Side by Side Diff: lib/csp.js
Issue 29374674:
Issue 4864 - Start using ESLint for adblockpluschrome (Closed)
Patch Set: Addressed more feedback
Created March 31, 2017, 8:23 a.m.
| Left: | ||
| Right: |
Use n/p to move between diff chunks;
N/P to move between comments.
« no previous file with comments
|
« lib/compat.js ('k')
|
lib/devtools.js » ('j')
|
no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * This file is part of Adblock Plus <https://adblockplus.org/>, | 2 * This file is part of Adblock Plus <https://adblockplus.org/>, |
| 3 * Copyright (C) 2006-2017 eyeo GmbH | 3 * Copyright (C) 2006-2017 eyeo GmbH |
| 4 * | 4 * |
| 5 * Adblock Plus is free software: you can redistribute it and/or modify | 5 * Adblock Plus is free software: you can redistribute it and/or modify |
| 6 * it under the terms of the GNU General Public License version 3 as | 6 * it under the terms of the GNU General Public License version 3 as |
| 7 * published by the Free Software Foundation. | 7 * published by the Free Software Foundation. |
| 8 * | 8 * |
| 9 * Adblock Plus is distributed in the hope that it will be useful, | 9 * Adblock Plus is distributed in the hope that it will be useful, |
| 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of | 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 44 // | 44 // |
| 45 // We also need the frame-src and object-src restrictions since CSPs | 45 // We also need the frame-src and object-src restrictions since CSPs |
| 46 // are not inherited from the parent for documents with data: and blob: | 46 // are not inherited from the parent for documents with data: and blob: |
| 47 // URLs, see https://crbug.com/513860. | 47 // URLs, see https://crbug.com/513860. |
| 48 // | 48 // |
| 49 // We must use the deprecated child-src directive instead of worker-src | 49 // We must use the deprecated child-src directive instead of worker-src |
| 50 // since that's not supported yet (as of Chrome 56.) | 50 // since that's not supported yet (as of Chrome 56.) |
| 51 // | 51 // |
| 52 // "http:" also includes "https:" implictly. | 52 // "http:" also includes "https:" implictly. |
| 53 // https://www.chromestatus.com/feature/6653486812889088 | 53 // https://www.chromestatus.com/feature/6653486812889088 |
| 54 value: "connect-src http:; child-src http:; frame-src http:; object-src http:" | 54 value: "connect-src http:; child-src http:; " + |
| 55 "frame-src http:; object-src http:" | |
| 55 }); | 56 }); |
| 56 return {responseHeaders: details.responseHeaders}; | 57 return {responseHeaders: details.responseHeaders}; |
| 57 } | 58 } |
| 58 }, { | 59 }, { |
| 59 urls: ["http://*/*", "https://*/*"], | 60 urls: ["http://*/*", "https://*/*"], |
| 60 // We must also intercept script requests since otherwise Web Workers can | 61 // We must also intercept script requests since otherwise Web Workers can |
| 61 // be abused to execute scripts for which our Content Security Policy | 62 // be abused to execute scripts for which our Content Security Policy |
| 62 // won't be injected. | 63 // won't be injected. |
| 63 // https://github.com/gorhill/uBO-Extra/issues/19 | 64 // https://github.com/gorhill/uBO-Extra/issues/19 |
| 64 types: ["main_frame", "sub_frame", "script"] | 65 types: ["main_frame", "sub_frame", "script"] |
| 65 }, ["blocking", "responseHeaders"]); | 66 }, ["blocking", "responseHeaders"]); |
| 66 } | 67 } |
| OLD | NEW |
« no previous file with comments
|
« lib/compat.js ('k')
|
lib/devtools.js » ('j')
|
no next file with comments »
