Extended origin normalization to top-level documents (thanks NDevTK for reporting).

This commit is contained in:
hackademix 2022-08-30 14:41:18 +02:00
parent c22eafc35b
commit 2a5c1f67a7
1 changed files with 16 additions and 8 deletions

View File

@ -356,27 +356,35 @@ var RequestGuard = (() => {
} }
let normalizeRequest = request => { let normalizeRequest = request => {
function fakeOriginFromTab({tabId} = request) {
let tab = tabId !== -1 && TabCache.get(tabId);
if (tab) {
return request.initiator = request.originUrl = request.documentUrl = tab.url;
}
}
if ("initiator" in request && !("originUrl" in request)) { if ("initiator" in request && !("originUrl" in request)) {
if (request.frameId > 0 && request.initiator === "null") { if (request.initiator === "null") {
// Chromium sandboxed frame? // Chromium sandboxed content?
try { fakeOriginFromTab();
request.initiator = request.originUrl = request.documentUrl = TabCache.get(request.tabId).url;
} catch (e) {}
} }
request.originUrl = request.initiator; request.originUrl = request.initiator;
if (request.type !== "main_frame" && !("documentUrl" in request)) { if (request.type !== "main_frame" && !("documentUrl" in request)) {
request.documentUrl = request.initiator; request.documentUrl = request.initiator;
} }
} }
if ("frameAncestors" in request && (!request.originUrl || request.documentUrl) && request.frameAncestors.length > 0) { if ("frameAncestors" in request && (!request.originUrl || request.documentUrl)) {
// Gecko sandboxed frame? // Gecko sandboxed content?
for (let f of request.frameAncestors) { for (let f of request.frameAncestors) {
if (f.url !== "null" && !f.url.startsWith("moz-nullprincipal:")) { if (f.url !== "null" && !f.url.startsWith("moz-nullprincipal:")) {
request.originUrl = request.documentUrl = f.url; request.originUrl = request.documentUrl = f.url;
break; break;
} }
} }
if (!request.originUrl) {
fakeOriginFromTab();
}
} }
}; };