Revision dcfc78b0
Added by jahoti about 2 years ago
background/policy_injector.js | ||
---|---|---|
11 | 11 |
* IMPORT get_storage |
12 | 12 |
* IMPORT browser |
13 | 13 |
* IMPORT is_chrome |
14 |
* IMPORT gen_unique
|
|
14 |
* IMPORT retrieve_nonce
|
|
15 | 15 |
* IMPORT url_item |
16 | 16 |
* IMPORT get_query_best |
17 | 17 |
* IMPORT csp_rule |
... | ... | |
45 | 45 |
|
46 | 46 |
const [pattern, settings] = query_best(url); |
47 | 47 |
|
48 |
const nonce = gen_unique(url);
|
|
48 |
const nonce = retrieve_nonce(details.tabId, details.frameId, true);
|
|
49 | 49 |
const rule = csp_rule(nonce); |
50 | 50 |
|
51 | 51 |
var headers; |
Also available in: Unified diff
Stop using the nonce consistently for a URL
Nonces are now randomly generated, either in the page (for non-HTTP(S) pages)
or by a background module which stores them by tab and frame IDs. In order to
support the increased variance in nonce-generating methods and allow them to
be loaded from the background, handle_page_actions is now invoked separately
according to (non-)blocking mechanism.