Unrestricted tab support for service workers and their included 3rd party scripts.

1 files changed, 15 insertions, 5 deletions

diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js
index b3c8956..10ccfdb 100644
--- a/src/bg/RequestGuard.js
+++ b/src/bg/RequestGuard.js
@@ -308,7 +308,7 @@ var RequestGuard = (() => {
         let {policy} = ns;
         let policyType = policyTypesMap[request.type];
         if (policyType) {
-          let {url, originUrl, documentUrl} = request;
+          let {url, originUrl, documentUrl, tabId} = request;
           let isFetch = "fetch" === policyType;
 
           if ((isFetch || "frame" === policyType) &&
@@ -329,13 +329,23 @@ var RequestGuard = (() => {
             request._dataUrl = url;
             request.url = url = documentUrl;
           }
-          let allowed = Sites.isInternal(url) ||
-            !ns.isEnforced(request.tabId) ||
-            intersectCapabilities(
+
+          let allowed = Sites.isInternal(url);
+          if (!allowed) {
+            if (tabId < 0 && documentUrl && documentUrl.startsWith("https://")) {
+              let origin = Sites.origin(documentUrl);
+              allowed = [...ns.unrestrictedTabs]
+                .some(tabId => TabStatus.hasOrigin(tabId, origin));
+            } else {
+              allowed = !ns.isEnforced(tabId);
+            }
+            if (!allowed) {
+              allowed = intersectCapabilities(
                 policy.get(url, documentUrl).perms,
                 request
               ).has(policyType);
-
+            }
+          }
           Content.reportTo(request, allowed, policyType);
           if (!allowed) {
             debug(`Blocking ${policyType}`, request);