diff --git a/.eslintrc b/.eslintrc
index 89f7fc8a..c1fa61c0 100644
--- a/.eslintrc
+++ b/.eslintrc
@@ -33,6 +33,7 @@
"BadgeSettingMissingResource": true,
"BadResources": true,
"LogString": true,
+ "BlockedRequestMethods": true,
"fileGuard": true,
"files": true,
diff --git a/core/constants.js b/core/constants.js
index e9e79ba6..4a311782 100644
--- a/core/constants.js
+++ b/core/constants.js
@@ -173,6 +173,15 @@ const WebRequest = {
'EXTRA_HEADERS': 'extraHeaders'
};
+const BlockedRequestMethods = {
+ 'POST': true,
+ 'HEAD': true,
+ 'PUT': true,
+ 'DELETE': true,
+ 'TRACE': true,
+ 'OPTIONS': true,
+};
+
const WebRequestType = {
'MAIN_FRAME': 'main_frame',
'SUB_FRAME': 'sub_frame',
@@ -434,6 +443,7 @@ const LogString = {
'REPLACED_RESOURCE': 'Replaced resource:',
'MISSING_RESOURCE': 'Missing resource:',
'EVIL_RESOURCE_BLOCKED': 'Evil resource blocked:',
+ 'NON_GET_REQUEST_BLOCKED': 'Non-GET-Request blocked',
};
// Supported charsets for TextDecoder()
diff --git a/core/interceptor.js b/core/interceptor.js
index 6fe1daae..4fbf4c7d 100644
--- a/core/interceptor.js
+++ b/core/interceptor.js
@@ -54,6 +54,15 @@ interceptor.handleRequest = function (requestDetails, tabIdentifier, tab) {
tabIdentifier, targetDetails
};
+ // Block POST, HEAD, PUT, DELETE, TRACE, OPTIONS
+ if (BlockedRequestMethods[requestDetails.method]) {
+ console.warn(`${LogString.PREFIX} ${LogString.NON_GET_REQUEST_BLOCKED}`);
+ log.append(tab.url, requestDetails.url, LogString.NON_GET_REQUEST_BLOCKED, true);
+ return {
+ 'cancel': true
+ };
+ }
+
validCandidate = requestAnalyzer.isValidCandidate(requestDetails, tab);
if (!validCandidate) {
return {
diff --git a/pages/updates/updates.html b/pages/updates/updates.html
index 2a981e3c..d5be59b7 100644
--- a/pages/updates/updates.html
+++ b/pages/updates/updates.html
@@ -46,6 +46,10 @@
knockout v3.4.2 (#1210)
knockout.mapping v2.4.1 (#1210)
+ Improved
+
+ - Block all non GET requests to CDN (#1226)
+