Allow blob and filesystem schemes

They are protected and do not need to be blocked (like data-URLs). Fixes #212 and fixes #213.
2024-06-18 09:49:35 +02:00 · 2018-07-21 13:25:15 +02:00 · 2018-07-21 13:25:15 +02:00 · 8389165b70
commit 8389165b70
parent eb1a441625
3 changed files with 6 additions and 2 deletions
--- a/lib/dataUrls.js
+++ b/lib/dataUrls.js
@ -17,6 +17,7 @@
 	const settings = require("./settings");
 	
 	scope.init = function(){
+		const cspMatch = "blob: filesystem: *";
 		browser.webRequest.onHeadersReceived.addListener(
 			function(details){
 				const headers = details.responseHeaders;
@ -24,7 +25,7 @@
 					logging.verbose("Adding CSP header to", details);
 					headers.push({
 						name: "Content-Security-Policy",
-						value: "object-src *; child-src *"
+						value: `object-src ${cspMatch}; frame-src ${cspMatch}; worker-src ${cspMatch}`
 					});
 				}
 				return {
--- a/manifest.json
+++ b/manifest.json
@ -2,7 +2,7 @@
 {
 	"name": "CanvasBlocker",
 	"description": "__MSG_addon_description__",
-	"version": "0.5.1",
+	"version": "0.5.1.1",
 	"icons": {
 		"48": "icons/icon.svg",
 		"96": "icons/icon.svg"
--- a/releaseNotes.txt
+++ b/releaseNotes.txt
@ -1,3 +1,6 @@
+Version 0.5.1.1:
+	fixes:
+		- blocking blob: scheme broke some pages unnecessarily

 Version 0.5.1b:
 	known issues: