[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [meek/webextension] Set some safety defaults for fetch.
commit 830375ad31990fab1d8df24b9ad9447e4a0301e4
Author: David Fifield <david@xxxxxxxxxxxxxxx>
Date: Fri Feb 15 14:29:54 2019 -0700
Set some safety defaults for fetch.
cache: "no-store"
credentials: "omit"
redirect: "manual"
cache: "no-store" adds these headers, which seem fine:
Cache-Control: no-cache
Pragma: no-cache
---
webextension/background.js | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/webextension/background.js b/webextension/background.js
index ba56e7f..fd39273 100644
--- a/webextension/background.js
+++ b/webextension/background.js
@@ -83,6 +83,7 @@ function roundtrip(id, request) {
// Process the incoming request spec and convert it into parameters to the
// fetch API. Also enforce some restrictions on what kinds of requests we
// are willing to make.
+ // https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch#Parameters
let url;
let init = {};
try {
@@ -107,6 +108,13 @@ function roundtrip(id, request) {
init.body = base64_decode(request.body);
}
+ // Do not read nor write from the browser's HTTP cache.
+ init.cache = "no-store";
+ // Don't send cookies.
+ init.credentials = "omit";
+ // Don't follow redirects (we'll get resp.status:0 if there is one).
+ init.redirect = "manual";
+
// TODO: Host header
// TODO: strip Origin header?
// TODO: proxy
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits