Revision dcfc78b0
Added by jahoti about 2 years ago
| background/policy_injector.js | ||
|---|---|---|
| 11 | 11 |
* IMPORT get_storage |
| 12 | 12 |
* IMPORT browser |
| 13 | 13 |
* IMPORT is_chrome |
| 14 |
* IMPORT gen_unique
|
|
| 14 |
* IMPORT retrieve_nonce
|
|
| 15 | 15 |
* IMPORT url_item |
| 16 | 16 |
* IMPORT get_query_best |
| 17 | 17 |
* IMPORT csp_rule |
| ... | ... | |
| 45 | 45 |
|
| 46 | 46 |
const [pattern, settings] = query_best(url); |
| 47 | 47 |
|
| 48 |
const nonce = gen_unique(url);
|
|
| 48 |
const nonce = retrieve_nonce(details.tabId, details.frameId, true);
|
|
| 49 | 49 |
const rule = csp_rule(nonce); |
| 50 | 50 |
|
| 51 | 51 |
var headers; |
Also available in: Unified diff
Stop using the nonce consistently for a URL
Nonces are now randomly generated, either in the page (for non-HTTP(S) pages)
or by a background module which stores them by tab and frame IDs. In order to
support the increased variance in nonce-generating methods and allow them to
be loaded from the background, handle_page_actions is now invoked separately
according to (non-)blocking mechanism.