From 85a0cacb28b84005d5d034a53973153d49214723 Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Fri, 21 Oct 2022 18:29:43 +0200
Subject: [proxy] rework CSP manipulation

---
 src/hydrilla/proxy/policies/rule.py | 48 +++++++------------------------------
 1 file changed, 9 insertions(+), 39 deletions(-)

(limited to 'src/hydrilla/proxy/policies/rule.py')

diff --git a/src/hydrilla/proxy/policies/rule.py b/src/hydrilla/proxy/policies/rule.py
index 8272d2f..c62f473 100644
--- a/src/hydrilla/proxy/policies/rule.py
+++ b/src/hydrilla/proxy/policies/rule.py
@@ -43,53 +43,23 @@ class AllowPolicy(base.Policy):
     """...."""
     priority: t.ClassVar[base.PolicyPriority] = base.PolicyPriority._TWO
 
+
+script_csp_directives = ('script-src', 'script-src-elem', 'script-src-attr')
+
 class BlockPolicy(base.Policy):
     """...."""
     _process_response: t.ClassVar[bool] = True
 
     priority: t.ClassVar[base.PolicyPriority] = base.PolicyPriority._TWO
 
-    def _modify_headers(self, response_info: http_messages.ResponseInfo) \
-        -> http_messages.IHeaders:
-        new_headers = []
-
-        csp_policies = csp.extract(response_info.headers)
-
-        for key, val in response_info.headers.items():
-            if key.lower() not in csp.header_names_and_dispositions:
-                new_headers.append((key, val))
-
-        for policy in csp_policies:
-            if policy.disposition != 'enforce':
-                continue
-
-            directives = policy.directives.mutate()
-            directives.pop('report-to',  None)
-            directives.pop('report-uri', None)
-
-            policy = dc.replace(policy, directives=directives.finish())
-
-            new_headers.append((policy.header_name, policy.serialize()))
-
-        extra_csp = ';'.join((
-            "script-src 'none'",
-            "script-src-elem 'none'",
-            "script-src-attr 'none'"
-        ))
-
-        new_headers.append(('Content-Security-Policy', extra_csp))
-
-        return http_messages.make_headers(new_headers)
-
+    def _csp_to_clear(self, http_info: http_messages.FullHTTPInfo) \
+        -> t.Sequence[str]:
+        return script_csp_directives
 
-    def consume_response(
-            self,
-            request_info:  http_messages.RequestInfo,
-            response_info: http_messages.ResponseInfo
-    ) -> http_messages.ResponseInfo:
-        new_headers = self._modify_headers(response_info)
+    def _csp_to_add(self, http_info: http_messages.FullHTTPInfo) \
+        -> t.Mapping[str, t.Sequence[str]]:
+        return dict((d, ["'none'"]) for d in script_csp_directives)
 
-        return dc.replace(response_info, headers=new_headers)
 
 @dc.dataclass(frozen=True)
 class RuleAllowPolicy(AllowPolicy):
-- 
cgit v1.2.3