/background/policy_injector.js - Haketilo - Hydrilla issue tracker

Download (2.81 KB) Statistics

haketilo / background / policy_injector.js @ 692577bb

       /**
        * Myext injecting policy to page using webRequest
+       *
        * Copyright (C) 2021 Wojtek Kosior
        * Copyright (C) 2021 jahoti
        * Redistribution terms are gathered in the `copyright' file.
        */
       /*
        * IMPORTS_START
        * IMPORT TYPE_PREFIX
        * IMPORT get_storage
        * IMPORT browser
        * IMPORT is_chrome
        * IMPORT gen_unique
        * IMPORT gen_nonce
        * IMPORT url_item
        * IMPORT url_extract_policy
        * IMPORT get_query_best
        * IMPORT csp_rule
        * IMPORTS_END
        */
       var storage;
       var query_best;
       const csp_header_names = {
           "content-security-policy" : true,
           "x-webkit-csp" : true,
           "x-content-security-policy" : true
       };
       const header_name = "content-security-policy";
       function is_csp_header(header)
+      {
           return !!csp_header_names[header.name.toLowerCase()];
+      }
       function is_our_header(header, rule)
+      {
           return header.value === rule
+      }
       function url_inject(details)
+      {
           const targets = url_extract_policy(details.url);
           if (targets.policy) {
       	return;
           } else if (targets.signed) {
       	/* Redirect; update policy */
       	targets.target = targets.target2;
       	delete targets.target2
+          }
           let redirect_url = targets.base_url + targets.sig;
           let [pattern, settings] = query_best(targets.base_url);
           if (!pattern)
       	/* Defaults */
       	settings = {};
           const policy = {allow: settings.allow, nonce: gen_nonce()};
           redirect_url += encodeURIComponent(JSON.stringify(policy));
           if (targets.target)
       	redirect_url += targets.target;
           if (targets.target2)
       	redirect_url += targets.target2;
           return {redirectUrl: redirect_url};
+      }
       function inject(details)
+      {
           const targets = url_extract_policy(details.url);
           if (!targets.policy)
       	/* Block unsigned requests */
       	return {cancel: true};
           const rule = csp_rule(targets.policy.nonce);
           var headers;
           if (targets.policy.allow) {
       	/*
       	 * Chrome doesn't have the buggy behavior of repeatedly injecting a
       	 * header we injected once. Firefox does and we have to remove it there.
       	 */
       	if (is_chrome)
       	    return {cancel: false};
       	headers = details.responseHeaders.filter(h => !is_our_header(h, rule));
           } else {
       	headers = details.responseHeaders.filter(h => !is_csp_header(h));
       	headers.push({
       	    name : header_name,
       	    value : rule
       	});
+          }
           return {responseHeaders: headers};
+      }
       async function start_policy_injector()
+      {
           storage = await get_storage();
           query_best = await get_query_best();
           let extra_opts = ["blocking", "responseHeaders"];
           if (is_chrome)
       	extra_opts.push("extraHeaders");
           browser.webRequest.onBeforeRequest.addListener(
       	url_inject,
+      	{
       	    urls: ["<all_urls>"],
       	    types: ["main_frame", "sub_frame"]
       	},
       	["blocking"]
           );
           browser.webRequest.onHeadersReceived.addListener(
       	inject,
+      	{
       	    urls: ["<all_urls>"],
       	    types: ["main_frame", "sub_frame"]
       	},
       	extra_opts
           );
+      }
       /*
        * EXPORTS_START
        * EXPORT start_policy_injector
        * EXPORTS_END
        */

(5-5/8)