Mirror
/
nuTensor
mirror of https://github.com/geekprojects/nuTensor.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fix ##773 + added logger output for CSP modification

pull/2/head
gorhill 7 years ago
parent
72a9fbf267
commit
8608b29ded
No known key found for this signature in database GPG Key ID: 25E1490B761470C2
2 changed files with 29 additions and 23 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      src/js/logger-ui.js
  2. 51
      src/js/traffic.js

1
src/js/logger-ui.js
View File

@ -51,6 +51,7 @@ var prettyRequestTypes = {
var dontEmphasizeSet = new Set([ var dontEmphasizeSet = new Set([
'COOKIE', 'COOKIE',
'CSP',
'REFERER' 'REFERER'
]); ]);

51
src/js/traffic.js
View File

@ -212,9 +212,9 @@ var onBeforeSendHeadersHandler = function(details) {
headerIndex !== -1 && headerIndex !== -1 &&
µm.mustBlock(rootHostname, requestHostname, 'cookie') µm.mustBlock(rootHostname, requestHostname, 'cookie')
) { ) {
modified = true;
headerValue = requestHeaders[headerIndex].value; headerValue = requestHeaders[headerIndex].value;
requestHeaders.splice(headerIndex, 1); requestHeaders.splice(headerIndex, 1);
modified = true;
µm.cookieHeaderFoiledCounter++; µm.cookieHeaderFoiledCounter++;
if ( requestType === 'doc' ) { if ( requestType === 'doc' ) {
µm.logger.writeOne(tabId, 'net', '', headerValue, 'COOKIE', true); µm.logger.writeOne(tabId, 'net', '', headerValue, 'COOKIE', true);
@ -236,7 +236,10 @@ var onBeforeSendHeadersHandler = function(details) {
// "Origin header field." // "Origin header field."
// https://github.com/gorhill/uMatrix/issues/358 // https://github.com/gorhill/uMatrix/issues/358
// Do not spoof `Origin` header for the time being. This will be revisited.
// Do not spoof `Origin` header for the time being.
// https://github.com/gorhill/uMatrix/issues/773
// For non-GET requests, remove `Referer` header instead of spoofing it.
headerIndex = headerIndexFromName('referer', requestHeaders); headerIndex = headerIndexFromName('referer', requestHeaders);
if ( headerIndex !== -1 ) { if ( headerIndex !== -1 ) {
@ -247,13 +250,20 @@ var onBeforeSendHeadersHandler = function(details) {
) { ) {
var toDomain = µmuri.domainFromHostname(requestHostname); var toDomain = µmuri.domainFromHostname(requestHostname);
if ( toDomain !== '' && toDomain !== µmuri.domainFromURI(headerValue) ) { if ( toDomain !== '' && toDomain !== µmuri.domainFromURI(headerValue) ) {
var newValue = requestScheme + '://' + requestHostname + '/';
requestHeaders[headerIndex].value = newValue;
modified = true; modified = true;
var newValue;
if ( details.method === 'GET' ) {
newValue = requestHeaders[headerIndex].value =
requestScheme + '://' + requestHostname + '/';
} else {
requestHeaders.splice(headerIndex, 1);
}
µm.refererHeaderFoiledCounter++; µm.refererHeaderFoiledCounter++;
if ( requestType === 'doc' ) { if ( requestType === 'doc' ) {
µm.logger.writeOne(tabId, 'net', '', headerValue, 'REFERER', true); µm.logger.writeOne(tabId, 'net', '', headerValue, 'REFERER', true);
µm.logger.writeOne(tabId, 'net', '', newValue, 'REFERER', false);
if ( newValue !== undefined ) {
µm.logger.writeOne(tabId, 'net', '', newValue, 'REFERER', false);
}
} }
} }
} }
@ -276,14 +286,10 @@ var onBeforeSendHeadersHandler = function(details) {
var onHeadersReceived = function(details) { var onHeadersReceived = function(details) {
// Ignore schemes other than 'http...' // Ignore schemes other than 'http...'
var requestURL = details.url;
if ( requestURL.lastIndexOf('http', 0) !== 0 ) {
return;
}
var µm = µMatrix;
var tabId = details.tabId;
var requestType = requestTypeNormalizer[details.type] || 'other';
var µm = µMatrix,
tabId = details.tabId,
requestURL = details.url,
requestType = requestTypeNormalizer[details.type] || 'other';
// https://github.com/gorhill/uMatrix/issues/145 // https://github.com/gorhill/uMatrix/issues/145
// Check if the main_frame is a download // Check if the main_frame is a download
@ -292,9 +298,7 @@ var onHeadersReceived = function(details) {
} }
var tabContext = µm.tabContextManager.lookup(tabId); var tabContext = µm.tabContextManager.lookup(tabId);
if ( tabContext === null ) {
return;
}
if ( tabContext === null ) { return; }
if ( µm.mustAllow(tabContext.rootHostname, µm.URI.hostnameFromURI(requestURL), 'script') ) { if ( µm.mustAllow(tabContext.rootHostname, µm.URI.hostnameFromURI(requestURL), 'script') ) {
return; return;
@ -305,20 +309,21 @@ var onHeadersReceived = function(details) {
// We block only inline-script tags, all the external javascript will be // We block only inline-script tags, all the external javascript will be
// blocked by our request handler. // blocked by our request handler.
var csp = "script-src 'unsafe-eval' *",
var csp = "script-src 'unsafe-eval' blob: *",
headers = details.responseHeaders, headers = details.responseHeaders,
i = headerIndexFromName('content-security-policy', headers); i = headerIndexFromName('content-security-policy', headers);
// A CSP header is already present: just add our own directive as a // A CSP header is already present: just add our own directive as a
// separate disposition (i.e. use comma). // separate disposition (i.e. use comma).
if ( i !== -1 ) { if ( i !== -1 ) {
csp = headers[i].value.trim() + ', ' + csp;
headers.splice(i, 1);
headers[i].value += ', ' + csp;
} else {
headers.push({ name: 'Content-Security-Policy', value: csp });
}
if ( requestType === 'doc' ) {
µm.logger.writeOne(tabId, 'net', '', csp, 'CSP', false);
} }
// TODO: We are currently forced to add the CSP header at the end of the
// headers array, because this is what the platform specific code
// expect (Firefox).
headers.push({ name: 'Content-Security-Policy', value: csp });
return { responseHeaders: headers }; return { responseHeaders: headers };
}; };

Write Preview
Loading…
Cancel
Save