CoreLibs icon indicating copy to clipboard operation
CoreLibs copied to clipboard
verified publisher icon AdguardTeam

Handle SRI integrity issues in JS APIs

Open ameshkov opened this issue 4 years ago • 0 comments

The issue has been originally raised here, but it's wider than that: https://github.com/AdguardTeam/CoreLibs/issues/1539

In order to solve this, we need to override window.fetch and other functions that accept integrity so that we could override it: https://developer.mozilla.org/en-US/docs/Web/API/Request/integrity

Note, that this is not limited just to web pages. We also need to handle service workers as well: https://developers.google.com/web/tools/workbox/reference-docs/latest/module-workbox-precaching#.addRoute https://developers.google.com/web/tools/workbox/reference-docs/latest/module-workbox-precaching#.precacheAndRoute

Patching JS apis on every website is quite dangerous so instead of that I suggest adding a scriptlet that would be able to either suppress integrity check or change it so that AG was doing it.

This also means that we need to have scriptlets that are injected into service workers.

ameshkov avatar Dec 07 '21 15:12 ameshkov