mirror of
https://github.com/gorhill/uMatrix.git
synced 2024-06-29 11:30:20 +12:00
this somewhat fixes #27
This commit is contained in:
parent
49bbe6f7dd
commit
24502090e2
|
@ -768,18 +768,26 @@ var onSubDocHeadersReceived = function(details) {
|
||||||
// directive.
|
// directive.
|
||||||
|
|
||||||
// For inline javascript within iframes, we need to sandbox.
|
// For inline javascript within iframes, we need to sandbox.
|
||||||
|
|
||||||
// https://github.com/gorhill/httpswitchboard/issues/73
|
// https://github.com/gorhill/httpswitchboard/issues/73
|
||||||
// Now because sandbox cancels all permissions, this means
|
// Now because sandbox cancels all permissions, this means
|
||||||
// not just javascript is disabled. To avoid negative side
|
// not just javascript is disabled. To avoid negative side
|
||||||
// effects, I allow some other permissions, but...
|
// effects, I allow some other permissions, but...
|
||||||
|
|
||||||
|
// https://github.com/gorhill/uMatrix/issues/27
|
||||||
|
// Need to add `allow-popups` to prevent completely breaking links on
|
||||||
|
// some sites old style sites.
|
||||||
|
|
||||||
// TODO: Reuse CSP `sandbox` directive if it's already in the
|
// TODO: Reuse CSP `sandbox` directive if it's already in the
|
||||||
// headers (strip out `allow-scripts` if present),
|
// headers (strip out `allow-scripts` if present),
|
||||||
// and find out if the `sandbox` in the header interfere with a
|
// and find out if the `sandbox` in the header interfere with a
|
||||||
// `sandbox` attribute which might be present on the iframe.
|
// `sandbox` attribute which might be present on the iframe.
|
||||||
|
|
||||||
// console.debug('onSubDocHeadersReceived()> FRAME CSP "%s": %o, scope="%s"', details.url, details, pageURL);
|
// console.debug('onSubDocHeadersReceived()> FRAME CSP "%s": %o, scope="%s"', details.url, details, pageURL);
|
||||||
|
|
||||||
details.responseHeaders.push({
|
details.responseHeaders.push({
|
||||||
'name': 'Content-Security-Policy',
|
'name': 'Content-Security-Policy',
|
||||||
'value': 'sandbox allow-forms allow-same-origin'
|
'value': 'sandbox allow-forms allow-same-origin allow-popups'
|
||||||
});
|
});
|
||||||
|
|
||||||
return { responseHeaders: details.responseHeaders };
|
return { responseHeaders: details.responseHeaders };
|
||||||
|
|
Loading…
Reference in a new issue