Skip to content
This repository has been archived by the owner on Nov 6, 2023. It is now read-only.

Commit

Permalink
If CSP already existed, modify it insteads
Browse files Browse the repository at this point in the history
  • Loading branch information
Pasu Chan Chak Shing committed Feb 13, 2018
1 parent 0d1f114 commit 1e06bf1
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions chromium/background.js
Original file line number Diff line number Diff line change
Expand Up @@ -503,6 +503,20 @@ function onErrorOccurred(details) {
*/
function onHeadersReceived(details) {
if (isExtensionEnabled && httpNowhereOn) {
for (const idx in details.responseHeaders) {
if (details.responseHeaders[idx].name.match(/Content-Security-Policy/i)) {
// Existing CSP headers found
const value = details.responseHeaders[idx].value;

// Prepend if no upgrade-insecure-requests directive exists
if (!value.match(/upgrade-insecure-requests/i)) {
details.responseHeaders[idx].value = "upgrade-insecure-requests; " + value;
}
return {responseHeaders: details.responseHeaders};
}
}

// CSP headers not found
const upgradeInsecureRequests = {
name: 'Content-Security-Policy',
value: 'upgrade-insecure-requests'
Expand Down

0 comments on commit 1e06bf1

Please sign in to comment.