Revision aa34ed46
Added by koszko over 1 year ago
| common/policy.js | ||
|---|---|---|
| 52 | 52 |
function make_csp(nonce) |
| 53 | 53 |
{
|
| 54 | 54 |
const rule = nonce ? `nonce-${nonce}` : "none";
|
| 55 |
const csp_dict = {"prefetch-src": "none", "script-src-attr": "none"};
|
|
| 56 |
Object.assign(csp_dict, {"script-src": rule, "script-src-elem": rule});
|
|
| 57 |
return Object.entries(csp_dict).map(([a, b]) => `${a} '${b}';`).join(" ");
|
|
| 55 |
const csp_list = [ |
|
| 56 |
["prefetch-src", "none"], |
|
| 57 |
["script-src-attr", "none"], |
|
| 58 |
["script-src", rule], |
|
| 59 |
["script-src-elem", rule] |
|
| 60 |
]; |
|
| 61 |
return csp_list.map(([a, b]) => `${a} '${b}';`).join(" ");
|
|
| 58 | 62 |
} |
| 59 | 63 |
|
| 60 | 64 |
function decide_policy(patterns_tree, url, default_allow, secret) |
Also available in: Unified diff
make the order of rules in generated CSP deterministic
This is purely to help with automated testing.