Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Unified Diff: lib/csp.js

Issue 29452181: Noissue - Merge current tip to Edge bookmark (Closed)
Patch Set: Created May 30, 2017, 3:49 p.m.
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « lib/compat.js ('k') | lib/devtools.js » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: lib/csp.js
===================================================================
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -1,6 +1,6 @@
/*
* This file is part of Adblock Plus <https://adblockplus.org/>,
- * Copyright (C) 2006-2016 Eyeo GmbH
+ * Copyright (C) 2006-2017 eyeo GmbH
*
* Adblock Plus is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 3 as
@@ -17,34 +17,6 @@
"use strict";
-const {defaultMatcher} = require("matcher");
-const {BlockingFilter, RegExpFilter} = require("filterClasses");
-const {getDecodedHostname} = require("url");
-
-chrome.webRequest.onHeadersReceived.addListener(details =>
-{
- let hostname = getDecodedHostname(new URL(details.url));
- let match = defaultMatcher.matchesAny("", RegExpFilter.typeMap.WEBSOCKET,
- hostname, false, null, true);
- if (match instanceof BlockingFilter)
- {
- details.responseHeaders.push({
- name: "Content-Security-Policy",
- // We're blocking WebSockets here by adding a connect-src restriction
- // since the Chrome extension API does not allow us to intercept them.
- // https://bugs.chromium.org/p/chromium/issues/detail?id=129353
- //
- // We also need the frame-src and object-src restrictions since CSPs are
- // not inherited from the parent for documents with data: and blob: URLs.
- // https://bugs.chromium.org/p/chromium/issues/detail?id=513860
- //
- // "http:" also includes "https:" implictly.
- // https://www.chromestatus.com/feature/6653486812889088
- value: "connect-src http:; frame-src http:; object-src http:"
- });
- return {responseHeaders: details.responseHeaders};
- }
-}, {
- urls: ["http://*/*", "https://*/*"],
- types: ["main_frame", "sub_frame"]
-}, ["blocking", "responseHeaders"]);
+// Before Chrome 58, the webRequest API did not intercept WebSocket
+// connections (see https://crbug.com/129353). Hence we inject CSP headers,
+// below, as a workaround.
« no previous file with comments | « lib/compat.js ('k') | lib/devtools.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld