Block bad resources (#703)

2021-09-29 06:50:53 +02:00 · 2021-09-29 06:50:53 +02:00 · e0f8719391
parent f4daff688f
commit e0f8719391
4 changed files with 31 additions and 0 deletions
--- a/.eslintrc
+++ b/.eslintrc
@ -31,6 +31,7 @@
        "BadgeSetting": true,
        "BadgeSettingHTMLFilter": true,
        "BadgeSettingMissingResource": true,
+        "BadResources": true,

        "fileGuard": true,
        "files": true,
--- a/core/constants.js
+++ b/core/constants.js
@ -391,6 +391,20 @@ const MathJaxFiles = {
    'jax/output/HTML-CSS/jax.js': true,
 };

+/**
+ * To block bad resources, e.g. fingerprint
+ *
+ * Necessary if the user has selected the option "Block requests for missing
+ * resources Advanced" option is not enabled.
+ *
+ * https://codeberg.org/nobody/LocalCDN/issues/703
+ */
+const BadResources = {
+    'cdn.jsdelivr.net/npm/@fingerprintjs/': true,
+    'cdnjs.cloudflare.com/ajax/libs/fingerprintjs/': true,
+    'cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/': true,
+    'cdnjs.cloudflare.com/ajax/libs/ClientJS/': true,
+};

 // Supported charsets for TextDecoder()
 // https://developer.mozilla.org/en-US/docs/Web/API/TextDecoder/TextDecoder
--- a/core/interceptor.js
+++ b/core/interceptor.js
@ -41,6 +41,14 @@ interceptor.handleRequest = function (requestDetails, tabIdentifier, tab) {
        };
    }

+    if (!interceptor.blockMissing && interceptor._isBadResource(requestDetails.url)) {
+        console.warn(`[ LocalCDN ] Evil resource blocked: ${requestDetails.url}`);
+        log.append(tab.url, requestDetails.url, '-', true);
+        return {
+            'cancel': true
+        };
+    }
+
    targetDetails = requestAnalyzer.getLocalTarget(requestDetails, tab.url);
    targetPath = targetDetails.path;

@ -141,6 +149,10 @@ interceptor._handleStorageChanged = function (changes) {
    }
 };

+interceptor._isBadResource = function (requestUrl) {
+    requestUrl = requestUrl.replace(/(^\w+:|^)\/\//, '');
+    return Object.keys(BadResources).filter((path) => requestUrl.startsWith(path)).length !== 0;
+};

 /**
 * Event Handlers
--- a/pages/updates/updates.html
+++ b/pages/updates/updates.html
@ -33,6 +33,10 @@
                            <li>vue-i18n v8.26.1 -> v8.26.2 (<a href="https://codeberg.org/nobody/LocalCDN/issues/701">#701</a>)</li>
                            <li>findify-bundle v7.1.3 -> v7.1.6 (<a href="https://codeberg.org/nobody/LocalCDN/issues/702">#702</a>)</li>
                        </ul>
+                        <p>Improved</p>
+                        <ul>
+                            <li>Block bad resources (<a href="https://codeberg.org/nobody/LocalCDN/issues/703">#703</a>)</li>
+                        </ul>
                    </div>
                    <div id="generator-section">
                        <div class="topic-label">