summaryrefslogtreecommitdiff
path: root/src/content/DocumentCSP.js
diff options
context:
space:
mode:
Diffstat (limited to 'src/content/DocumentCSP.js')
-rw-r--r--src/content/DocumentCSP.js29
1 files changed, 29 insertions, 0 deletions
diff --git a/src/content/DocumentCSP.js b/src/content/DocumentCSP.js
new file mode 100644
index 0000000..371e547
--- /dev/null
+++ b/src/content/DocumentCSP.js
@@ -0,0 +1,29 @@
+'use strict';
+
+class DocumentCSP {
+ constructor(document) {
+ this.document = document;
+ this.builder = new CapsCSP();
+ }
+
+ apply(capabilities, embedding = CSP.isEmbedType(this.document.contentType)) {
+ let csp = this.builder;
+ let blocker = csp.buildFromCapabilities(capabilities, embedding);
+ if (!blocker) return;
+
+ let document = this.document;
+ let header = csp.asHeader(blocker);
+ let meta = document.createElementNS("http://www.w3.org/1999/xhtml", "meta");
+ meta.setAttribute("http-equiv", header.name);
+ meta.setAttribute("content", header.value);
+ let parent = document.head || document.documentElement;
+ try {
+ parent.insertBefore(meta, parent.firstChild);
+ debug(`Failsafe <meta> CSP inserted in the DOM: "%s"`, header.value);
+ if (capabilities.has("script")) meta.remove();
+ } catch (e) {
+ error(e, "Error inserting CSP %s in the DOM", header && header.value);
+ }
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-14 20:32:28 +0000