Skip to content
Snippets Groups Projects
Commit 07cfc9c2 authored by Thomas Rientjes's avatar Thomas Rientjes
Browse files

Add undetectable tainted domains

parent d4d07a3d
No related branches found
No related tags found
Loading
Loading
  • Contributor

    Created by: Gitoffthelawn

    What makes a domain (or host) tainted?

  • Author Owner

    A domain is tainted when Content Security Policies do not allow Decentraleyes to inject bundled resources. I'm adding more and more detection mechanisms, but also maintain a list of currently undetectable tainted domains to make sure this add-on does not break any major websites.

    It is expected that these injection issues can be fully resolved by porting the add-on to WebExtensions (this depends on the final, stable, implementation of the interface). So, with a bit of luck, Decentraleyes v2.0.0 and onwards will not be affected by these complicated restrictions.

    All CDN resources requested by known tainted domains will be treated as missing.

  • Contributor

    Created by: Gitoffthelawn

    Thanks Thomas. Makes sense. Hopefully WebExtensions will resolve this.

    When you say "All CDN resources requested by known tainted domains will be treated as missing", do you mean the site will simply not receive the resource or that it will load it from the CDN?

  • Author Owner

    When you say "All CDN resources requested by known tainted domains will be treated as missing", do you mean the site will simply not receive the resource or that it will load it from the CDN?

    That depends on the user's add-on preferences. Requests for unavailable libraries are allowed through unless the end-user activates "block requests for missing resources" in settings.

  • Contributor

    Created by: Gitoffthelawn

    Thanks. Makes sense!

    Thinking aloud: I wonder if it makes sense to have a third option: Block requests for missing resources except for tainted domains. Or something like that. Just off the top of my head... haven't given it much thought yet.

0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment