diff options
| author | hackademix | 2019-07-19 19:17:41 +0200 |
|---|---|---|
| committer | hackademix | 2019-07-23 18:11:14 +0200 |
| commit | 1a90574124e099cfe8a56806e7fd4e79eb2b1f81 (patch) | |
| tree | 9d201927efbafff7ef9d1e1432a4d63481d503c9 /src/common/CapsCSP.js | |
| parent | 0d93b2232438a3e615fa0ed4433c1a70a5febe6d (diff) | |
| download | noscript-1a90574124e099cfe8a56806e7fd4e79eb2b1f81.tar.gz noscript-1a90574124e099cfe8a56806e7fd4e79eb2b1f81.tar.xz noscript-1a90574124e099cfe8a56806e7fd4e79eb2b1f81.zip | |
Tiny CSP optimization (per spec, http: implies https:).
Diffstat (limited to 'src/common/CapsCSP.js')
| -rw-r--r-- | src/common/CapsCSP.js | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/common/CapsCSP.js b/src/common/CapsCSP.js index 4b8fde6..6621c95 100644 --- a/src/common/CapsCSP.js +++ b/src/common/CapsCSP.js @@ -11,16 +11,16 @@ function CapsCSP(baseCSP = new CSP()) { blockedTypes.add("worker"); if (!blockedTypes.has("object")) { // data: URIs loaded in objects may run scripts - blockedTypes.add({name: "object", value: "http: https:"}); + blockedTypes.add({name: "object", value: "http:"}); } } - + if (!blockHttp) { // HTTP is blocked in onBeforeRequest, let's allow it only and block // for instance data: and blob: URIs for (let type of this.dataUriTypes) { if (blockedTypes.delete(type)) { - blockedTypes.add({name: type, value: "http: https:"}); + blockedTypes.add({name: type, value: "http:"}); } } } |