Browse Source

add ability to block web workers on a per-site basis

pull/2/head
Raymond Hill 7 years ago
parent
commit
deeb211c5d
No known key found for this signature in database GPG Key ID: 25E1490B761470C2
  1. 8
      platform/chromium/manifest.json
  2. 16
      platform/webext/manifest.json
  3. 6
      src/css/popup.css
  4. 1
      src/js/background.js
  5. 19
      src/js/messaging.js
  6. 1
      src/js/pagestats.js
  7. 4
      src/js/popup.js
  8. 30
      src/js/traffic.js
  9. 1
      src/popup.html

8
platform/chromium/manifest.json

@ -22,7 +22,13 @@
"content_scripts": [ "content_scripts": [
{ {
"matches": ["http://*/*", "https://*/*"], "matches": ["http://*/*", "https://*/*"],
"js": ["/js/vapi-client.js", "/js/contentscript.js"],
"js": ["/js/vapi-client.js", "/js/contentscript-start.js"],
"run_at": "document_start",
"all_frames": true
},
{
"matches": ["http://*/*", "https://*/*"],
"js": ["/js/contentscript.js"],
"run_at": "document_end", "run_at": "document_end",
"all_frames": true "all_frames": true
} }

16
platform/webext/manifest.json

@ -18,11 +18,17 @@
"default_popup": "popup.html" "default_popup": "popup.html"
}, },
"content_scripts": [ "content_scripts": [
{
"matches": ["http://*/*", "https://*/*"],
"js": ["/js/vapi-client.js", "/js/contentscript.js"],
"run_at": "document_end",
"all_frames": true
{
"matches": ["http://*/*", "https://*/*"],
"js": ["/js/vapi-client.js", "/js/contentscript-start.js"],
"run_at": "document_start",
"all_frames": true
},
{
"matches": ["http://*/*", "https://*/*"],
"js": ["/js/contentscript.js"],
"run_at": "document_end",
"all_frames": true
} }
], ],
"default_locale": "en", "default_locale": "en",

6
src/css/popup.css

@ -128,6 +128,12 @@ body .toolbar button.fa {
opacity: 1; opacity: 1;
stroke: none; stroke: none;
} }
#mtxSwitches > li.relevant > svg .dot {
fill: #888;
}
#mtxSwitches > li.switchTrue.relevant > svg .dot {
fill: #eee;
}
#mtxSwitches > li > svg .off, #mtxSwitches > li > svg .off,
#mtxSwitches > li.switchTrue > svg .on, #mtxSwitches > li.switchTrue > svg .on,
#mtxSwitches > li.relevant > svg .dot { #mtxSwitches > li.relevant > svg .dot {

1
src/js/background.js

@ -110,6 +110,7 @@ return {
}, },
clearBrowserCacheCycle: 0, clearBrowserCacheCycle: 0,
cspNoWorkerSrc: undefined,
updateAssetsEvery: 11 * oneDay + 1 * oneHour + 1 * oneMinute + 1 * oneSecond, updateAssetsEvery: 11 * oneDay + 1 * oneHour + 1 * oneMinute + 1 * oneSecond,
firstUpdateAfter: 11 * oneMinute, firstUpdateAfter: 11 * oneMinute,
nextUpdateAfter: 11 * oneHour, nextUpdateAfter: 11 * oneHour,

19
src/js/messaging.js

@ -167,6 +167,7 @@ var matrixSnapshot = function(pageStore, details) {
has3pReferrer: pageStore.has3pReferrer, has3pReferrer: pageStore.has3pReferrer,
hasMixedContent: pageStore.hasMixedContent, hasMixedContent: pageStore.hasMixedContent,
hasNoscriptTags: pageStore.hasNoscriptTags, hasNoscriptTags: pageStore.hasNoscriptTags,
hasWebWorkers: pageStore.hasWebWorkers,
headerIndices: Array.from(headerIndices), headerIndices: Array.from(headerIndices),
hostname: pageStore.pageHostname, hostname: pageStore.pageHostname,
mtxContentModified: pageStore.mtxContentModifiedTime !== details.mtxContentModifiedTime, mtxContentModified: pageStore.mtxContentModifiedTime !== details.mtxContentModifiedTime,
@ -541,6 +542,24 @@ var onMessage = function(request, sender, callback) {
} }
break; break;
case 'securityPolicyViolation':
if ( request.policy !== µm.cspNoWorkerSrc ) { break; }
if ( pageStore !== null ) {
pageStore.hasWebWorkers = true;
pageStore.recordRequest('script', request.url, true);
}
if ( tabContext !== null ) {
µm.logger.writeOne(
tabId,
'net',
tabContext.rootHostname,
request.url,
'worker',
true
);
}
break;
case 'shutdown?': case 'shutdown?':
if ( tabContext !== null ) { if ( tabContext !== null ) {
response = µm.tMatrix.evaluateSwitchZ('matrix-off', tabContext.rootHostname); response = µm.tMatrix.evaluateSwitchZ('matrix-off', tabContext.rootHostname);

1
src/js/pagestats.js

@ -126,6 +126,7 @@ PageStore.prototype = {
this.has3pReferrer = false; this.has3pReferrer = false;
this.hasMixedContent = false; this.hasMixedContent = false;
this.hasNoscriptTags = false; this.hasNoscriptTags = false;
this.hasWebWorkers = false;
this.incinerationTimer = null; this.incinerationTimer = null;
this.mtxContentModifiedTime = 0; this.mtxContentModifiedTime = 0;
this.mtxCountModifiedTime = 0; this.mtxCountModifiedTime = 0;

4
src/js/popup.js

@ -1196,6 +1196,10 @@ function updateMatrixSwitches() {
'relevant', 'relevant',
matrixSnapshot.hasMixedContent matrixSnapshot.hasMixedContent
); );
uDom.nodeFromId('mtxSwitch_no-workers').classList.toggle(
'relevant',
matrixSnapshot.hasWebWorkers
);
uDom.nodeFromId('mtxSwitch_referrer-spoof').classList.toggle( uDom.nodeFromId('mtxSwitch_referrer-spoof').classList.toggle(
'relevant', 'relevant',
matrixSnapshot.has3pReferrer matrixSnapshot.has3pReferrer

30
src/js/traffic.js

@ -299,24 +299,44 @@ var onHeadersReceived = function(details) {
var tabContext = µm.tabContextManager.lookup(tabId); var tabContext = µm.tabContextManager.lookup(tabId);
if ( tabContext === null ) { return; } if ( tabContext === null ) { return; }
if ( µm.mustAllow(tabContext.rootHostname, µm.URI.hostnameFromURI(requestURL), 'script') ) {
return;
var csp = [];
if (
µm.mustAllow(
tabContext.rootHostname,
µm.URI.hostnameFromURI(requestURL),
'script'
) !== true
) {
csp.push("script-src 'unsafe-eval' blob: *");
} }
if ( µm.cspNoWorkerSrc === undefined ) {
µm.cspNoWorkerSrc = vAPI.webextFlavor.startsWith('Mozilla-') ?
"child-src 'none'; frame-src data: blob: *" :
"worker-src 'none'" ;
}
if ( µm.tMatrix.evaluateSwitchZ('no-workers', tabContext.rootHostname) ) {
csp.push(µm.cspNoWorkerSrc);
}
if ( csp.length === 0 ) { return; }
// If javascript is not allowed, say so through a `Content-Security-Policy` // If javascript is not allowed, say so through a `Content-Security-Policy`
// directive. // directive.
// We block only inline-script tags, all the external javascript will be // We block only inline-script tags, all the external javascript will be
// blocked by our request handler. // blocked by our request handler.
var csp = "script-src 'unsafe-eval' blob: *",
var cspDirectives = csp.join(','),
headers = details.responseHeaders, headers = details.responseHeaders,
i = headerIndexFromName('content-security-policy', headers); i = headerIndexFromName('content-security-policy', headers);
// A CSP header is already present: just add our own directive as a // A CSP header is already present: just add our own directive as a
// separate disposition (i.e. use comma). // separate disposition (i.e. use comma).
if ( i !== -1 ) { if ( i !== -1 ) {
headers[i].value += ', ' + csp;
headers[i].value += ', ' + cspDirectives;
} else { } else {
headers.push({ name: 'Content-Security-Policy', value: csp });
headers.push({ name: 'Content-Security-Policy', value: cspDirectives });
} }
if ( requestType === 'doc' ) { if ( requestType === 'doc' ) {

1
src/popup.html

@ -87,6 +87,7 @@
<div class="dropdown-menu"> <div class="dropdown-menu">
<ul id="mtxSwitches"> <ul id="mtxSwitches">
<li id="mtxSwitch_https-strict" class="dropdown-menu-entry exists"><!-- <svg><use xlink:href="#toggleButton" /></svg> --><svg xmlns="http://www.w3.org/2000/svg" version="1.1" viewBox="0 0 152 96"><g style="fill:#bbb;"><ellipse cx="48" cy="48" rx="24" ry="24" /><ellipse cx="104" cy="48" rx="24" ry="24" /><rect width="56" height="48" x="48" y="24" /></g><g class="off" style="fill:#bbb;"><ellipse cx="48" cy="48" rx="48" ry="48" /><ellipse style="fill:#fff;" cx="48" cy="48" rx="40" ry="40" /><ellipse class="dot" cx="48" cy="48" rx="12" ry="12" /></g><g class="on" style="fill:#bbb;"><ellipse style="fill:#444;" cx="104" cy="48" rx="48" ry="48" /><ellipse class="dot" cx="104" cy="48" rx="12" ry="12" /></g></svg><span data-i18n="matrixSwitchNoMixedContent"></span>&emsp;<a class="fa" href="https://developer.mozilla.org/docs/Web/Security/Mixed_content" target="_blank">&#xf05a;</a> <li id="mtxSwitch_https-strict" class="dropdown-menu-entry exists"><!-- <svg><use xlink:href="#toggleButton" /></svg> --><svg xmlns="http://www.w3.org/2000/svg" version="1.1" viewBox="0 0 152 96"><g style="fill:#bbb;"><ellipse cx="48" cy="48" rx="24" ry="24" /><ellipse cx="104" cy="48" rx="24" ry="24" /><rect width="56" height="48" x="48" y="24" /></g><g class="off" style="fill:#bbb;"><ellipse cx="48" cy="48" rx="48" ry="48" /><ellipse style="fill:#fff;" cx="48" cy="48" rx="40" ry="40" /><ellipse class="dot" cx="48" cy="48" rx="12" ry="12" /></g><g class="on" style="fill:#bbb;"><ellipse style="fill:#444;" cx="104" cy="48" rx="48" ry="48" /><ellipse class="dot" cx="104" cy="48" rx="12" ry="12" /></g></svg><span data-i18n="matrixSwitchNoMixedContent"></span>&emsp;<a class="fa" href="https://developer.mozilla.org/docs/Web/Security/Mixed_content" target="_blank">&#xf05a;</a>
<li id="mtxSwitch_no-workers" class="dropdown-menu-entry exists"><!-- <svg><use xlink:href="#toggleButton" /></svg> --><svg xmlns="http://www.w3.org/2000/svg" version="1.1" viewBox="0 0 152 96"><g style="fill:#bbb;"><ellipse cx="48" cy="48" rx="24" ry="24" /><ellipse cx="104" cy="48" rx="24" ry="24" /><rect width="56" height="48" x="48" y="24" /></g><g class="off" style="fill:#bbb;"><ellipse cx="48" cy="48" rx="48" ry="48" /><ellipse style="fill:#fff;" cx="48" cy="48" rx="40" ry="40" /><ellipse class="dot" cx="48" cy="48" rx="12" ry="12" /></g><g class="on" style="fill:#bbb;"><ellipse style="fill:#444;" cx="104" cy="48" rx="48" ry="48" /><ellipse class="dot" cx="104" cy="48" rx="12" ry="12" /></g></svg><span data-i18n="matrixSwitchNoWorker"></span>&emsp;<a class="fa" href="https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API" target="_blank">&#xf05a;</a>
