Mirrors
/
noscript
mirror of https://github.com/hackademix/noscript.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use window.origin when fetching policies for inheriting special URLs (thanks NDevTK for reporting).

This commit is contained in:
hackademix 2022-08-29 15:53:55 +02:00
parent c4e15e2d0c
commit ee66b82321
1 changed files with 7 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/content/staticNS.js
View File

@ -55,11 +55,11 @@
fetchPolicy(sync = false) {
if (this.policy) return;
let url = document.URL;
let url = window.location.href;
let origin = window.origin;
debug(`Fetching policy from document %s, readyState %s`,
url, document.readyState
//, document.domain, document.baseURI, window.isSecureContext // DEV_ONLY
debug(`Fetching policy from document %s (origin %s), readyState %s`,
url, origin, document.readyState
);
if (this.domPolicy) {
@ -85,13 +85,9 @@
return;
}
if (url.startsWith("blob:")) {
url = location.origin;
} else if (/^(?:javascript|about):/.test(url)) {
url = document.readyState === "loading" || !document.domain
? document.baseURI
: `${window.isSecureContext ? "https" : "http"}://${document.domain}`;
debug("Fetching policy for actual URL %s (was %s)", url, document.URL);
if (origin !== 'null' && window.location.origin !== origin) {
debug("Fetching policy for actual URL %s (was %s)", origin, url);
url = origin;
}
if (!this.syncFetchPolicy) {