summaryrefslogtreecommitdiff
path: root/src/common
diff options
context:
space:
mode:
Diffstat (limited to 'src/common')
-rw-r--r--src/common/CapsCSP.js29
1 files changed, 15 insertions, 14 deletions
diff --git a/src/common/CapsCSP.js b/src/common/CapsCSP.js
index 17a949c..4b8fde6 100644
--- a/src/common/CapsCSP.js
+++ b/src/common/CapsCSP.js
@@ -4,24 +4,25 @@ function CapsCSP(baseCSP = new CSP()) {
return Object.assign(baseCSP, {
types: ["script", "object", "media"],
dataUriTypes: ["font", "media", "object"],
- buildFromCapabilities(capabilities, netBlocker = false) {
+ buildFromCapabilities(capabilities, blockHttp = false) {
let forbidData = new Set(this.dataUriTypes.filter(t => !capabilities.has(t)));
- let blockedTypes;
- if (netBlocker) {
- blockedTypes = new Set(this.types.filter(t => !capabilities.has(t)));
- } else if(!capabilities.has("script")) {
- blockedTypes = new Set(["script"]);
- forbidData.add("object"); // data: URIs loaded in objects may run scripts
- } else {
- blockedTypes = new Set();
+ let blockedTypes = new Set(this.types.filter(t => !capabilities.has(t)));
+ if(!capabilities.has("script")) {
+ blockedTypes.add("worker");
+ if (!blockedTypes.has("object")) {
+ // data: URIs loaded in objects may run scripts
+ blockedTypes.add({name: "object", value: "http: https:"});
+ }
}
-
- for (let type of forbidData) {
- if (blockedTypes.has(type)) continue;
+
+ if (!blockHttp) {
// HTTP is blocked in onBeforeRequest, let's allow it only and block
// for instance data: and blob: URIs
- let dataBlocker = {name: type, value: "http: https:"};
- blockedTypes.add(dataBlocker)
+ for (let type of this.dataUriTypes) {
+ if (blockedTypes.delete(type)) {
+ blockedTypes.add({name: type, value: "http: https:"});
+ }
+ }
}
return blockedTypes.size ? this.buildBlocker(...blockedTypes) : null;