/background/policy_injector.js - Haketilo - Hydrilla issue tracker

Download (2.68 KB) Statistics

haketilo / background / policy_injector.js @ 5957fbee

       /**
        * Hachette injecting policy to page using webRequest
+       *
        * Copyright (C) 2021 Wojtek Kosior
        * Copyright (C) 2021 jahoti
        * Redistribution terms are gathered in the `copyright' file.
        */
       /*
        * IMPORTS_START
        * IMPORT TYPE_PREFIX
        * IMPORT get_storage
        * IMPORT browser
        * IMPORT is_chrome
        * IMPORT is_mozilla
        * IMPORT gen_unique
        * IMPORT gen_nonce
        * IMPORT is_privileged_url
        * IMPORT url_item
        * IMPORT url_extract_target
        * IMPORT sign_policy
        * IMPORT query_best
        * IMPORT csp_rule
        * IMPORTS_END
        */
       var storage;
       const csp_header_names = {
           "content-security-policy" : true,
           "x-webkit-csp" : true,
           "x-content-security-policy" : true
       };
       const header_name = "content-security-policy";
       function is_csp_header(header)
+      {
           return !!csp_header_names[header.name.toLowerCase()];
+      }
       function url_inject(details)
+      {
           if (is_privileged_url(details.url))
       	return;
           const targets = url_extract_target(details.url);
           if (targets.current)
       	return;
           /* Redirect; update policy */
           if (targets.policy)
       	targets.target = "";
           let [pattern, settings] = query_best(storage, targets.base_url);
           /* Defaults */
           if (!pattern)
       	settings = {};
           const policy = encodeURIComponent(
       	JSON.stringify({
       	    allow: settings.allow,
       	    nonce: gen_nonce(),
       	    base_url: targets.base_url
       	})
           );
           return {
       	redirectUrl: [
       	    targets.base_url,
       	    '#', sign_policy(policy, new Date()), policy,
       	    targets.target,
       	    targets.target2
       	].join("")
           };
+      }
       function headers_inject(details)
+      {
           const targets = url_extract_target(details.url);
           /* Block mis-/unsigned requests */
           if (!targets.current)
       	return {cancel: true};
           const rule = csp_rule(targets.policy.nonce);
           var headers = details.responseHeaders;
           /*
            * Chrome doesn't have the buggy behavior of caching headers
            * we injected. Firefox does and we have to remove it there.
            */
           if (!targets.policy.allow || is_mozilla)
       	headers = headers.filter(h => !is_csp_header(h));
           if (!targets.policy.allow) {
       	headers.push({
       	    name : header_name,
       	    value : rule
       	});
+          }
           return {responseHeaders: headers};
+      }
       async function start_policy_injector()
+      {
           storage = await get_storage();
           let extra_opts = ["blocking", "responseHeaders"];
           if (is_chrome)
       	extra_opts.push("extraHeaders");
           browser.webRequest.onBeforeRequest.addListener(
       	url_inject,
+      	{
       	    urls: ["<all_urls>"],
       	    types: ["main_frame", "sub_frame"]
       	},
       	["blocking"]
           );
           browser.webRequest.onHeadersReceived.addListener(
       	headers_inject,
+      	{
       	    urls: ["<all_urls>"],
       	    types: ["main_frame", "sub_frame"]
       	},
       	extra_opts
           );
+      }
       /*
        * EXPORTS_START
        * EXPORT start_policy_injector
        * EXPORTS_END
        */

(4-4/6)