Mirrors
/
noscript
mirror of https://github.com/hackademix/noscript.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Tiny CSP optimization (per spec, http: implies https:).

This commit is contained in:
hackademix 2019-07-19 19:17:41 +02:00
parent 0d93b22324
commit 1a90574124
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/common/CapsCSP.js
View File

@ -11,16 +11,16 @@ function CapsCSP(baseCSP = new CSP()) {
blockedTypes.add("worker");
if (!blockedTypes.has("object")) {
// data: URIs loaded in objects may run scripts
blockedTypes.add({name: "object", value: "http: https:"});
blockedTypes.add({name: "object", value: "http:"});
}
}
if (!blockHttp) {
// HTTP is blocked in onBeforeRequest, let's allow it only and block
// for instance data: and blob: URIs
for (let type of this.dataUriTypes) {
if (blockedTypes.delete(type)) {
blockedTypes.add({name: type, value: "http: https:"});
blockedTypes.add({name: type, value: "http:"});
}
}
}