diff options
author | hackademix | 2019-11-01 15:23:21 +0100 |
---|---|---|
committer | hackademix | 2019-11-01 15:23:21 +0100 |
commit | c74024ad3625617fbcfe30b8f194860e42df59eb (patch) | |
tree | be68cbccbfe543b09490fd80b50ea66d912baa17 /src | |
parent | cd37d7987d2cd46ebf05e6399eaded172e2c4d97 (diff) | |
download | noscript-c74024ad3625617fbcfe30b8f194860e42df59eb.tar.gz noscript-c74024ad3625617fbcfe30b8f194860e42df59eb.tar.xz noscript-c74024ad3625617fbcfe30b8f194860e42df59eb.zip |
Compute the correct origin for the policy to be fetched from about:blank and javascript: URLs.
Diffstat (limited to 'src')
-rw-r--r-- | src/content/staticNS.js | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/src/content/staticNS.js b/src/content/staticNS.js index ca9de41..59f2b39 100644 --- a/src/content/staticNS.js +++ b/src/content/staticNS.js @@ -35,9 +35,17 @@ fetchPolicy() { let url = document.URL; - debug(`Fetching policy from document %s, readyState %s, content %s`, - url, document.readyState, document.documentElement.outerHTML); - + debug(`Fetching policy from document %s, readyState %s`, + url, document.readyState + , document.documentElement.outerHTML, // DEV_ONLY + document.domain, document.baseURI, window.isSecureContext // DEV_ONLY + ); + if (/^(javascript|about):/.test(url)) { + url = document.readyState === "loading" + ? document.baseURI + : `${window.isSecureContext ? "https" : "http"}://${document.domain}`; + debug("Fetching policy for actual URL %s (was %s)", url, document.URL); + } if (!/^(?:file|ftp|https?):/i.test(url)) { (async () => { let policy; |