diff options
| author | hackademix | 2018-10-06 17:05:14 +0200 |
|---|---|---|
| committer | hackademix | 2018-10-06 18:13:27 +0200 |
| commit | 209d50b0c1641831b29720aa5d8854888e597ad5 (patch) | |
| tree | a90a953e4e1f0738ded2011151a47d8ca73979c1 /src/lib/NetCSP.js | |
| parent | c9c7b7aefea74020565b829da5370152ee0ebac5 (diff) | |
| download | noscript-209d50b0c1641831b29720aa5d8854888e597ad5.tar.gz noscript-209d50b0c1641831b29720aa5d8854888e597ad5.tar.xz noscript-209d50b0c1641831b29720aa5d8854888e597ad5.zip | |
Simplified CSP HTTP header injection, avoiding report-to until actually supported by browsers.
Diffstat (limited to 'src/lib/NetCSP.js')
| -rw-r--r-- | src/lib/NetCSP.js | 22 |
1 files changed, 5 insertions, 17 deletions
diff --git a/src/lib/NetCSP.js b/src/lib/NetCSP.js index 90ef8ad..bb6ec61 100644 --- a/src/lib/NetCSP.js +++ b/src/lib/NetCSP.js @@ -1,32 +1,20 @@ "use strict"; class NetCSP extends CSP { - constructor(start, end) { + constructor(start) { super(); this.start = start; - this.end = end; } - + isMine(header) { let {name, value} = header; - if (name.toLowerCase() !== CSP.headerName) return false; - let startIdx = value.indexOf(this.start); - return startIdx > -1 && startIdx < value.lastIndexOf(this.end); + return name.toLowerCase() === CSP.headerName && value.startsWith(this.start); } - - inject(headerValue, mine) { - let startIdx = headerValue.indexOf(this.start); - if (startIdx < 0) return `${headerValue};${mine}`; - let endIdx = headerValue.lastIndexOf(this.end); - let retValue = `${headerValue.substring(0, startIdx)}${mine}`; - return endIdx < 0 ? retValue : `${retValue}${headerValue.substring(endIdx + this.end.length + 1)}`; - } - build(...directives) { - return `${this.start}${super.build(...directives)}${this.end}`; + return `${this.start}${super.build(...directives)}`; } - + cleanup(headers) { } } |