Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle SRI integrity issues in JS APIs #1562

Open
ameshkov opened this issue Dec 7, 2021 · 0 comments
Open

Handle SRI integrity issues in JS APIs #1562

ameshkov opened this issue Dec 7, 2021 · 0 comments
Labels
Enhancement Priority: P4

Comments

@ameshkov
Copy link
Member

ameshkov commented Dec 7, 2021
edited
Loading

The issue has been originally raised here, but it's wider than that:
#1539

In order to solve this, we need to override window.fetch and other functions that accept integrity so that we could override it:
https://developer.mozilla.org/en-US/docs/Web/API/Request/integrity

Note, that this is not limited just to web pages. We also need to handle service workers as well:
https://developers.google.com/web/tools/workbox/reference-docs/latest/module-workbox-precaching#.addRoute
https://developers.google.com/web/tools/workbox/reference-docs/latest/module-workbox-precaching#.precacheAndRoute

Patching JS apis on every website is quite dangerous so instead of that I suggest adding a scriptlet that would be able to either suppress integrity check or change it so that AG was doing it.

This also means that we need to have scriptlets that are injected into service workers.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement Priority: P4
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ameshkov @adguard-bot