diff options
author | hackademix | 2018-08-27 00:31:37 +0200 |
---|---|---|
committer | hackademix | 2018-08-27 18:55:00 +0200 |
commit | e2b63cf98204a45f4c55ba446689d20e524c188c (patch) | |
tree | fa9739889307b55777d4b48326bbad38136dabf0 /src/bg/ReportingCSP.js | |
parent | 6e80d3f130773fc9a9123c5c4c2e97d63e90fa2a (diff) | |
download | noscript-e2b63cf98204a45f4c55ba446689d20e524c188c.tar.gz noscript-e2b63cf98204a45f4c55ba446689d20e524c188c.tar.xz noscript-e2b63cf98204a45f4c55ba446689d20e524c188c.zip |
Further CSP refactoring and removal of obsolete fallbacks.
Diffstat (limited to 'src/bg/ReportingCSP.js')
-rw-r--r-- | src/bg/ReportingCSP.js | 39 |
1 files changed, 33 insertions, 6 deletions
diff --git a/src/bg/ReportingCSP.js b/src/bg/ReportingCSP.js index f8764e8..03926c2 100644 --- a/src/bg/ReportingCSP.js +++ b/src/bg/ReportingCSP.js @@ -1,6 +1,12 @@ "use strict"; -function ReportingCSP(reportURI, reportGroup) { +function ReportingCSP(reportURI, reportGroup) { + const REPORT_TO = { + name: "Report-To", + value: JSON.stringify({ "url": reportURI, + "group": reportGroup, + "max-age": 10886400 }), + }; return Object.assign( new CapsCSP(new NetCSP( `report-uri ${reportURI};`, @@ -9,11 +15,32 @@ function ReportingCSP(reportURI, reportGroup) { { reportURI, reportGroup, - reportToHeader: { - name: "Report-To", - value: JSON.stringify({ "url": reportURI, - "group": reportGroup, - "max-age": 10886400 }), + patchHeaders(responseHeaders, capabilities) { + let header = null; + let hasReportTo = false; + for (let h of responseHeaders) { + if (this.isMine(h)) { + header = h; + h.value = this.inject(h.value, ""); + } else if (h.name === REPORT_TO.name && h.value === REPORT_TO.value) { + hasReportTo = true; + } + } + + let blocker = capabilities && this.buildFromCapabilities(capabilities); + if (blocker) { + if (!hasReportTo) { + responseHeaders.push(REPORT_TO); + } + if (header) { + header.value = this.inject(header.value, blocker); + } else { + header = this.asHeader(blocker); + responseHeaders.push(header); + } + } + + return header; } } ); |