summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhackademix2019-11-01 15:23:21 +0100
committerhackademix2019-11-01 15:23:21 +0100
commitc74024ad3625617fbcfe30b8f194860e42df59eb (patch)
treebe68cbccbfe543b09490fd80b50ea66d912baa17
parentcd37d7987d2cd46ebf05e6399eaded172e2c4d97 (diff)
downloadnoscript-c74024ad3625617fbcfe30b8f194860e42df59eb.tar.gz
noscript-c74024ad3625617fbcfe30b8f194860e42df59eb.tar.xz
noscript-c74024ad3625617fbcfe30b8f194860e42df59eb.zip
Compute the correct origin for the policy to be fetched from about:blank and javascript: URLs.
-rw-r--r--src/content/staticNS.js14
1 files changed, 11 insertions, 3 deletions
diff --git a/src/content/staticNS.js b/src/content/staticNS.js
index ca9de41..59f2b39 100644
--- a/src/content/staticNS.js
+++ b/src/content/staticNS.js
@@ -35,9 +35,17 @@
fetchPolicy() {
let url = document.URL;
- debug(`Fetching policy from document %s, readyState %s, content %s`,
- url, document.readyState, document.documentElement.outerHTML);
-
+ debug(`Fetching policy from document %s, readyState %s`,
+ url, document.readyState
+ , document.documentElement.outerHTML, // DEV_ONLY
+ document.domain, document.baseURI, window.isSecureContext // DEV_ONLY
+ );
+ if (/^(javascript|about):/.test(url)) {
+ url = document.readyState === "loading"
+ ? document.baseURI
+ : `${window.isSecureContext ? "https" : "http"}://${document.domain}`;
+ debug("Fetching policy for actual URL %s (was %s)", url, document.URL);
+ }
if (!/^(?:file|ftp|https?):/i.test(url)) {
(async () => {
let policy;