Revision 3303d7d7
Added by koszko about 2 years ago
| background/cookie_filter.js | ||
|---|---|---|
| 1 |
/** |
|
| 2 |
* part of Hachette |
|
| 3 |
* Filtering request headers to remove hachette cookies that might have slipped |
|
| 4 |
* through. |
|
| 5 |
* |
|
| 6 |
* Copyright (C) 2021 Wojtek Kosior |
|
| 7 |
* Redistribution terms are gathered in the `copyright' file. |
|
| 8 |
*/ |
|
| 9 |
|
|
| 10 |
/* |
|
| 11 |
* IMPORTS_START |
|
| 12 |
* IMPORT extract_signed |
|
| 13 |
* IMPORTS_END |
|
| 14 |
*/ |
|
| 15 |
|
|
| 16 |
function is_valid_hachette_cookie(cookie) |
|
| 17 |
{
|
|
| 18 |
const match = /^hachette-(\w*)=(.*)$/.exec(cookie); |
|
| 19 |
if (!match) |
|
| 20 |
return false; |
|
| 21 |
|
|
| 22 |
return !extract_signed(match.slice(1, 3)).fail; |
|
| 23 |
} |
|
| 24 |
|
|
| 25 |
function remove_hachette_cookies(header) |
|
| 26 |
{
|
|
| 27 |
if (header.name !== "Cookie") |
|
| 28 |
return header; |
|
| 29 |
|
|
| 30 |
const cookies = header.value.split("; ");
|
|
| 31 |
const value = cookies.filter(c => !is_valid_hachette_cookie(c)).join("; ");
|
|
| 32 |
|
|
| 33 |
return value ? {name: "Cookie", value} : null;
|
|
| 34 |
} |
|
| 35 |
|
|
| 36 |
function filter_cookie_headers(headers) |
|
| 37 |
{
|
|
| 38 |
return headers.map(remove_hachette_cookies).filter(h => h); |
|
| 39 |
} |
|
| 40 |
|
|
| 41 |
/* |
|
| 42 |
* EXPORTS_START |
|
| 43 |
* EXPORT filter_cookie_headers |
|
| 44 |
* EXPORTS_END |
|
| 45 |
*/ |
|
| background/main.js | ||
|---|---|---|
| 17 | 17 |
* IMPORT gen_nonce |
| 18 | 18 |
* IMPORT inject_csp_headers |
| 19 | 19 |
* IMPORT apply_stream_filter |
| 20 |
* IMPORT filter_cookie_headers |
|
| 20 | 21 |
* IMPORT is_chrome |
| 21 | 22 |
* IMPORTS_END |
| 22 | 23 |
*/ |
| ... | ... | |
| 81 | 82 |
return {responseHeaders: headers};
|
| 82 | 83 |
} |
| 83 | 84 |
|
| 85 |
function on_before_send_headers(details) |
|
| 86 |
{
|
|
| 87 |
let headers = details.requestHeaders; |
|
| 88 |
headers = filter_cookie_headers(headers); |
|
| 89 |
return {requestHeaders: headers};
|
|
| 90 |
} |
|
| 91 |
|
|
| 92 |
const all_types = [ |
|
| 93 |
"main_frame", "sub_frame", "stylesheet", "script", "image", "font", |
|
| 94 |
"object", "xmlhttprequest", "ping", "csp_report", "media", "websocket", |
|
| 95 |
"other", "main_frame", "sub_frame" |
|
| 96 |
]; |
|
| 97 |
|
|
| 84 | 98 |
async function start_webRequest_operations() |
| 85 | 99 |
{
|
| 86 | 100 |
storage = await get_storage(); |
| 87 | 101 |
|
| 88 |
const extra_opts = ["blocking", "responseHeaders"];
|
|
| 102 |
const extra_opts = ["blocking"]; |
|
| 89 | 103 |
if (is_chrome) |
| 90 | 104 |
extra_opts.push("extraHeaders");
|
| 91 | 105 |
|
| 92 | 106 |
browser.webRequest.onHeadersReceived.addListener( |
| 93 | 107 |
on_headers_received, |
| 94 | 108 |
{urls: ["<all_urls>"], types: ["main_frame", "sub_frame"]},
|
| 95 |
extra_opts |
|
| 109 |
extra_opts.concat("responseHeaders")
|
|
| 110 |
); |
|
| 111 |
|
|
| 112 |
browser.webRequest.onBeforeSendHeaders.addListener( |
|
| 113 |
on_before_send_headers, |
|
| 114 |
{urls: ["<all_urls>"], types: all_types},
|
|
| 115 |
extra_opts.concat("requestHeaders")
|
|
| 96 | 116 |
); |
| 97 | 117 |
} |
| 98 | 118 |
|
Also available in: Unified diff
filter HTTP request headers to remove Hachette cookies in case they slip through