Made data URL protection url specific

Fixes #333
2025-04-18 08:08:28 +02:00 · 2019-04-19 13:58:04 +02:00 · 2019-04-19 13:58:04 +02:00 · b7a8a51a56
commit b7a8a51a56
parent 59f8e38722
5 changed files with 25 additions and 4 deletions
--- a/_locales/de/messages.json
+++ b/_locales/de/messages.json
@ -1051,6 +1051,10 @@
 		"message": "Data-URL Seiten können nicht gegen Fingerprinting geschützt werden (siehe https://bugzilla.mozilla.org/show_bug.cgi?id=1475831). Indem Data-URL Seiten blockiert werden kann verhindert werden, dass der echte Fingerabdruck zu irgendeinem Server gelangt.",
 		"description": ""
 	},
 	"blockDataURLs_urlSpecific": {
 		"message": "Um bestimmte Seiten von diesem Schutz auszuschließen, klicken Sie auf den schwarzen Pfeil um das Menü zu öffnen, fügen Sie die gewünschte Domain oder URL mit einem Klick auf \"+\" hinzu und entfernen Sie das zugehörige Häkchen.",
 		"description": ""
 	},
 	"showReleaseNotes_title": {
 		"message": "Versionsinformationen",
 		"description": ""
--- a/_locales/en/messages.json
+++ b/_locales/en/messages.json
@ -1099,6 +1099,10 @@
 		"message": "Data URL pages cannot be protected against fingerprinting (see https://bugzilla.mozilla.org/show_bug.cgi?id=1475831). Blocking them prevents the real fingerprint to reach any server.",
 		"description": ""
 	},
 	"blockDataURLs_urlSpecific": {
 		"message": "To exclude specific websites from this protection, click on the black arrow to open the menu, add the domain or URL by clicking on \"+\" and remove its checkmark.",
 		"description": ""
 	},
 	"showReleaseNotes_title": {
 		"message": "Release notes",
--- a/lib/dataUrls.js
+++ b/lib/dataUrls.js
@ -14,6 +14,7 @@
 	const logging = require("./logging");
 	const settings = require("./settings");
 	const settingContainer = require("./settingContainers");
 	let canMergeHeader = false;
 	let blockBlob = true;
 	browser.runtime.getBrowserInfo().then(function(info){
@ -42,7 +43,7 @@
 	scope.init = function(){
 		function listener(details){
 			const headers = details.responseHeaders;
-			if (settings.blockDataURLs){
+			if (settings.get("blockDataURLs", new URL(details.url))){
 				const cspMatch = (blockBlob? "": "blob: ") + "filesystem: *";
 				logging.verbose("Adding CSP header to", details);
 				setHeader(headers, {
@ -57,6 +58,7 @@
 		}
 		function addListener(){
 			if (!browser.webRequest.onHeadersReceived.hasListener(listener)){
 				logging.message("add listener for CSP headers (data URL protection)");
 				browser.webRequest.onHeadersReceived.addListener(
 					listener,
 					{
@ -68,10 +70,18 @@
 			}
 		}
 		function removeListener(){
-			browser.webRequest.onHeadersReceived.removeListener(listener);
+			if (browser.webRequest.onHeadersReceived.hasListener(listener)){
 				logging.message("remove listener for CSP headers (data URL protection)");
 				browser.webRequest.onHeadersReceived.removeListener(listener);
 			}
 		}
 		function adjustListener(){
-			if (settings.blockDataURLs){
+			if (
 				settings.blockDataURLs ||
 				settingContainer.urlContainer.get().some(function(entry){
 					return entry.blockDataURLs;
 				})
 			){
 				addListener();
 			}
 			else {
@ -81,6 +91,7 @@
 		settings.onloaded(adjustListener);
 		settings.on("blockDataURLs", adjustListener);
 		settingContainer.urlContainer.on(adjustListener);
 	};
 }());
--- a/lib/settingDefinitions.js
+++ b/lib/settingDefinitions.js
@ -304,7 +304,8 @@
 		},
 		{
 			name: "blockDataURLs",
-			defaultValue: true
+			defaultValue: true,
 			urlSpecific: true
 		},
 		{
 			name: "protectNavigator",
--- a/releaseNotes.txt
+++ b/releaseNotes.txt
@ -5,6 +5,7 @@ Version 0.5.9:
 	new features:
 		- added protection for navigator properties
 		- added support to import older storage versions
 		- protection for data URLs can now be url specific
 	fixes:
 		- search could show hidden settings