Block all non GET requests to CDN (#1226)

2022-11-29 07:03:15 +01:00 · 2022-11-29 07:03:15 +01:00 · 0465b630d1
parent c9d2eb85ce
commit 0465b630d1
4 changed files with 24 additions and 0 deletions
--- a/.eslintrc
+++ b/.eslintrc
@ -33,6 +33,7 @@
        "BadgeSettingMissingResource": true,
        "BadResources": true,
        "LogString": true,
+        "BlockedRequestMethods": true,

        "fileGuard": true,
        "files": true,
--- a/core/constants.js
+++ b/core/constants.js
@ -173,6 +173,15 @@ const WebRequest = {
    'EXTRA_HEADERS': 'extraHeaders'
 };

+const BlockedRequestMethods = {
+    'POST': true,
+    'HEAD': true,
+    'PUT': true,
+    'DELETE': true,
+    'TRACE': true,
+    'OPTIONS': true,
+};
+
 const WebRequestType = {
    'MAIN_FRAME': 'main_frame',
    'SUB_FRAME': 'sub_frame',
@ -434,6 +443,7 @@ const LogString = {
    'REPLACED_RESOURCE': 'Replaced resource:',
    'MISSING_RESOURCE': 'Missing resource:',
    'EVIL_RESOURCE_BLOCKED': 'Evil resource blocked:',
+    'NON_GET_REQUEST_BLOCKED': 'Non-GET-Request blocked',
 };

 // Supported charsets for TextDecoder()
--- a/core/interceptor.js
+++ b/core/interceptor.js
@ -54,6 +54,15 @@ interceptor.handleRequest = function (requestDetails, tabIdentifier, tab) {
        tabIdentifier, targetDetails
    };

+    // Block POST, HEAD, PUT, DELETE, TRACE, OPTIONS
+    if (BlockedRequestMethods[requestDetails.method]) {
+        console.warn(`${LogString.PREFIX} ${LogString.NON_GET_REQUEST_BLOCKED}`);
+        log.append(tab.url, requestDetails.url, LogString.NON_GET_REQUEST_BLOCKED, true);
+        return {
+            'cancel': true
+        };
+    }
+
    validCandidate = requestAnalyzer.isValidCandidate(requestDetails, tab);
    if (!validCandidate) {
        return {
--- a/pages/updates/updates.html
+++ b/pages/updates/updates.html
@ -46,6 +46,10 @@
                            <li>knockout v3.4.2 (<a href="https://codeberg.org/nobody/LocalCDN/issues/1210">#1210</a>)</li>
                            <li>knockout.mapping v2.4.1 (<a href="https://codeberg.org/nobody/LocalCDN/issues/1210">#1210</a>)</li>
                        </ul>
+                        <p>Improved</p>
+                        <ul>
+                            <li>Block all non GET requests to CDN (<a href="https://codeberg.org/nobody/LocalCDN/issues/1226">#1226</a>)</li>
+                        </ul>
                    </div>
                    <div id="generator-section">
                        <div class="topic-label">