Use cookie instead of window.name as a tab-configuration hack.

3 files changed, 21 insertions, 16 deletions

diff --git a/src/bg/ChildPolicies.js b/src/bg/ChildPolicies.js
index f3845bd..b6904f8 100644
--- a/src/bg/ChildPolicies.js
+++ b/src/bg/ChildPolicies.js
@@ -1,6 +1,6 @@
 "use strict";
 {
-  let marker = JSON.stringify(uuid());
+  let marker = uuid();
   let allUrls = ["<all_urls>"];
 
   let Scripts = {
@@ -47,7 +47,7 @@
       if (typeof perms !== "string") {
         perms = JSON.stringify(perms);
       }
-      return `ns.setup(${perms}, ${marker});`
+      return `ns.setup(${perms}, "${marker}");`
     }
   };
 
@@ -104,18 +104,17 @@
       : [];
 
   var ChildPolicies = {
-    async storeTabInfo(tabId, info) {
-      try {
-        let preamble = info ? `${marker} + ${JSON.stringify(JSON.stringify([info]))} + ${marker} + "," + ` : "";
-        await browser.tabs.executeScript(tabId, {
-          code: `window.name = ${preamble}window.name.split(${marker} + ",").pop();`,
-          allFrames: true,
-          matchAboutBlank: true,
-          runAt: "document_start",
-        });
-      } catch (e) {
-        error(e);
+    addTabInfoCookie(request, info) {
+      let h = {
+        name: "Set-Cookie",
+        value: `${marker}=${JSON.stringify(info)}`
+      };
+      let {responseHeaders} = request;
+      if (responseHeaders.some(({value, name}) => h.value === value && h.name === name)) {
+       return false;
       }
+      responseHeaders.push(h);
+      return true;
     },
     async update(policy, tracing) {
       if (tracing !== "undefined") Scripts.debug = tracing;
@@ -123,7 +122,7 @@
       await Scripts.init();
 
       if (!policy.enforced) {
-        await Scripts.register(`ns.setup(null, ${marker});`, allUrls);
+        await Scripts.register(Scripts.buildPerms("null"), allUrls);
         return;
       }
 
diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js
index 436d043..9be532f 100644
--- a/src/bg/RequestGuard.js
+++ b/src/bg/RequestGuard.js
@@ -292,6 +292,7 @@ var RequestGuard = (() => {
     async onHeadersReceived(request) {
       // called for main_frame, sub_frame and object
       // check for duplicate calls
+      let headersModified = false;
       let pending = pendingRequests.get(request.requestId);
       if (pending) {
         if (pending.headersProcessed) {
@@ -319,7 +320,10 @@ var RequestGuard = (() => {
           capabilities = perms.capabilities;
         } else {
           if (isMainFrame || type === "sub_frame") {
-            await Settings.enforceTabRestrictions(tabId);
+            let unrestricted = ns.unrestrictedTabs.has(tabId) && {unrestricted: true};
+            if (unrestricted) {
+              headersModified = ChildPolicies.addTabInfoCookie(request, unrestricted);
+            }
           }
         }
         if (isMainFrame && !TabStatus.map.has(tabId)) {
@@ -331,6 +335,9 @@ var RequestGuard = (() => {
         if (header) {
           pending.cspHeader = header;
           debug(`CSP blocker on %s:`, url, header.value);
+          headersModified = true;
+        }
+        if (headersModified) {
           return {responseHeaders};
         }
       } catch (e) {
diff --git a/src/bg/Settings.js b/src/bg/Settings.js
index a5fca55..0a911ee 100644
--- a/src/bg/Settings.js
+++ b/src/bg/Settings.js
@@ -90,7 +90,6 @@ var Settings = {
 
     if (typeof unrestrictedTab === "boolean") {
       ns.unrestrictedTabs[unrestrictedTab ? "add" : "delete"](tabId);
-      this.enforceTabRestrictions(tabId, unrestrictedTab);
     }
     if (reloadAffected) {
       browser.tabs.reload(tabId);