Microsoft has acquired GitHub. Decentraleyes has left GitHub. Welcome to its new home!

To participate, please register, or sign in with an existing GitLab.com, Bitbucket, or GitHub account.

Past contributions on GitHub? Be sure to reclaim your Comments, Issues, and Pull Requests.

Unverified Commit 1a7f41ee authored by Thomas Rientjes's avatar Thomas Rientjes Committed by GitHub
Browse files

Merge pull request #258 from gorhill/experimental

Hide web accessible resources from websites
parents 4c826259 e6a5de16
......@@ -111,7 +111,7 @@ interceptor._handleMissingCandidate = function (requestUrl) {
requestUrl = requestUrlSegments.toString();
return {
'redirectUrl': requestUrl
'redirectUrl': requestUrl + interceptor.warSecret
};
} else {
......@@ -147,3 +147,22 @@ chrome.storage.local.get([Setting.AMOUNT_INJECTED, Setting.BLOCK_MISSING], funct
*/
chrome.storage.onChanged.addListener(interceptor._handleStorageChanged);
/**
* Guard web accessible resources from direct access by web pages
*/
interceptor.warSecret = '?_=' +
Math.floor(Math.random() * 982451653 + 982451653).toString(36) +
Math.floor(Math.random() * 982451653 + 982451653).toString(36);
chrome.webRequest.onBeforeRequest.addListener(
function(requestDetails) {
if (!requestDetails.url.endsWith(interceptor.warSecret)) {
return { redirectUrl: chrome.runtime.getURL('/') };
}
},
{'urls': [chrome.runtime.getURL('/') + 'resources/*']},
[WebRequest.BLOCKING]
);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment