- commit
- 8693fa2bca6898057f54f8c7dfe1f2edd9cffd83
- parent
- 641f2b5c18d07ec8ec8e0f3e234566bb88ccc084
- Author
- Tobias Bengfort <tobias.bengfort@posteo.de>
- Date
- 2022-08-08 19:03
fix: report inline numbers even if allowed
Diffstat
| M | src/bg.js | 35 | +++++++++++++++++++---------------- |
1 files changed, 19 insertions, 16 deletions
diff --git a/src/bg.js b/src/bg.js
@@ -125,24 +125,27 @@ browser.webRequest.onBeforeRequest.addListener(details => {
125 125
126 126 browser.webRequest.onHeadersReceived.addListener(function(details) {
127 127 var context = getHostname(details.url);
128 -1 var policy = [];
129 128
130 -1 if (!shared.shouldAllow(rules, context, 'inline', 'css')) {
131 -1 policy.push("style-src 'self' *");
132 -1 }
133 -1 if (!shared.shouldAllow(rules, context, 'inline', 'script')) {
134 -1 policy.push("script-src 'self' *");
135 -1 }
136 -1 if (!shared.shouldAllow(rules, context, 'inline', 'media')) {
137 -1 policy.push("img-src 'self' *");
138 -1 }
-1 129 var header = type => {
-1 130 if (shared.shouldAllow(rules, context, 'inline', type)) {
-1 131 return 'Content-Security-Policy-Report-Only';
-1 132 } else {
-1 133 return 'Content-Security-Policy';
-1 134 }
-1 135 };
139 136
140 -1 if (policy.length) {
141 -1 details.responseHeaders.push({
142 -1 name: 'Content-Security-Policy',
143 -1 value: policy.join('; '),
144 -1 });
145 -1 }
-1 137 details.responseHeaders.push({
-1 138 name: header('css'),
-1 139 value: "style-src 'self' *",
-1 140 });
-1 141 details.responseHeaders.push({
-1 142 name: header('script'),
-1 143 value: "script-src 'self' *",
-1 144 });
-1 145 details.responseHeaders.push({
-1 146 name: header('media'),
-1 147 value: "img-src 'self' *",
-1 148 });
146 149
147 150 return {
148 151 responseHeaders: details.responseHeaders,