From c74024ad3625617fbcfe30b8f194860e42df59eb Mon Sep 17 00:00:00 2001 From: hackademix Date: Fri, 1 Nov 2019 15:23:21 +0100 Subject: Compute the correct origin for the policy to be fetched from about:blank and javascript: URLs. --- src/content/staticNS.js | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'src/content') diff --git a/src/content/staticNS.js b/src/content/staticNS.js index ca9de41..59f2b39 100644 --- a/src/content/staticNS.js +++ b/src/content/staticNS.js @@ -35,9 +35,17 @@ fetchPolicy() { let url = document.URL; - debug(`Fetching policy from document %s, readyState %s, content %s`, - url, document.readyState, document.documentElement.outerHTML); - + debug(`Fetching policy from document %s, readyState %s`, + url, document.readyState + , document.documentElement.outerHTML, // DEV_ONLY + document.domain, document.baseURI, window.isSecureContext // DEV_ONLY + ); + if (/^(javascript|about):/.test(url)) { + url = document.readyState === "loading" + ? document.baseURI + : `${window.isSecureContext ? "https" : "http"}://${document.domain}`; + debug("Fetching policy for actual URL %s (was %s)", url, document.URL); + } if (!/^(?:file|ftp|https?):/i.test(url)) { (async () => { let policy; -- cgit v1.2.3