Skip to content
This repository has been archived by the owner on Aug 16, 2023. It is now read-only.

Commit

Permalink
fix gorhill#967
Browse files Browse the repository at this point in the history
  • Loading branch information
@gorhill
gorhill committed Mar 24, 2018
1 parent aca3036 commit 8b2ce20
Showing 1 changed file with 64 additions and 25 deletions.
89 changes: 64 additions & 25 deletions src/js/traffic.js
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*******************************************************************************
uMatrix - a Chromium browser extension to black/white list requests.
uMatrix - a browser extension to black/white list requests.
Copyright (C) 2014-2018 Raymond Hill
This program is free software: you can redistribute it and/or modify
Expand Down Expand Up @@ -296,9 +296,11 @@ var onBeforeSendHeadersHandler = function(details) {
}
}

if ( modified ) {
return { requestHeaders: requestHeaders };
}
if ( modified !== true ) { return; }

µm.updateBadgeAsync(tabId);

return { requestHeaders: requestHeaders };
};

/******************************************************************************/
Expand Down Expand Up @@ -354,43 +356,80 @@ var onHeadersReceived = function(details) {
cspReport.push(cspNoWorker);
}

var headers = details.responseHeaders,
cspDirectives, i;
if ( csp.length === 0 && cspReport.length === 0 ) { return; }

// https://github.com/gorhill/uMatrix/issues/967
// Inject a new CSP header rather than modify an existing one, except
// if the current environment does not support merging headers:
// Firefox 58/webext and less can't merge CSP headers, so we will merge
// them here.
var headers = details.responseHeaders;

if ( csp.length !== 0 ) {
cspDirectives = csp.join(',');
i = headerIndexFromName('content-security-policy', headers);
if ( i !== -1 ) {
headers[i].value += ',' + cspDirectives;
} else {
headers.push({
name: 'Content-Security-Policy',
value: cspDirectives
});
let cspRight = csp.join(', ');
let cspTotal = cspRight;
if ( cantMergeCSPHeaders ) {
let i = headerIndexFromName(
'content-security-policy',
headers
);
if ( i !== -1 ) {
cspTotal = headers[i].value.trim() + ', ' + cspTotal;
headers.splice(i, 1);
}
}
headers.push({
name: 'Content-Security-Policy',
value: cspTotal
});
if ( requestType === 'doc' ) {
µm.logger.writeOne(tabId, 'net', '', cspDirectives, 'CSP', false);
µm.logger.writeOne(tabId, 'net', '', cspRight, 'CSP', false);
}
}

if ( cspReport.length !== 0 ) {
cspDirectives = cspReport.join(',');
i = headerIndexFromName('content-security-policy-report-only', headers);
if ( i !== -1 ) {
headers[i].value += ',' + cspDirectives;
} else {
headers.push({
name: 'Content-Security-Policy-Report-Only',
value: cspDirectives
});
let cspRight = cspReport.join(', ');
let cspTotal = cspRight;
if ( cantMergeCSPHeaders ) {
let i = headerIndexFromName(
'content-security-policy-report-only',
headers
);
if ( i !== -1 ) {
cspTotal = headers[i].value.trim() + ', ' + cspTotal;
headers.splice(i, 1);
}
}
headers.push({
name: 'Content-Security-Policy-Report-Only',
value: cspTotal
});
}

return { responseHeaders: headers };
};

/******************************************************************************/

// https://github.com/gorhill/uMatrix/issues/967#issuecomment-373002011
// This can be removed once Firefox 60 ESR is released.
var cantMergeCSPHeaders = (function() {
if (
self.browser instanceof Object &&
typeof self.browser.runtime.getBrowserInfo === 'function'
) {
self.browser.runtime.getBrowserInfo().then(function(info) {
cantMergeCSPHeaders =
info.vendor === 'Mozilla' &&
info.name === 'Firefox' &&
parseInt(info.version, 10) < 59;
});
}
return false;
})();

/******************************************************************************/

var cspNoWorkerInit = function() {
if ( vAPI.webextFlavor === undefined ) {
return "child-src 'none'; frame-src data: blob: *; report-uri about:blank";
Expand Down

0 comments on commit 8b2ce20

Please sign in to comment.