mirror of
https://github.com/gorhill/uMatrix.git
synced 2024-05-17 10:43:19 +12:00
add ability to block web workers on a per-site basis
This commit is contained in:
Raymond Hill
parent
52139a9137
commit
deeb211c5d
|
|
@ -22,7 +22,13 @@
|
|||
"content_scripts": [
|
||||
{
|
||||
"matches": ["http://*/*", "https://*/*"],
|
||||
"js": ["/js/vapi-client.js", "/js/contentscript.js"],
|
||||
"js": ["/js/vapi-client.js", "/js/contentscript-start.js"],
|
||||
"run_at": "document_start",
|
||||
"all_frames": true
|
||||
},
|
||||
{
|
||||
"matches": ["http://*/*", "https://*/*"],
|
||||
"js": ["/js/contentscript.js"],
|
||||
"run_at": "document_end",
|
||||
"all_frames": true
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,11 +18,17 @@
|
|||
"default_popup": "popup.html"
|
||||
},
|
||||
"content_scripts": [
|
||||
{
|
||||
"matches": ["http://*/*", "https://*/*"],
|
||||
"js": ["/js/vapi-client.js", "/js/contentscript.js"],
|
||||
"run_at": "document_end",
|
||||
"all_frames": true
|
||||
{
|
||||
"matches": ["http://*/*", "https://*/*"],
|
||||
"js": ["/js/vapi-client.js", "/js/contentscript-start.js"],
|
||||
"run_at": "document_start",
|
||||
"all_frames": true
|
||||
},
|
||||
{
|
||||
"matches": ["http://*/*", "https://*/*"],
|
||||
"js": ["/js/contentscript.js"],
|
||||
"run_at": "document_end",
|
||||
"all_frames": true
|
||||
}
|
||||
],
|
||||
"default_locale": "en",
|
||||
|
|
|
|||
|
|
@ -128,6 +128,12 @@ body .toolbar button.fa {
|
|||
opacity: 1;
|
||||
stroke: none;
|
||||
}
|
||||
#mtxSwitches > li.relevant > svg .dot {
|
||||
fill: #888;
|
||||
}
|
||||
#mtxSwitches > li.switchTrue.relevant > svg .dot {
|
||||
fill: #eee;
|
||||
}
|
||||
#mtxSwitches > li > svg .off,
|
||||
#mtxSwitches > li.switchTrue > svg .on,
|
||||
#mtxSwitches > li.relevant > svg .dot {
|
||||
|
|
|
|||
|
|
@ -110,6 +110,7 @@ return {
|
|||
},
|
||||
|
||||
clearBrowserCacheCycle: 0,
|
||||
cspNoWorkerSrc: undefined,
|
||||
updateAssetsEvery: 11 * oneDay + 1 * oneHour + 1 * oneMinute + 1 * oneSecond,
|
||||
firstUpdateAfter: 11 * oneMinute,
|
||||
nextUpdateAfter: 11 * oneHour,
|
||||
|
|
|
|||
|
|
@ -167,6 +167,7 @@ var matrixSnapshot = function(pageStore, details) {
|
|||
has3pReferrer: pageStore.has3pReferrer,
|
||||
hasMixedContent: pageStore.hasMixedContent,
|
||||
hasNoscriptTags: pageStore.hasNoscriptTags,
|
||||
hasWebWorkers: pageStore.hasWebWorkers,
|
||||
headerIndices: Array.from(headerIndices),
|
||||
hostname: pageStore.pageHostname,
|
||||
mtxContentModified: pageStore.mtxContentModifiedTime !== details.mtxContentModifiedTime,
|
||||
|
|
@ -541,6 +542,24 @@ var onMessage = function(request, sender, callback) {
|
|||
}
|
||||
break;
|
||||
|
||||
case 'securityPolicyViolation':
|
||||
if ( request.policy !== µm.cspNoWorkerSrc ) { break; }
