From 808fd652be324098b3083302bc3218e47a11aba5 Mon Sep 17 00:00:00 2001 From: hackademix Date: Sat, 13 Oct 2018 10:08:37 +0200 Subject: Use cookie instead of window.name as a tab-configuration hack. --- src/bg/ChildPolicies.js | 27 +++++++++++++-------------- src/bg/RequestGuard.js | 9 ++++++++- src/bg/Settings.js | 1 - 3 files changed, 21 insertions(+), 16 deletions(-) (limited to 'src/bg') diff --git a/src/bg/ChildPolicies.js b/src/bg/ChildPolicies.js index f3845bd..b6904f8 100644 --- a/src/bg/ChildPolicies.js +++ b/src/bg/ChildPolicies.js @@ -1,6 +1,6 @@ "use strict"; { - let marker = JSON.stringify(uuid()); + let marker = uuid(); let allUrls = [""]; let Scripts = { @@ -47,7 +47,7 @@ if (typeof perms !== "string") { perms = JSON.stringify(perms); } - return `ns.setup(${perms}, ${marker});` + return `ns.setup(${perms}, "${marker}");` } }; @@ -104,18 +104,17 @@ : []; var ChildPolicies = { - async storeTabInfo(tabId, info) { - try { - let preamble = info ? `${marker} + ${JSON.stringify(JSON.stringify([info]))} + ${marker} + "," + ` : ""; - await browser.tabs.executeScript(tabId, { - code: `window.name = ${preamble}window.name.split(${marker} + ",").pop();`, - allFrames: true, - matchAboutBlank: true, - runAt: "document_start", - }); - } catch (e) { - error(e); + addTabInfoCookie(request, info) { + let h = { + name: "Set-Cookie", + value: `${marker}=${JSON.stringify(info)}` + }; + let {responseHeaders} = request; + if (responseHeaders.some(({value, name}) => h.value === value && h.name === name)) { + return false; } + responseHeaders.push(h); + return true; }, async update(policy, tracing) { if (tracing !== "undefined") Scripts.debug = tracing; @@ -123,7 +122,7 @@ await Scripts.init(); if (!policy.enforced) { - await Scripts.register(`ns.setup(null, ${marker});`, allUrls); + await Scripts.register(Scripts.buildPerms("null"), allUrls); return; } diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js index 436d043..9be532f 100644 --- a/src/bg/RequestGuard.js +++ b/src/bg/RequestGuard.js @@ -292,6 +292,7 @@ var RequestGuard = (() => { async onHeadersReceived(request) { // called for main_frame, sub_frame and object // check for duplicate calls + let headersModified = false; let pending = pendingRequests.get(request.requestId); if (pending) { if (pending.headersProcessed) { @@ -319,7 +320,10 @@ var RequestGuard = (() => { capabilities = perms.capabilities; } else { if (isMainFrame || type === "sub_frame") { - await Settings.enforceTabRestrictions(tabId); + let unrestricted = ns.unrestrictedTabs.has(tabId) && {unrestricted: true}; + if (unrestricted) { + headersModified = ChildPolicies.addTabInfoCookie(request, unrestricted); + } } } if (isMainFrame && !TabStatus.map.has(tabId)) { @@ -331,6 +335,9 @@ var RequestGuard = (() => { if (header) { pending.cspHeader = header; debug(`CSP blocker on %s:`, url, header.value); + headersModified = true; + } + if (headersModified) { return {responseHeaders}; } } catch (e) { diff --git a/src/bg/Settings.js b/src/bg/Settings.js index a5fca55..0a911ee 100644 --- a/src/bg/Settings.js +++ b/src/bg/Settings.js @@ -90,7 +90,6 @@ var Settings = { if (typeof unrestrictedTab === "boolean") { ns.unrestrictedTabs[unrestrictedTab ? "add" : "delete"](tabId); - this.enforceTabRestrictions(tabId, unrestrictedTab); } if (reloadAffected) { browser.tabs.reload(tabId); -- cgit v1.2.3