security-and-privacy/CanvasBlocker - CanvasBlocker - Nils’ gitea instance

Author	SHA1	Message	Date
kkapsner	cca81c4006	Do not add CSP headers to 304 requests Fixes #577	2021-09-09 17:40:18 +02:00
kkapsner	aef6bd3d59	Big linting	2019-11-28 01:26:35 +01:00
kkapsner	b7a8a51a56	Made data URL protection url specific Fixes #333	2019-04-19 13:58:04 +02:00
kkapsner	574efa23e7	Cleanup require system	2019-03-12 22:24:23 +01:00
kkapsner	e0729480fb	Fix dataUrls.js	2018-09-06 08:38:22 +02:00
kkapsner	fb31545604	Removed debugging statement	2018-09-05 17:02:36 +02:00
kkapsner	bde8ac3e8e	Only use onHeadersReceived listener when necessary As mentioned in #214	2018-08-28 21:09:03 +02:00
kkapsner	4a043b2c78	Typos and linting	2018-08-22 22:16:49 +02:00
kkapsner	9d231c7b02	CSP cleanup Should help with #223.	2018-08-21 22:01:10 +02:00
kkapsner	bf868eb6ae	Missing semicolon in CSP Fixed #224.	2018-08-02 20:56:01 +02:00
kkapsner	9a26baf5c1	Block blob in Firefox ESR (52)	2018-07-24 23:30:00 +02:00
kkapsner	942d74ce54	Optimized CSP	2018-07-24 21:30:57 +02:00
kkapsner	7bfd300f6a	Inject CSP only in the relevant requests. Prevents detection of CB.	2018-07-21 19:34:24 +02:00
kkapsner	8389165b70	Allow blob and filesystem schemes They are protected and do not need to be blocked (like data-URLs). Fixes #212 and fixes #213.	2018-07-21 13:25:15 +02:00
kkapsner	9ba9c48422	Block data URLs instead of their requests Fixes #211	2018-07-21 00:32:15 +02:00
kkapsner	47a9519ceb	"Protect" data URL pages by blocking outgoing requests Fixes #208	2018-07-16 00:14:44 +02:00