Skip to content
Snippets Groups Projects
Unverified Commit 1a7f41ee authored by Thomas Rientjes's avatar Thomas Rientjes Committed by GitHub
Browse files

Merge pull request #258 from gorhill/experimental

Hide web accessible resources from websites
parents 4c826259 e6a5de16
No related branches found
No related tags found
No related merge requests found
...@@ -111,7 +111,7 @@ interceptor._handleMissingCandidate = function (requestUrl) { ...@@ -111,7 +111,7 @@ interceptor._handleMissingCandidate = function (requestUrl) {
requestUrl = requestUrlSegments.toString(); requestUrl = requestUrlSegments.toString();
return { return {
'redirectUrl': requestUrl 'redirectUrl': requestUrl + interceptor.warSecret
}; };
} else { } else {
...@@ -147,3 +147,22 @@ chrome.storage.local.get([Setting.AMOUNT_INJECTED, Setting.BLOCK_MISSING], funct ...@@ -147,3 +147,22 @@ chrome.storage.local.get([Setting.AMOUNT_INJECTED, Setting.BLOCK_MISSING], funct
*/ */
chrome.storage.onChanged.addListener(interceptor._handleStorageChanged); chrome.storage.onChanged.addListener(interceptor._handleStorageChanged);
/**
* Guard web accessible resources from direct access by web pages
*/
interceptor.warSecret = '?_=' +
Math.floor(Math.random() * 982451653 + 982451653).toString(36) +
Math.floor(Math.random() * 982451653 + 982451653).toString(36);
chrome.webRequest.onBeforeRequest.addListener(
function(requestDetails) {
if (!requestDetails.url.endsWith(interceptor.warSecret)) {
return { redirectUrl: chrome.runtime.getURL('/') };
}
},
{'urls': [chrome.runtime.getURL('/') + 'resources/*']},
[WebRequest.BLOCKING]
);
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment