Revision e402e036
Added by jahoti about 2 years ago
background/policy_injector.js | ||
---|---|---|
108 | 108 |
delete csp['report-to']; |
109 | 109 |
delete csp['report-uri']; |
110 | 110 |
|
111 |
if (!target.policy.allow) { |
|
111 |
if (!targets.policy.allow) {
|
|
112 | 112 |
delete csp['script-src']; |
113 | 113 |
delete csp['script-src-elem']; |
114 | 114 |
csp['script-src-attr'] = ["'none'"]; |
... | ... | |
118 | 118 |
if ('script-src' in csp) |
119 | 119 |
csp['script-src'].push(rule); |
120 | 120 |
else |
121 |
csp['script-src'] = rule;
|
|
121 |
csp['script-src'] = [rule];
|
|
122 | 122 |
|
123 | 123 |
if ('script-src-elem' in csp) |
124 | 124 |
csp['script-src-elem'].push(rule); |
125 | 125 |
else |
126 |
csp['script-src-elem'] = rule;
|
|
126 |
csp['script-src-elem'] = [rule];
|
|
127 | 127 |
|
128 | 128 |
/* TODO: is this safe */ |
129 | 129 |
let new_policy = Object.entries(csp).map( |
Also available in: Unified diff
Fix some bugs in the refined CSP handling