Revision 96068ada
Added by koszko almost 2 years ago
| common/misc.js | ||
|---|---|---|
| 49 | 49 |
function make_csp_rule(policy) |
| 50 | 50 |
{
|
| 51 | 51 |
let rule = "prefetch-src 'none'; script-src-attr 'none';"; |
| 52 |
const script_src = policy.has_payload ?
|
|
| 52 |
const script_src = policy.nonce !== undefined ?
|
|
| 53 | 53 |
`'nonce-${policy.nonce}'` : "'none'";
|
| 54 | 54 |
rule += ` script-src ${script_src}; script-src-elem ${script_src};`;
|
| 55 | 55 |
return rule; |
Also available in: Unified diff
replace cookies with synchronous XmlHttpRequest as policy smuggling method.
Note: this breaks Mozilla port of Haketilo. Synchronous XmlHttpRequest doesn't work as well there. This will be fixed with dynamically-registered content scripts later.