Revision 96068ada
Added by koszko almost 2 years ago
common/misc.js | ||
---|---|---|
49 | 49 |
function make_csp_rule(policy) |
50 | 50 |
{ |
51 | 51 |
let rule = "prefetch-src 'none'; script-src-attr 'none';"; |
52 |
const script_src = policy.has_payload ?
|
|
52 |
const script_src = policy.nonce !== undefined ?
|
|
53 | 53 |
`'nonce-${policy.nonce}'` : "'none'"; |
54 | 54 |
rule += ` script-src ${script_src}; script-src-elem ${script_src};`; |
55 | 55 |
return rule; |
Also available in: Unified diff
replace cookies with synchronous XmlHttpRequest as policy smuggling method.
Note: this breaks Mozilla port of Haketilo. Synchronous XmlHttpRequest doesn't work as well there. This will be fixed with dynamically-registered content scripts later.