mirror of
https://github.com/gorhill/uMatrix.git
synced 2024-10-01 01:26:16 +13:00
this fixes #538
This commit is contained in:
parent
8f7f184837
commit
93f963bc6c
1 changed files with 8 additions and 2 deletions
|
@ -392,10 +392,16 @@ var onHeadersReceived = function(details) {
|
||||||
// Since we are modifying an existing CSP header, we need to strip out
|
// Since we are modifying an existing CSP header, we need to strip out
|
||||||
// 'report-uri' if it is present, to prevent spurious reporting of CSP
|
// 'report-uri' if it is present, to prevent spurious reporting of CSP
|
||||||
// violation, and thus the leakage of information to the remote site.
|
// violation, and thus the leakage of information to the remote site.
|
||||||
|
|
||||||
|
// https://github.com/gorhill/uMatrix/issues/538
|
||||||
|
// We will replace in-place the script-src directive with our own.
|
||||||
headers.push({
|
headers.push({
|
||||||
'name': 'Content-Security-Policy',
|
'name': 'Content-Security-Policy',
|
||||||
'value': cspStripReporturi(csp.replace(reScriptsrc, '') +
|
'value': cspStripReporturi(
|
||||||
scriptsrc.replace(reUnsafeinline, ''))
|
csp.slice(0, matches.index) +
|
||||||
|
scriptsrc.replace(reUnsafeinline, '') +
|
||||||
|
csp.slice(matches.index + scriptsrc.length)
|
||||||
|
)
|
||||||
});
|
});
|
||||||
return { responseHeaders: headers };
|
return { responseHeaders: headers };
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue