security-and-privacy/CanvasBlocker
security-and-privacy/CanvasBlocker
1
0
Fork 0
mirror of https://github.com/kkapsner/CanvasBlocker synced 2025-01-30 23:38:47 +01:00
Code Releases Activity

Optimized CSP

Browse Source
This commit is contained in:
kkapsner 2018-07-24 21:30:57 +02:00
parent ab114f419c
commit 942d74ce54
2 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
lib/dataUrls.js
View File

@ -15,6 +15,27 @@
const logging = require("./logging");
const settings = require("./settings");
let canMergeHeader = false;
browser.runtime.getBrowserInfo().then(function(info){
canMergeHeader = parseInt(info.version.replace(/\..+/, ""), 10) > 59;
});
function setHeader(headers, header){
if (canMergeHeader){
headers.push(header);
}
else {
const headerName = header.name.toLowerCase();
const presentHeader = headers.filter(function(h){
return h.name.toLowerCase() === headerName;
});
if (presentHeader.length){
presentHeader[0].value += ", " + header.value;
}
else {
headers.push(header);
}
}
}
scope.init = function(){
const cspMatch = "blob: filesystem: *";
@ -23,9 +44,10 @@
const headers = details.responseHeaders;
if (settings.blockDataURLs){
logging.verbose("Adding CSP header to", details);
headers.push({
setHeader(headers, {
name: "Content-Security-Policy",
value: `object-src ${cspMatch}; frame-src ${cspMatch}; worker-src ${cspMatch}`
value: `object-src ${cspMatch}; frame-src ${cspMatch}; worker-src ${cspMatch}; child-src ${cspMatch}` +
"report-to https://canvasblocker.invalid/; report-uri https://canvasblocker.invalid/"
});
}
return {

2
releaseNotes.txt
View File

@ -6,7 +6,7 @@ Version 0.5.2:
-
fixes:
-
- optimized CSP
known issues:
- if a data URL is blocked the page action button does not appear