code review for deeb211c5d

src/js/contentscript-start.js

@@ -36,7 +36,8 @@
             {
                 what: 'securityPolicyViolation',
                 policy: ev.originalPolicy,
-                url: ev.documentURI
+                blockedURI: ev.blockedURI,
+                documentURI: ev.documentURI
             }
         );
     });

src/js/messaging.js

@@ -514,6 +514,7 @@ var onMessage = function(request, sender, callback) {
 
     var tabId = sender && sender.tab ? sender.tab.id || 0 : 0,
         tabContext = µm.tabContextManager.lookup(tabId),
+        rootHostname = tabContext && tabContext.rootHostname,
         pageStore = µm.pageStoreFromTabId(tabId);
 
     // Sync
@@ -535,8 +536,8 @@ var onMessage = function(request, sender, callback) {
     case 'mustRenderNoscriptTags?':
         if ( tabContext === null ) { break; }
         response =
-            µm.tMatrix.mustBlock(tabContext.rootHostname, tabContext.rootHostname, 'script') &&
-            µm.tMatrix.evaluateSwitchZ('noscript-spoof', tabContext.rootHostname);
+            µm.tMatrix.mustBlock(rootHostname, rootHostname, 'script') &&
+            µm.tMatrix.evaluateSwitchZ('noscript-spoof', rootHostname);
         if ( pageStore !== null ) {
             pageStore.hasNoscriptTags = true;
         }
@@ -544,25 +545,21 @@ var onMessage = function(request, sender, callback) {
 
     case 'securityPolicyViolation':
         if ( request.policy !== µm.cspNoWorkerSrc ) { break; }
+        var url = µm.URI.hostnameFromURI(request.blockedURI) !== '' ?
+            request.blockedURI :
+            request.documentURI;
         if ( pageStore !== null ) {
             pageStore.hasWebWorkers = true;
-            pageStore.recordRequest('script', request.url, true);
+            pageStore.recordRequest('script', url, true);
         }
         if ( tabContext !== null ) {
-            µm.logger.writeOne(
-                tabId,
-                'net',
-                tabContext.rootHostname,
-                request.url,
-                'worker',
-                true
-            );
+            µm.logger.writeOne(tabId, 'net', rootHostname, url, 'worker', true);
         }
         break;
 
     case 'shutdown?':
         if ( tabContext !== null ) {
-            response = µm.tMatrix.evaluateSwitchZ('matrix-off', tabContext.rootHostname);
+            response = µm.tMatrix.evaluateSwitchZ('matrix-off', rootHostname);
         }
         break;
 

src/js/traffic.js

@@ -313,7 +313,7 @@ var onHeadersReceived = function(details) {
 
     if ( µm.cspNoWorkerSrc === undefined ) {
         µm.cspNoWorkerSrc = vAPI.webextFlavor.startsWith('Mozilla-') ?
-            "child-src 'none'; frame-src data: blob: *" :
+            "child-src 'none';frame-src data: blob: *" :
             "worker-src 'none'" ;
     }
 
@@ -334,7 +334,7 @@ var onHeadersReceived = function(details) {
     // A CSP header is already present: just add our own directive as a
     // separate disposition (i.e. use comma).
     if ( i !== -1 ) {
-        headers[i].value += ', ' + cspDirectives;
+        headers[i].value += ',' + cspDirectives;
     } else {
         headers.push({ name: 'Content-Security-Policy', value: cspDirectives });
     }