Mirrors
/
noscript
mirror of https://github.com/hackademix/noscript.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enforce more restrictive CSP on media/object documents.

This commit is contained in:
hackademix 2020-10-01 23:31:43 +02:00
parent 2630ade4ea
commit ec2a46a571
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/bg/ReportingCSP.js
View File

@ -2,18 +2,23 @@
function ReportingCSP(marker, reportURI = "") {
const DOM_SUPPORTED = "SecurityPolicyViolationEvent" in window;
if (DOM_SUPPORTED) reportURI = "";
return Object.assign(
new CapsCSP(new NetCSP(
new CapsCSP(new NetCSP(
reportURI ? `report-uri ${reportURI}` : marker
)),
{
reportURI,
patchHeaders(responseHeaders, capabilities) {
let header = null;
let blocker = capabilities && this.buildFromCapabilities(capabilities);
let blocker;
if (capabilities) {
let contentType = responseHeaders.filter(h => h.name.toLowerCase() === "content-type");
let blockHTTP = contentType.lentgh === 0 || contentType.some(h => !/^(?:text|application)\/\S*\b(?:x?ht|x)ml\b/i.test(h.name));
blocker = this.buildFromCapabilities(capabilities, blockHTTP);
}
let extras = [];
responseHeaders.forEach((h, index) => {
if (this.isMine(h)) {