.TP
.B LoadProvisional
Fired if a new page is going to opened. No data has been received yet, the load
-may still fail for transport issues.
+may still fail for transport issues. This is the right event to set `content-security-policy'
+setting.
.TP
.B LoadCommited
Fired if first data chunk has arrived, meaning that the necessary transport
.PD
.RE
.TP
+.B content-security-policy (string)
+Prepend a `Content-Security-Policy' HTTP-Header to responses received from server.
+This setting has to be setted early if managed with `autocmd' (at LoadProvisional),
+in order to be managed by webkit.
+
+It could be used to implement a whitelist policy for visited uri.
+
+Note that this setting will not remplace existing headers, but add one.
+
+Please refer to `http://www.w3.org/TR/CSP/' for syntax.
+.RS
+.PP
+Example:
+.PD 0
+.IP ":set content-security-policy=default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'none'"
+Webkit will see the `Content-Security-Policy' header defined with each response.
+.PD
+.RE
+.TP
.B hint-timeout (int)
Timeout before automatically following a non-unique numerical hint. To disable
auto fire of hints, set this value to 0.
void vb_download_external(WebKitWebView *view, WebKitDownload *download, const char *file);
static void download_progress_cp(WebKitDownload *download, GParamSpec *pspec);
static void read_from_stdin(void);
+static void contentsecuritypolicy_request_queued_cb(SoupSession *session, SoupMessage *msg,
+ gpointer data);
/* functions */
#ifdef FEATURE_WGET_PROGRESS_BAR
NULL
);
+ g_signal_connect(vb.session, "request-queued", G_CALLBACK(contentsecuritypolicy_request_queued_cb), NULL);
+
#ifdef FEATURE_NO_SCROLLBARS
WebKitWebFrame *frame = webkit_web_view_get_main_frame(vb.gui.webview);
g_signal_connect(G_OBJECT(frame), "scrollbars-policy-changed", G_CALLBACK(gtk_true), NULL);
g_free(buf);
}
+static void contentsecuritypolicy_request_queued_cb(SoupSession *session, SoupMessage *msg,
+ gpointer data)
+{
+ if (!vb.config.contentsecuritypolicy || g_str_equal("", vb.config.contentsecuritypolicy)) {
+ soup_message_headers_remove(msg->response_headers, "Content-Security-Policy");
+
+ } else {
+ soup_message_headers_replace(msg->response_headers, "Content-Security-Policy",
+ vb.config.contentsecuritypolicy);
+ }
+}
+
static gboolean autocmdOptionArgFunc(const gchar *option_name, const gchar *value, gpointer data, GError **error)
{
vb.config.cmdargs = g_slist_append(vb.config.cmdargs, g_strdup(value));
guint timeoutlen; /* timeout for ambiguous mappings */
gboolean strict_focus;
GHashTable *headers; /* holds user defined header appended to requests */
+ char *contentsecuritypolicy; /* holds user defined Content-Security-Policy */
char *nextpattern; /* regex patter nfor prev link matching */
char *prevpattern; /* regex patter nfor next link matching */
char *file; /* path to the custome config file */
setting_add("history-max-items", TYPE_INTEGER, &i, internal, 0, &vb.config.history_max);
setting_add("editor-command", TYPE_CHAR, &"x-terminal-emulator -e -vi '%s'", NULL, 0, NULL);
setting_add("header", TYPE_CHAR, &"", headers, FLAG_LIST|FLAG_NODUP, NULL);
+ setting_add("content-security-policy", TYPE_CHAR, &"", internal, 0, &vb.config.contentsecuritypolicy);
setting_add("nextpattern", TYPE_CHAR, &"/\\bnext\\b/i,/^(>\\|>>\\|»)$/,/^(>\\|>>\\|»)/,/(>\\|>>\\|»)$/,/\\bmore\\b/i", prevnext, FLAG_LIST|FLAG_NODUP, NULL);
setting_add("previouspattern", TYPE_CHAR, &"/\\bprev\\|previous\\b/i,/^(<\\|<<\\|«)$/,/^(<\\|<<\\|«)/,/(<\\|<<\\|«)$/", prevnext, FLAG_LIST|FLAG_NODUP, NULL);
setting_add("fullscreen", TYPE_BOOLEAN, &off, fullscreen, 0, NULL);
projects / vimb.git / commitdiff