|
||||
if ( pageStore !== null ) {
|
||||
pageStore.hasWebWorkers = true;
|
||||
pageStore.recordRequest('script', request.url, true);
|
||||
}
|
||||
if ( tabContext !== null ) {
|
||||
µm.logger.writeOne(
|
||||
tabId,
|
||||
'net',
|
||||
tabContext.rootHostname,
|
||||
request.url,
|
||||
'worker',
|
||||
true
|
||||
);
|
||||
}
|
||||
break;
|
||||
|
||||
case 'shutdown?':
|
||||
if ( tabContext !== null ) {
|
||||
response = µm.tMatrix.evaluateSwitchZ('matrix-off', tabContext.rootHostname);
|
||||
|
|
|
|||
|
|
@ -126,6 +126,7 @@ PageStore.prototype = {
|
|||
this.has3pReferrer = false;
|
||||
this.hasMixedContent = false;
|
||||
this.hasNoscriptTags = false;
|
||||
this.hasWebWorkers = false;
|
||||
this.incinerationTimer = null;
|
||||
this.mtxContentModifiedTime = 0;
|
||||
this.mtxCountModifiedTime = 0;
|
||||
|
|
|
|||
|
|
@ -1196,6 +1196,10 @@ function updateMatrixSwitches() {
|
|||
'relevant',
|
||||
matrixSnapshot.hasMixedContent
|
||||
);
|
||||
uDom.nodeFromId('mtxSwitch_no-workers').classList.toggle(
|
||||
'relevant',
|
||||
matrixSnapshot.hasWebWorkers
|
||||
);
|
||||
uDom.nodeFromId('mtxSwitch_referrer-spoof').classList.toggle(
|
||||
'relevant',
|
||||
matrixSnapshot.has3pReferrer
|
||||
|
|
|
|||
|
|
@ -299,24 +299,44 @@ var onHeadersReceived = function(details) {
|
|||
var tabContext = µm.tabContextManager.lookup(tabId);
|
||||
if ( tabContext === null ) { return; }
|
||||
|
||||
if ( µm.mustAllow(tabContext.rootHostname, µm.URI.hostnameFromURI(requestURL), 'script') ) {
|
||||
return;
|
||||
var csp = [];
|
||||
|
||||
if (
|
||||
µm.mustAllow(
|
||||
tabContext.rootHostname,
|
||||
µm.URI.hostnameFromURI(requestURL),
|
||||
'script'
|
||||
) !== true
|
||||
) {
|
||||
csp.push("script-src 'unsafe-eval' blob: *");
|
||||
}
|
||||
|
||||
if ( µm.cspNoWorkerSrc === undefined ) {
|
||||
µm.cspNoWorkerSrc = vAPI.webextFlavor.startsWith('Mozilla-') ?
|
||||
"child-src 'none'; frame-src data: blob: *" :
|
||||
"worker-src 'none'" ;
|
||||
}
|
||||
|
||||
if ( µm.tMatrix.evaluateSwitchZ('no-workers', tabContext.rootHostname) ) {
|
||||
csp.push(µm.cspNoWorkerSrc);
|
||||
}
|
||||
|
||||
if ( csp.length === 0 ) { return; }
|
||||
|
||||
// If javascript is not allowed, say so through a `Content-Security-Policy`
|
||||
// directive.
|
||||
// We block only inline-script tags, all the external javascript will be
|
||||
// blocked by our request handler.
|
||||
|
||||
var csp = "script-src 'unsafe-eval' blob: *",
|
||||
var cspDirectives = csp.join(','),
|
||||
headers = details.responseHeaders,
|
||||
i = headerIndexFromName('content-security-policy', headers);
|
||||
// A CSP header is already present: just add our own directive as a
|
||||
// separate disposition (i.e. use comma).
