Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Domain restrictions semantics #1474

Closed
ameshkov opened this issue Sep 9, 2019 · 1 comment
Closed

Domain restrictions semantics #1474

ameshkov opened this issue Sep 9, 2019 · 1 comment
Assignees
@maximtop
Labels
Enhancement P3: Medium
Milestone
3.3

Comments

@ameshkov
Copy link
Member

ameshkov commented Sep 9, 2019
edited
Loading

If the following conditions are true:

  • pattern === ANY_URL
  • domain resriction is not empty
  • resource type ===(SUB)DOCUMENT

Then use the host of the request URL to check domain restrictions.

Test rules:

  • $csp=script-src 'none',domain=example.org
  • $cookie=test,domain=example.org
In the case when there's no "source" hostname, `$domain` should be checked against the request's host.
@ameshkov ameshkov added this to the 3.3 milestone Sep 9, 2019
@ameshkov
Copy link
Member Author

ameshkov commented Sep 9, 2019

Currently, we have a workaround for rules with empty pattern and a domain restriction (i.e. $cookie,domain=yandex.ru). We won't need it anymore if we implement this change.

This was referenced Oct 1, 2019
Open
Closed
@zzebrum zzebrum closed this as completed Oct 23, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@maximtop maximtop

Labels
Enhancement P3: Medium
Projects
None yet
Milestone
3.3
Development

No branches or pull requests
3 participants
@ameshkov @maximtop @zzebrum