mirror of https://github.com/gorhill/uBlock.git
fix #2360
This commit is contained in:
gorhill
parent
2852f9be19
commit
a742f09dd4
|
|
@ -443,17 +443,22 @@ var processCSP = function(pageStore, details) {
|
||||||
blockInlineScript = µb.isBlockResult(inlineScriptResult);
|
blockInlineScript = µb.isBlockResult(inlineScriptResult);
|
||||||
}
|
}
|
||||||
|
|
||||||
context.requestType = 'websocket';
|
|
||||||
µb.staticNetFilteringEngine.matchStringExactType(context, requestURL, 'websocket');
|
µb.staticNetFilteringEngine.matchStringExactType(context, requestURL, 'websocket');
|
||||||
var websocketResult = µb.staticNetFilteringEngine.toResultString(loggerEnabled),
|
var websocketResult = µb.staticNetFilteringEngine.toResultString(loggerEnabled),
|
||||||
blockWebsocket = µb.isBlockResult(websocketResult);
|
blockWebsocket = µb.isBlockResult(websocketResult);
|
||||||
|
|
||||||
|
// https://github.com/gorhill/uBlock/issues/2360
|
||||||
|
µb.staticNetFilteringEngine.matchStringExactType(context, 'blob:', 'script');
|
||||||
|
var workerResult = µb.staticNetFilteringEngine.toResultString(loggerEnabled),
|
||||||
|
blockWorker = µb.isBlockResult(workerResult);
|
||||||
|
|
||||||
var headersChanged;
|
var headersChanged;
|
||||||
if ( blockInlineScript || blockWebsocket ) {
|
if ( blockInlineScript || blockWebsocket || blockWorker ) {
|
||||||
headersChanged = foilWithCSP(
|
headersChanged = foilWithCSP(
|
||||||
details.responseHeaders,
|
details.responseHeaders,
|
||||||
blockInlineScript,
|
blockInlineScript,
|
||||||
blockWebsocket
|
blockWebsocket,
|
||||||
|
blockWorker
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -480,6 +485,17 @@ var processCSP = function(pageStore, details) {
|
||||||
context.pageHostname
|
context.pageHostname
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
if ( workerResult !== '' ) {
|
||||||
|
µb.logger.writeOne(
|
||||||
|
tabId,
|
||||||
|
'net',
|
||||||
|
workerResult,
|
||||||
|
'worker',
|
||||||
|
requestURL,
|
||||||
|
context.rootHostname,
|
||||||
|
context.pageHostname
|
||||||
|
);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
context.dispose();
|
context.dispose();
|
||||||
|
|
@ -524,26 +540,38 @@ var foilLargeMediaElement = function(pageStore, details) {
|
||||||
|
|
||||||
/******************************************************************************/
|
/******************************************************************************/
|
||||||
|
|
||||||
var foilWithCSP = function(headers, noInlineScript, noWebsocket) {
|
var foilWithCSP = function(headers, noInlineScript, noWebsocket, noWorker) {
|
||||||
var i = headerIndexFromName('content-security-policy', headers),
|
var me = foilWithCSP,
|
||||||
|
i = headerIndexFromName('content-security-policy', headers),
|
||||||
before = i === -1 ? '' : headers[i].value.trim(),
|
before = i === -1 ? '' : headers[i].value.trim(),
|
||||||
after = before;
|
after = before;
|
||||||
|
|
||||||
if ( noInlineScript ) {
|
if ( noInlineScript ) {
|
||||||
after = foilWithCSPDirective(
|
after = foilWithCSPDirective(
|
||||||
after,
|
after,
|
||||||
/script-src[^;]*;?\s*/,
|
me.reScriptSrc,
|
||||||
"script-src 'unsafe-eval' *",
|
"script-src 'unsafe-eval' *",
|
||||||
/'unsafe-inline'\s*|'nonce-[^']+'\s*/g
|
me.reScriptSrcRemove
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( noWebsocket ) {
|
if ( noWebsocket ) {
|
||||||
after = foilWithCSPDirective(
|
after = foilWithCSPDirective(
|
||||||
after,
|
after,
|
||||||
/connect-src[^;]*;?\s*/,
|
me.reConnectSrc,
|
||||||
'connect-src http:',
|
'connect-src http:',
|
||||||
/wss?:[^\s]*\s*/g
|
me.reConnectSrcRemove
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
// https://www.w3.org/TR/CSP2/#directive-child-src
|
||||||
|
// https://www.w3.org/TR/CSP3/#directive-worker-src
|
||||||
|
if ( noWorker ) {
|
||||||
|
after = foilWithCSPDirective(
|
||||||
|
after,
|
||||||
|
me.reWorkerSrc,
|
||||||
|
'child-src http:',
|
||||||
|
me.reWorkerSrcRemove
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -556,9 +584,9 @@ var foilWithCSP = function(headers, noInlineScript, noWebsocket) {
|
||||||
// https://w3c.github.io/webappsec-csp/#directive-frame-src
|
// https://w3c.github.io/webappsec-csp/#directive-frame-src
|
||||||
after = foilWithCSPDirective(
|
after = foilWithCSPDirective(
|
||||||
after,
|
after,
|
||||||
/frame-src[^;]*;?\s*/,
|
me.reFrameSrc,
|
||||||
'frame-src http:',
|
'frame-src http:',
|
||||||
/data:[^\s]*\s*|blob:[^\s]*\s*/g
|
me.reFrameSrcRemove
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -573,6 +601,18 @@ var foilWithCSP = function(headers, noInlineScript, noWebsocket) {
|
||||||
return changed;
|
return changed;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
(function() {
|
||||||
|
var fn = foilWithCSP;
|
||||||
|
fn.reScriptSrc = /script-src[^;]*;?\s*/;
|
||||||
|
fn.reScriptSrcRemove = /'unsafe-inline'\s*|'nonce-[^']+'\s*/g;
|
||||||
|
fn.reConnectSrc = /connect-src[^;]*;?\s*/;
|
||||||
|
fn.reConnectSrcRemove = /wss?:[^\s]*\s*/g;
|
||||||
|
fn.reWorkerSrc = /child-src[^;]*;?\s*/;
|
||||||
|
fn.reWorkerSrcRemove = /blob:[^\s]*\s*/g;
|
||||||
|
fn.reFrameSrc = /frame-src[^;]*;?\s*/;
|
||||||
|
fn.reFrameSrcRemove = /data:[^\s]*\s*|blob:[^\s]*\s*/g;
|
||||||
|
})();
|
||||||
|
|
||||||
/******************************************************************************/
|
/******************************************************************************/
|
||||||
|
|
||||||
// Past issues to keep in mind:
|
// Past issues to keep in mind:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue