Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code
Issues
All Issues

Unified Diff: lib/csp.js

Issue 29378831: Issue 4953 - Ensure website isn't whitelisted before injecting CSP (Closed)
Patch Set: Created March 8, 2017, 1:40 p.m.
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: lib/csp.js
diff --git a/lib/csp.js b/lib/csp.js
index d4e8ac3b7cdb7b1bc3163601adb45dc3afcfc9c3..6da7132ef7b0b717a726ed7fea6ed870ca44e050 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -20,13 +20,16 @@
const {defaultMatcher} = require("matcher");
const {BlockingFilter, RegExpFilter} = require("filterClasses");
const {getDecodedHostname} = require("url");
+const {checkWhitelisted} = require("whitelisting");
chrome.webRequest.onHeadersReceived.addListener(details =>
{
let hostname = getDecodedHostname(new URL(details.url));
let match = defaultMatcher.matchesAny("", RegExpFilter.typeMap.WEBSOCKET,
hostname, false, null, true);
- if (match instanceof BlockingFilter)
+ if (match instanceof BlockingFilter &&
+ !checkWhitelisted(new ext.Page({id: details.tabId}),
+ ext.getFrame(details.tabId, details.frameId)))
{
details.responseHeaders.push({
name: "Content-Security-Policy",
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld