Revision 261548ff
Added by koszko about 2 years ago
background/policy_injector.js | ||
---|---|---|
5 | 5 |
* Redistribution terms are gathered in the `copyright' file. |
6 | 6 |
*/ |
7 | 7 |
|
8 |
"use strict"; |
|
8 |
/* |
|
9 |
* IMPORTS_START |
|
10 |
* IMPORT TYPE_PREFIX |
|
11 |
* IMPORT get_storage |
|
12 |
* IMPORT browser |
|
13 |
* IMPORT is_chrome |
|
14 |
* IMPORT gen_unique |
|
15 |
* IMPORT url_item |
|
16 |
* IMPORT get_query_best |
|
17 |
* IMPORTS_END |
|
18 |
*/ |
|
9 | 19 |
|
10 |
(() => { |
|
11 |
const TYPE_PREFIX = window.TYPE_PREFIX; |
|
12 |
const get_storage = window.get_storage; |
|
13 |
const browser = window.browser; |
|
14 |
const is_chrome = window.is_chrome; |
|
15 |
const gen_unique = window.gen_unique; |
|
16 |
const url_item = window.url_item; |
|
17 |
const get_query_best = window.get_query_best; |
|
20 |
var storage; |
|
21 |
var query_best; |
|
18 | 22 |
|
19 |
var storage; |
|
20 |
var query_best; |
|
23 |
let csp_header_names = { |
|
24 |
"content-security-policy" : true, |
|
25 |
"x-webkit-csp" : true, |
|
26 |
"x-content-security-policy" : true |
|
27 |
}; |
|
21 | 28 |
|
22 |
let csp_header_names = { |
|
23 |
"content-security-policy" : true, |
|
24 |
"x-webkit-csp" : true, |
|
25 |
"x-content-security-policy" : true |
|
26 |
}; |
|
29 |
function is_noncsp_header(header) |
|
30 |
{ |
|
31 |
return !csp_header_names[header.name.toLowerCase()]; |
|
32 |
} |
|
27 | 33 |
|
28 |
function is_noncsp_header(header) |
|
29 |
{ |
|
30 |
return !csp_header_names[header.name.toLowerCase()]; |
|
31 |
} |
|
34 |
function inject(details) |
|
35 |
{ |
|
36 |
let url = url_item(details.url); |
|
32 | 37 |
|
33 |
function inject(details) |
|
34 |
{ |
|
35 |
let url = url_item(details.url); |
|
38 |
let [pattern, settings] = query_best(url); |
|
36 | 39 |
|
37 |
let [pattern, settings] = query_best(url); |
|
40 |
if (settings !== undefined && settings.allow) |
|
41 |
return {cancel : false}; |
|
38 | 42 |
|
39 |
if (settings !== undefined && settings.allow) { |
|
40 |
console.log("allowing", url); |
|
41 |
return {cancel : false}; |
|
42 |
} |
|
43 |
let nonce = gen_unique(url).substring(1); |
|
44 |
let headers = details.responseHeaders.filter(is_noncsp_header); |
|
43 | 45 |
|
44 |
let nonce = gen_unique(url).substring(1); |
|
45 |
let headers = details.responseHeaders.filter(is_noncsp_header); |
|
46 |
headers.push({ |
|
47 |
name : "content-security-policy", |
|
48 |
value : `script-src 'nonce-${nonce}'; script-src-elem 'nonce-${nonce}';` |
|
49 |
}); |
|
46 |
let rule = `script-src 'nonce-${nonce}';`; |
|
47 |
if (is_chrome) |
|
48 |
rule += `script-src-elem 'nonce-${nonce}';`; |
|
50 | 49 |
|
51 |
console.log("modified headers", url, headers); |
|
50 |
headers.push({ |
|
51 |
name : "content-security-policy", |
|
52 |
value : rule |
|
53 |
}); |
|
52 | 54 |
|
53 |
return {responseHeaders: headers};
|
|
54 |
}
|
|
55 |
return {responseHeaders: headers};
|
|
56 |
} |
|
55 | 57 |
|
56 |
async function start() { |
|
57 |
storage = await get_storage(); |
|
58 |
query_best = await get_query_best(); |
|
58 |
async function start_policy_injector() |
|
59 |
{ |
|
60 |
storage = await get_storage(); |
|
61 |
query_best = await get_query_best(); |
|
59 | 62 |
|
60 |
let extra_opts = ["blocking", "responseHeaders"];
|
|
61 |
if (is_chrome)
|
|
62 |
extra_opts.push("extraHeaders");
|
|
63 |
let extra_opts = ["blocking", "responseHeaders"];
|
|
64 |
if (is_chrome)
|
|
65 |
extra_opts.push("extraHeaders"); |
|
63 | 66 |
|
64 |
browser.webRequest.onHeadersReceived.addListener(
|
|
65 |
inject,
|
|
66 |
{
|
|
67 |
urls: ["<all_urls>"],
|
|
68 |
types: ["main_frame", "sub_frame"]
|
|
69 |
},
|
|
70 |
extra_opts
|
|
71 |
);
|
|
72 |
}
|
|
67 |
browser.webRequest.onHeadersReceived.addListener(
|
|
68 |
inject, |
|
69 |
{ |
|
70 |
urls: ["<all_urls>"],
|
|
71 |
types: ["main_frame", "sub_frame"]
|
|
72 |
}, |
|
73 |
extra_opts |
|
74 |
);
|
|
75 |
} |
|
73 | 76 |
|
74 |
window.start_policy_injector = start; |
|
75 |
})(); |
|
77 |
/* |
|
78 |
* EXPORTS_START |
|
79 |
* EXPORT start_policy_injector |
|
80 |
* EXPORTS_END |
|
81 |
*/ |
Also available in: Unified diff
emply an sh-based build system; make some changes to blocking