Reload-less service worker busting.

2018-08-28 23:28:06 +02:00 · 2018-08-28 23:28:06 +02:00 · 5c3d5354f2
parent 9b32ee8794
commit 5c3d5354f2
2 changed files with 25 additions and 14 deletions
--- a/src/common/CapsCSP.js
+++ b/src/common/CapsCSP.js
@ -4,24 +4,25 @@ function CapsCSP(baseCSP = new CSP()) {
  return Object.assign(baseCSP, {
    types: ["script", "object", "media"],
    dataUriTypes: ["font", "media", "object"],
-    buildFromCapabilities(capabilities, netBlocker = false) {
+    buildFromCapabilities(capabilities, blockHttp = false) {
      let forbidData = new Set(this.dataUriTypes.filter(t => !capabilities.has(t)));
-      let blockedTypes;
-      if (netBlocker) {
-        blockedTypes = new Set(this.types.filter(t => !capabilities.has(t)));
-      } else if(!capabilities.has("script")) {
-        blockedTypes = new Set(["script"]);
-        forbidData.add("object"); // data: URIs loaded in objects may run scripts
-      } else {
-        blockedTypes = new Set();
+      let blockedTypes = new Set(this.types.filter(t => !capabilities.has(t)));
+      if(!capabilities.has("script")) {
+        blockedTypes.add("worker");
+        if (!blockedTypes.has("object")) {
+          // data: URIs loaded in objects may run scripts
+          blockedTypes.add({name: "object", value: "http: https:"}); 
+        }
      }
-
-      for (let type of forbidData) {
-        if (blockedTypes.has(type)) continue;
+      
+      if (!blockHttp) {
        // HTTP is blocked in onBeforeRequest, let's allow it only and block
        // for instance data: and blob: URIs
-        let dataBlocker = {name: type, value: "http: https:"};
-        blockedTypes.add(dataBlocker)
+        for (let type of this.dataUriTypes) {
+          if (blockedTypes.delete(type)) {
+            blockedTypes.add({name: type, value: "http: https:"});
+          }
+        }
      }

      return blockedTypes.size ? this.buildBlocker(...blockedTypes) : null;
--- a/src/content/content.js
+++ b/src/content/content.js
@ -84,6 +84,16 @@ ns.on("capabilities", () => {
    });
  
  if (!ns.canScript) {
+
+    if (!!navigator.serviceWorker.controller) {
+      addEventListener("beforescriptexecute", e => e.preventDefault());
+        (async () => {
+          for (let r of await navigator.serviceWorker.getRegistrations()) {
+            await r.unregister();
+          }
+        })();
+    }
+
    if (document.readyState !== "loading") onScriptDisabled();
    window.addEventListener("DOMContentLoaded", onScriptDisabled);
  }