CanvasBlocker/lib/dataUrls.js

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
(function(){
	"use strict";
	
	var scope;
	if ((typeof exports) !== "undefined"){
		scope = exports;
	}
	else {
		window.scope.dataUrls = {};
		scope = window.scope.dataUrls;
	}
	
	const logging = require("./logging");
	const settings = require("./settings");
	
	scope.init = function(){
		const cspMatch = "blob: filesystem: *";
		browser.webRequest.onHeadersReceived.addListener(
			function(details){
				const headers = details.responseHeaders;
				if (settings.blockDataURLs){
					logging.verbose("Adding CSP header to", details);
					headers.push({
						name: "Content-Security-Policy",
						value: `object-src ${cspMatch}; frame-src ${cspMatch}; worker-src ${cspMatch}`
					});
				}
				return {
					responseHeaders: headers
				};
			},
			{
				urls: ["<all_urls>"]
			},
			["blocking", "responseHeaders"]
		);
	};

}());
"Protect" data URL pages by blocking outgoing requests Fixes #208 2018-07-16 00:14:44 +02:00			`/* This Source Code Form is subject to the terms of the Mozilla Public`
			`* License, v. 2.0. If a copy of the MPL was not distributed with this`
			`* file, You can obtain one at http://mozilla.org/MPL/2.0/. */`
			`(function(){`
			`"use strict";`

			`var scope;`
			`if ((typeof exports) !== "undefined"){`
			`scope = exports;`
			`}`
			`else {`
			`window.scope.dataUrls = {};`
			`scope = window.scope.dataUrls;`
			`}`

			`const logging = require("./logging");`
			`const settings = require("./settings");`

			`scope.init = function(){`
Allow blob and filesystem schemes They are protected and do not need to be blocked (like data-URLs). Fixes #212 and fixes #213. 2018-07-21 13:25:15 +02:00			`const cspMatch = "blob: filesystem: *";`
Block data URLs instead of their requests Fixes #211 2018-07-21 00:32:15 +02:00			`browser.webRequest.onHeadersReceived.addListener(`
"Protect" data URL pages by blocking outgoing requests Fixes #208 2018-07-16 00:14:44 +02:00			`function(details){`
Block data URLs instead of their requests Fixes #211 2018-07-21 00:32:15 +02:00			`const headers = details.responseHeaders;`
			`if (settings.blockDataURLs){`
			`logging.verbose("Adding CSP header to", details);`
			`headers.push({`
			`name: "Content-Security-Policy",`
Allow blob and filesystem schemes They are protected and do not need to be blocked (like data-URLs). Fixes #212 and fixes #213. 2018-07-21 13:25:15 +02:00			value: `object-src ${cspMatch}; frame-src ${cspMatch}; worker-src ${cspMatch}`
Block data URLs instead of their requests Fixes #211 2018-07-21 00:32:15 +02:00			`});`
"Protect" data URL pages by blocking outgoing requests Fixes #208 2018-07-16 00:14:44 +02:00			`}`
Block data URLs instead of their requests Fixes #211 2018-07-21 00:32:15 +02:00			`return {`
			`responseHeaders: headers`
			`};`
"Protect" data URL pages by blocking outgoing requests Fixes #208 2018-07-16 00:14:44 +02:00			`},`
			`{`
			`urls: ["<all_urls>"]`
			`},`
Block data URLs instead of their requests Fixes #211 2018-07-21 00:32:15 +02:00			`["blocking", "responseHeaders"]`
"Protect" data URL pages by blocking outgoing requests Fixes #208 2018-07-16 00:14:44 +02:00			`);`
			`};`

			`}());`