security-and-privacy/CanvasBlocker
security-and-privacy/CanvasBlocker
1
0
Fork 0
mirror of https://github.com/kkapsner/CanvasBlocker synced 2024-05-29 09:28:06 +02:00
Code Releases Activity

Block blob in Firefox ESR (52)

Browse Source
This commit is contained in:
kkapsner 2018-07-24 23:30:00 +02:00
parent 942d74ce54
commit 9a26baf5c1
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/dataUrls.js
View File

@ -16,8 +16,11 @@
const logging = require("./logging");
const settings = require("./settings");
let canMergeHeader = false;
let blockBlob = true;
browser.runtime.getBrowserInfo().then(function(info){
canMergeHeader = parseInt(info.version.replace(/\..+/, ""), 10) > 59;
const mainVersion = parseInt(info.version.replace(/\..+/, ""), 10);
canMergeHeader = mainVersion > 59;
blockBlob = mainVersion < 60;
});
function setHeader(headers, header){
if (canMergeHeader){
@ -38,9 +41,9 @@
}
scope.init = function(){
const cspMatch = "blob: filesystem: *";
browser.webRequest.onHeadersReceived.addListener(
function(details){
const cspMatch = (blockBlob? "": "blob: ") + "filesystem: *";
const headers = details.responseHeaders;
if (settings.blockDataURLs){
logging.verbose("Adding CSP header to", details);

1
releaseNotes.txt
View File

@ -7,6 +7,7 @@ Version 0.5.2:
fixes:
- optimized CSP
- in Firefox ESR (52) iFrames with a blob-URL cannot be protected -> they have to blockes there as well
known issues:
- if a data URL is blocked the page action button does not appear