Prevent multiple CSP entries to be injected in the DOM on each reload if scripting is disabled.

This commit is contained in:
hackademix 2018-09-09 14:58:55 +02:00
parent 002c8f8b67
commit 1cfb3117ef
1 changed files with 2 additions and 4 deletions

View File

@ -26,10 +26,8 @@ class DocumentCSP {
try {
parent.insertBefore(meta, parent.firstChild);
debug(`Failsafe <meta> CSP inserted in the DOM: "%s"`, header.value);
if (capabilities.has("script")) {
meta.remove();
if (!head) parent.remove();
}
} catch (e) {
error(e, "Error inserting CSP %s in the DOM", header && header.value);
}