtek Kosior 2021-08-14merge facility to install from HydrillaWojtek Kosior 2021-08-04make settings_query.js use storage object passed as an argumentWojtek Kosior 2021-08-02[UNTESTED- will test] Add filtering for http-equiv CSP headersjahoti 2021-07-28Rationalize CSP violation report blocking.jahoti Report blocking now applies iff scripts are blocked. 2021-07-26code maintenanceWojtek Kosior 2021-07-26Squash more CSP-filtering bugsjahoti On Firefox, original CSP headers are now smuggled (signed) in an x-orig-csp header to prevent re-processing issues with caching. Additionally, a default header is added for non-whitelisted domains in case there are no existing headers we can attach to. 2021-07-26Fix some bugs in the refined CSP handlingjahoti 2021-07-26[UNTESTED- will test] Use more nuanced CSP filteringjahoti CSP headers are now parsed and processed, rather than treated as simple units. This allows us to ensure policies delivered as HTTP headers do not interfere with our script filtering, as well as to preserve useful protections while removing the ones that could be problematic. Additionally, prefetching should now be blocked on pages where native scripts aren't allowed, and all reporting of CSP violations has been stripped (is this appropriate?).