lib/csp.js - Issue 29452181: Noissue - Merge current tip to Edge bookmark

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Unified Diff: lib/csp.js

Issue 29452181: Noissue - Merge current tip to Edge bookmark (Closed)

Patch Set: Created May 30, 2017, 3:49 p.m.

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: lib/csp.js

===================================================================

--- a/lib/csp.js

+++ b/lib/csp.js

@@ -1,6 +1,6 @@

* This file is part of Adblock Plus <https://adblockplus.org/>,

* Adblock Plus is free software: you can redistribute it and/or modify

* it under the terms of the GNU General Public License version 3 as

@@ -17,34 +17,6 @@

"use strict";

-const {defaultMatcher} = require("matcher");

-const {BlockingFilter, RegExpFilter} = require("filterClasses");

-const {getDecodedHostname} = require("url");

-chrome.webRequest.onHeadersReceived.addListener(details =>

- let hostname = getDecodedHostname(new URL(details.url));

- let match = defaultMatcher.matchesAny("", RegExpFilter.typeMap.WEBSOCKET,

- hostname, false, null, true);

- if (match instanceof BlockingFilter)

- {

- details.responseHeaders.push({

- name: "Content-Security-Policy",

- // We're blocking WebSockets here by adding a connect-src restriction

- // since the Chrome extension API does not allow us to intercept them.

- // https://bugs.chromium.org/p/chromium/issues/detail?id=129353

- //

- // We also need the frame-src and object-src restrictions since CSPs are

- // not inherited from the parent for documents with data: and blob: URLs.

- // https://bugs.chromium.org/p/chromium/issues/detail?id=513860

- //

- // "http:" also includes "https:" implictly.

- // https://www.chromestatus.com/feature/6653486812889088

- value: "connect-src http:; frame-src http:; object-src http:"

- });

- return {responseHeaders: details.responseHeaders};

- }

-}, {

- urls: ["http://*/*", "https://*/*"],

- types: ["main_frame", "sub_frame"]

-}, ["blocking", "responseHeaders"]);

+// Before Chrome 58, the webRequest API did not intercept WebSocket

+// connections (see https://crbug.com/129353). Hence we inject CSP headers,

+// below, as a workaround.

« no previous file with comments | « lib/compat.js ('k') | lib/devtools.js » ('j') | no next file with comments »