Domain restrictions semantics

Question

Domain restrictions semantics

ameshkov opened this issue 5 years ago · comments

Andrey Meshkov commented 5 years ago

If the following conditions are true:

pattern === ANY_URL
domain resriction is not empty
resource type ===(SUB)DOCUMENT

Then use the host of the request URL to check domain restrictions.

Test rules:

$csp=script-src 'none',domain=example.org
$cookie=test,domain=example.org

~~In the case when there's no "source" hostname, `$domain` should be checked against the request's host.~~

Andrey Meshkov · Answer 1 · Mon Sep 09 2019 21:22:17 GMT+0800 (China Standard Time)

Currently, we have a workaround for rules with empty pattern and a domain restriction (i.e. $cookie,domain=yandex.ru). We won't need it anymore if we implement this change.