From 46a87a649bf814471f02c4583f43d4f304efa432 Mon Sep 17 00:00:00 2001 From: gorhill Date: Thu, 18 Aug 2016 11:54:38 -0400 Subject: [PATCH] fix #1909 --- src/js/traffic.js | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/js/traffic.js b/src/js/traffic.js index 4d6fb1f0a..9e9a44b22 100644 --- a/src/js/traffic.js +++ b/src/js/traffic.js @@ -611,7 +611,13 @@ var foilInlineScripts = function(headers) { // Since we are modifying an existing CSP header, we need to strip out // 'report-uri' if it is present, to prevent spurious reporting of CSP // violation, and thus the leakage of information to the remote site. - csp = csp.replace(reScriptsrc, '') + scriptsrc.replace(reUnsafeinline, ''); + csp = csp.replace(reScriptsrc, '').trim(); + // https://github.com/gorhill/uBlock/issues/1909 + // Add missing `;` if needed. + if ( csp !== '' && csp.slice(-1) !== ';' ) { + csp += '; '; + } + csp += scriptsrc.replace(reUnsafeinline, '').trim(); headers.push({ 'name': 'Content-Security-Policy', 'value': csp.replace(reReporturi, '')