From 2a5c1f67a7ed490df1da0ecf50dcfcc74d830cf7 Mon Sep 17 00:00:00 2001 From: hackademix Date: Tue, 30 Aug 2022 14:41:18 +0200 Subject: [PATCH] Extended origin normalization to top-level documents (thanks NDevTK for reporting). --- src/bg/RequestGuard.js | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js index 04303e0..21599f9 100644 --- a/src/bg/RequestGuard.js +++ b/src/bg/RequestGuard.js @@ -356,27 +356,35 @@ var RequestGuard = (() => { } let normalizeRequest = request => { + + function fakeOriginFromTab({tabId} = request) { + let tab = tabId !== -1 && TabCache.get(tabId); + if (tab) { + return request.initiator = request.originUrl = request.documentUrl = tab.url; + } + } + if ("initiator" in request && !("originUrl" in request)) { - if (request.frameId > 0 && request.initiator === "null") { - // Chromium sandboxed frame? - try { - request.initiator = request.originUrl = request.documentUrl = TabCache.get(request.tabId).url; - } catch (e) {} + if (request.initiator === "null") { + // Chromium sandboxed content? + fakeOriginFromTab(); } request.originUrl = request.initiator; if (request.type !== "main_frame" && !("documentUrl" in request)) { request.documentUrl = request.initiator; } } - if ("frameAncestors" in request && (!request.originUrl || request.documentUrl) && request.frameAncestors.length > 0) { - // Gecko sandboxed frame? + if ("frameAncestors" in request && (!request.originUrl || request.documentUrl)) { + // Gecko sandboxed content? for (let f of request.frameAncestors) { if (f.url !== "null" && !f.url.startsWith("moz-nullprincipal:")) { request.originUrl = request.documentUrl = f.url; break; } } - + if (!request.originUrl) { + fakeOriginFromTab(); + } } };