|
||||
if ( i !== -1 ) {
|
||||
headers[i].value += ', ' + csp;
|
||||
headers[i].value += ', ' + cspDirectives;
|
||||
} else {
|
||||
headers.push({ name: 'Content-Security-Policy', value: csp });
|
||||
headers.push({ name: 'Content-Security-Policy', value: cspDirectives });
|
||||
}
|
||||
|
||||
if ( requestType === 'doc' ) {
|
||||
|
|
|
|||
|
|
@ -87,6 +87,7 @@
|
|||
<div class="dropdown-menu">
|
||||
<ul id="mtxSwitches">
|
||||
<li id="mtxSwitch_https-strict" class="dropdown-menu-entry exists"><!-- <svg><use xlink:href="#toggleButton" /></svg> --><svg xmlns="http://www.w3.org/2000/svg" version="1.1" viewBox="0 0 152 96"><g style="fill:#bbb;"><ellipse cx="48" cy="48" rx="24" ry="24" /><ellipse cx="104" cy="48" rx="24" ry="24" /><rect width="56" height="48" x="48" y="24" /></g><g class="off" style="fill:#bbb;"><ellipse cx="48" cy="48" rx="48" ry="48" /><ellipse style="fill:#fff;" cx="48" cy="48" rx="40" ry="40" /><ellipse class="dot" cx="48" cy="48" rx="12" ry="12" /></g><g class="on" style="fill:#bbb;"><ellipse style="fill:#444;" cx="104" cy="48" rx="48" ry="48" /><ellipse class="dot" cx="104" cy="48" rx="12" ry="12" /></g></svg><span data-i18n="matrixSwitchNoMixedContent"></span> <a class="fa" href="https://developer.mozilla.org/docs/Web/Security/Mixed_content" target="_blank"></a>
|
||||
<li id="mtxSwitch_no-workers" class="dropdown-menu-entry exists"><!-- <svg><use xlink:href="#toggleButton" /></svg> --><svg xmlns="http://www.w3.org/2000/svg" version="1.1" viewBox="0 0 152 96"><g style="fill:#bbb;"><ellipse cx="48" cy="48" rx="24" ry="24" /><ellipse cx="104" cy="48" rx="24" ry="24" /><rect width="56" height="48" x="48" y="24" /></g><g class="off" style="fill:#bbb;"><ellipse cx="48" cy="48" rx="48" ry="48" /><ellipse style="fill:#fff;" cx="48" cy="48" rx="40" ry="40" /><ellipse class="dot" cx="48" cy="48" rx="12" ry="12" /></g><g class="on" style="fill:#bbb;"><ellipse style="fill:#444;" cx="104" cy="48" rx="48" ry="48" /><ellipse class="dot" cx="104" cy="48" rx="12" ry="12" /></g></svg><span data-i18n="matrixSwitchNoWorker"></span> <a class="fa" href="https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API" target="_blank"></a>
|
||||
<li id="mtxSwitch_referrer-spoof" class="dropdown-menu-entry"><!-- <svg><use xlink:href="#toggleButton" /></svg> --><svg xmlns="http://www.w3.org/2000/svg" version="1.1" viewBox="0 0 152 96"><g style="fill:#bbb;"><ellipse cx="48" cy="48" rx="24" ry="24" /><ellipse cx="104" cy="48" rx="24" ry="24" /><rect width="56" height="48" x="48" y="24" /></g><g class="off" style="fill:#bbb;"><ellipse cx="48" cy="48" rx="48" ry="48" /><ellipse style="fill:#fff;" cx="48" cy="48" rx="40" ry="40" /><ellipse class="dot" cx="48" cy="48" rx="12" ry="12" /></g><g class="on" style="fill:#bbb;"><ellipse style="fill:#444;" cx="104" cy="48" rx="48" ry="48" /><ellipse class="dot" cx="104" cy="48" rx="12" ry="12" /></g></svg><span data-i18n="matrixSwitchReferrerSpoof"></span> <a class="fa" href="https://developer.mozilla.org/docs/Web/HTTP/Headers/Referer" target="_blank"></a>
|
||||
<li id="mtxSwitch_noscript-spoof" class="dropdown-menu-entry"><!-- <svg><use xlink:href="#toggleButton" /></svg> --><svg xmlns="http://www.w3.org/2000/svg" version="1.1" viewBox="0 0 152 96"><g style="fill:#bbb;"><ellipse cx="48" cy="48" rx="24" ry="24" /><ellipse cx="104" cy="48" rx="24" ry="24" /><rect width="56" height="48" x="48" y="24" /></g><g class="off" style="fill:#bbb;"><ellipse cx="48" cy="48" rx="48" ry="48" /><ellipse style="fill:#fff;" cx="48" cy="48" rx="40" ry="40" /><ellipse class="dot" cx="48" cy="48" rx="12" ry="12" /></g><g class="on" style="fill:#bbb;"><ellipse style="fill:#444;" cx="104" cy="48" rx="48" ry="48" /><ellipse class="dot" cx="104" cy="48" rx="12" ry="12" /></g></svg><span data-i18n="matrixSwitchNoscriptSpoof"></span> <a class="fa" href="https://developer.mozilla.org/docs/Web/HTML/Element/noscript" target="_blank"></a>
|
||||
</ul>
|
||||
|
|
|
|||
Loading…
Reference in a new issue