summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhackademix2019-07-19 19:17:41 +0200
committerhackademix2019-07-23 18:11:14 +0200
commit1a90574124e099cfe8a56806e7fd4e79eb2b1f81 (patch)
tree9d201927efbafff7ef9d1e1432a4d63481d503c9
parent0d93b2232438a3e615fa0ed4433c1a70a5febe6d (diff)
downloadnoscript-1a90574124e099cfe8a56806e7fd4e79eb2b1f81.tar.gz
noscript-1a90574124e099cfe8a56806e7fd4e79eb2b1f81.tar.xz
noscript-1a90574124e099cfe8a56806e7fd4e79eb2b1f81.zip
Tiny CSP optimization (per spec, http: implies https:).
-rw-r--r--src/common/CapsCSP.js6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/common/CapsCSP.js b/src/common/CapsCSP.js
index 4b8fde6..6621c95 100644
--- a/src/common/CapsCSP.js
+++ b/src/common/CapsCSP.js
@@ -11,16 +11,16 @@ function CapsCSP(baseCSP = new CSP()) {
blockedTypes.add("worker");
if (!blockedTypes.has("object")) {
// data: URIs loaded in objects may run scripts
- blockedTypes.add({name: "object", value: "http: https:"});
+ blockedTypes.add({name: "object", value: "http:"});
}
}
-
+
if (!blockHttp) {
// HTTP is blocked in onBeforeRequest, let's allow it only and block
// for instance data: and blob: URIs
for (let type of this.dataUriTypes) {
if (blockedTypes.delete(type)) {
- blockedTypes.add({name: type, value: "http: https:"});
+ blockedTypes.add({name: type, value: "http:"});
}
}
}