<li id="mtxSwitch_referrer-spoof" class="dropdown-menu-entry"><!-- <svg><use xlink:href="#toggleButton" /></svg> --><svg xmlns="http://www.w3.org/2000/svg" version="1.1" viewBox="0 0 152 96"><g style="fill:#bbb;"><ellipse cx="48" cy="48" rx="24" ry="24" /><ellipse cx="104" cy="48" rx="24" ry="24" /><rect width="56" height="48" x="48" y="24" /></g><g class="off" style="fill:#bbb;"><ellipse cx="48" cy="48" rx="48" ry="48" /><ellipse style="fill:#fff;" cx="48" cy="48" rx="40" ry="40" /><ellipse class="dot" cx="48" cy="48" rx="12" ry="12" /></g><g class="on" style="fill:#bbb;"><ellipse style="fill:#444;" cx="104" cy="48" rx="48" ry="48" /><ellipse class="dot" cx="104" cy="48" rx="12" ry="12" /></g></svg><span data-i18n="matrixSwitchReferrerSpoof"></span>&emsp;<a class="fa" href="https://developer.mozilla.org/docs/Web/HTTP/Headers/Referer" target="_blank">&#xf05a;</a> <li id="mtxSwitch_referrer-spoof" class="dropdown-menu-entry"><!-- <svg><use xlink:href="#toggleButton" /></svg> --><svg xmlns="http://www.w3.org/2000/svg" version="1.1" viewBox="0 0 152 96"><g style="fill:#bbb;"><ellipse cx="48" cy="48" rx="24" ry="24" /><ellipse cx="104" cy="48" rx="24" ry="24" /><rect width="56" height="48" x="48" y="24" /></g><g class="off" style="fill:#bbb;"><ellipse cx="48" cy="48" rx="48" ry="48" /><ellipse style="fill:#fff;" cx="48" cy="48" rx="40" ry="40" /><ellipse class="dot" cx="48" cy="48" rx="12" ry="12" /></g><g class="on" style="fill:#bbb;"><ellipse style="fill:#444;" cx="104" cy="48" rx="48" ry="48" /><ellipse class="dot" cx="104" cy="48" rx="12" ry="12" /></g></svg><span data-i18n="matrixSwitchReferrerSpoof"></span>&emsp;<a class="fa" href="https://developer.mozilla.org/docs/Web/HTTP/Headers/Referer" target="_blank">&#xf05a;</a>
<li id="mtxSwitch_noscript-spoof" class="dropdown-menu-entry"><!-- <svg><use xlink:href="#toggleButton" /></svg> --><svg xmlns="http://www.w3.org/2000/svg" version="1.1" viewBox="0 0 152 96"><g style="fill:#bbb;"><ellipse cx="48" cy="48" rx="24" ry="24" /><ellipse cx="104" cy="48" rx="24" ry="24" /><rect width="56" height="48" x="48" y="24" /></g><g class="off" style="fill:#bbb;"><ellipse cx="48" cy="48" rx="48" ry="48" /><ellipse style="fill:#fff;" cx="48" cy="48" rx="40" ry="40" /><ellipse class="dot" cx="48" cy="48" rx="12" ry="12" /></g><g class="on" style="fill:#bbb;"><ellipse style="fill:#444;" cx="104" cy="48" rx="48" ry="48" /><ellipse class="dot" cx="104" cy="48" rx="12" ry="12" /></g></svg><span data-i18n="matrixSwitchNoscriptSpoof"></span>&emsp;<a class="fa" href="https://developer.mozilla.org/docs/Web/HTML/Element/noscript" target="_blank">&#xf05a;</a> <li id="mtxSwitch_noscript-spoof" class="dropdown-menu-entry"><!-- <svg><use xlink:href="#toggleButton" /></svg> --><svg xmlns="http://www.w3.org/2000/svg" version="1.1" viewBox="0 0 152 96"><g style="fill:#bbb;"><ellipse cx="48" cy="48" rx="24" ry="24" /><ellipse cx="104" cy="48" rx="24" ry="24" /><rect width="56" height="48" x="48" y="24" /></g><g class="off" style="fill:#bbb;"><ellipse cx="48" cy="48" rx="48" ry="48" /><ellipse style="fill:#fff;" cx="48" cy="48" rx="40" ry="40" /><ellipse class="dot" cx="48" cy="48" rx="12" ry="12" /></g><g class="on" style="fill:#bbb;"><ellipse style="fill:#444;" cx="104" cy="48" rx="48" ry="48" /><ellipse class="dot" cx="104" cy="48" rx="12" ry="12" /></g></svg><span data-i18n="matrixSwitchNoscriptSpoof"></span>&emsp;<a class="fa" href="https://developer.mozilla.org/docs/Web/HTML/Element/noscript" target="_blank">&#xf05a;</a>
</ul> </ul>

Loading…
Cancel
Save