Project

General

Profile

« Previous | Next » 

Revision 96068ada

Added by koszko almost 2 years ago

replace cookies with synchronous XmlHttpRequest as policy smuggling method.

Note: this breaks Mozilla port of Haketilo. Synchronous XmlHttpRequest doesn't work as well there. This will be fixed with dynamically-registered content scripts later.

View differences:

background/page_actions_server.js
16 16 
 * IMPORT browser
17 17 
 * IMPORT listen_for_connection
18 18 
 * IMPORT sha256
19 
 * IMPORT query_best
20 19 
 * IMPORT make_ajax_request
21 20 
 * IMPORTS_END
22 21 
 */
23 22 

  		




  24
  23
  
    
var storage;


  		




  25
  24
  
    
var handler;


  		




  26
  
  
    
let policy_observable;


  		




  27
  
  
    

  		




  28
  
  
    
function send_actions(url, port)


  		




  29
  
  
    
{


  		




  30
  
  
    
    const [pattern, queried_settings] = query_best(storage, url);


  		




  31
  
  
    

  		




  32
  
  
    
    const settings = {allow: policy_observable && policy_observable.value};


  		




  33
  
  
    
    Object.assign(settings, queried_settings);


  		




  34
  
  
    
    if (settings.components)


  		




  35
  
  
    
	settings.allow = false;


  		




  36
  
  
    

  		




  37
  
  
    
    const repos = storage.get_all(TYPE_PREFIX.REPO);


  		




  38
  
  
    

  		




  39
  
  
    
    port.postMessage(["settings", [pattern, settings, repos]]);


  		




  40
  
  
    

  		




  41
  
  
    
    const components = settings.components;


  		




  42
  
  
    
    const processed_bags = new Set();


  		




  43
  
  
    

  		




  44
  
  
    
    if (components !== undefined)


  		




  45
  
  
    
	send_scripts([components], port, processed_bags);


  		




  46
  
  
    
}


  		




  47
  25
  
    

  		




  48
  26
  
    
// TODO: parallelize script fetching


  		




  49
  27
  
    
async function send_scripts(components, port, processed_bags)


  		




  ......




  116
  94
  
    
function handle_message(port, message, handler)


  		




  117
  95
  
    
{


  		




  118
  96
  
    
    port.onMessage.removeListener(handler[0]);


  		




  119
  
  
    
    let url = message.url;


  		




  120
  
  
    
    console.log({url});


  		




  121
  
  
    
    send_actions(url, port);


  		




  
  97
  
    
    console.debug(`Loading payload '${message.payload}'.`);


  		




  
  98
  
    

  		




  
  99
  
    
    const processed_bags = new Set();


  		




  
  100
  
    

  		




  
  101
  
    
    send_scripts([message.payload], port, processed_bags);


  		




  122
  102
  
    
}


  		




  123
  103
  
    

  		




  124
  104
  
    
function new_connection(port)


  		




  ......




  134
  114
  
    
    storage = await get_storage();


  		




  135
  115
  
    

  		




  136
  116
  
    
    listen_for_connection(CONNECTION_TYPE.PAGE_ACTIONS, new_connection);


  		




  137
  
  
    

  		




  138
  
  
    
    policy_observable = await light_storage.observe_var("default_allow");


  		




  139
  117
  
    
}


  		




  140
  118
  
    

  		




  141
  119
  
    
/*


  		












Also available in:  Unified diff