refactor repo to keep non-addon needed code out of the bundled extensions (tests, src data, etc.)

.gitignore

@@ -2,5 +2,4 @@ node_modules/
 .DS_Store
 *.swp
 
-content_scripts/dist/*.js
-web-ext-artifacts/
+dist

add-on/background_scripts/background.js

@@ -133,7 +133,7 @@
         // run in the page.
         const cspDynamicPolicyHeaders = details.responseHeaders
             .filter(httpHeadersLib.isHeaderCSP)
-            .filter(httpHeadersLib.isCSPHeaderSettingStrictDynamic);
+            .filter(httpHeadersLib.isCSPHeaderSettingScriptSrc);
 
         if (cspDynamicPolicyHeaders.length === 1) {
             const [ignore, scriptHash] = proxyBlockLib.generateScriptPayload(
@@ -141,12 +141,12 @@
                 standardsToBlock,
                 shouldLog
             );
-        
+
             const newCSPValue = httpHeadersLib.createCSPInstructionWithHashAllowed(
                 cspDynamicPolicyHeaders[0].value,
                 "sha256-" + scriptHash
             );
-            
+
             if (newCSPValue !== false) {
                 cspDynamicPolicyHeaders[0].value = newCSPValue;
             }
@@ -155,20 +155,15 @@
         // If there is already a set-cookie instruction being issued,
         // don't overwrite it, but add our cookie to the end of it.  Otherwise,
         // create a new set-cookie instruction header.
-        const webAPIStandardsCookie = `${constants.cookieName}=${encodedOptions}`;
-        const setCookieHeaders = details.responseHeaders.filter(httpHeadersLib.isSetCookie);
+        const pathForCookie = window.URI(details.url).pathname();
+        details.responseHeaders.push({
+            name: "Set-Cookie",
+            value: `${constants.cookieName}=${encodedOptions};path=${pathForCookie}`
+        });
 
-        if (setCookieHeaders.length > 0) {
-
-            setCookieHeaders[0].value += "; " + webAPIStandardsCookie;
-
-        } else {
-
-            details.responseHeaders.push({
-                name: "Set-Cookie",
-                value: webAPIStandardsCookie
-            });
-        }
+        details.responseHeaders.forEach((header) => {
+            console.log(header.name + ": " + header.value);
+        });
 
         return {
             responseHeaders: details.responseHeaders

add-on/content_scripts/instrument.js

@@ -14,8 +14,14 @@
     const rootElm = doc.head || doc.documentElement;
 
     const cookieValue = cookies2.get(standardsCookieName);
+    console.log(document.cookie);
+    cookies2.remove(standardsCookieName, {path: window.document.location.pathname});
+    console.log(document.cookie);
+
+    if (!cookieValue) {
+        return;
+    }
     const [standardsToBlock, shouldLog] = cookieEncodingLib.fromCookieValue(cookieValue);
-    cookies2.remove(standardsCookieName);
 
     const [scriptToInject, scriptHash] = proxyBlockLib.generateScriptPayload(
         standards,

add-on/lib/httpheaders.js

@@ -18,7 +18,7 @@
      *   in all other cases.
      */
     const isSetCookie = function (header) {
-        
+
         return (
             header &&
             header.name &&
@@ -26,6 +26,15 @@
         );
     };
 
+    const isNotHTTPOnlySetCookie = function (header) {
+
+        return (
+            header &&
+            header.value &&
+            header.value.toLowerCase().indexOf("httponly") === -1
+        );
+    };
+
     /**
      * Returns a boolean description of whether the given header
      * (in the structure defined by the WebExtension WebRequest API)
@@ -63,12 +72,12 @@
      *   true if the given object is a CSP header that defines a
      *   "strict-dynamic" policy, and false in all other cases.
      */
-    const isCSPHeaderSettingStrictDynamic = function (header) {
+    const isCSPHeaderSettingScriptSrc = function (header) {
 
         return (
             header &&
-            header.name &&
-            header.value.indexOf("'strict-dynamic'") !== -1
+            header.value &&
+            header.value.indexOf("script-src") !== -1
         );
     };
 
@@ -98,7 +107,7 @@
         }
 
         const preSrcScript = cspInstruction.substring(0, indexOfScriptSrc);
-        const postScriptSrc = cspInstruction.substring(indexOfScriptSrc + 10);
+        const postScriptSrc = cspInstruction.substring(indexOfScriptSrc + 11);
         const newInstruction = preSrcScript + "script-src '" + scriptHash + "' " + postScriptSrc;
 
         return newInstruction;
@@ -106,8 +115,9 @@
 
     window.WEB_API_MANAGER.httpHeadersLib = {
         isSetCookie,
+        isNotHTTPOnlySetCookie,
         isHeaderCSP,
-        isCSPHeaderSettingStrictDynamic,
+        isCSPHeaderSettingScriptSrc,
         createCSPInstructionWithHashAllowed
     };
 }());

add-on/lib/init.js

@@ -5,7 +5,7 @@
     "use strict";
     window.WEB_API_MANAGER = {
         constants: {
-            cookieName: "wam-temp-cookie",
+            cookieName: "__wamtc",
             shouldLogKey: "shouldLogKey"
         }
     };

add-on/lib/proxyblock.js

@@ -16,7 +16,7 @@
     // just to make it easier to write and deploy (ie vim highlights
     // it just like any other JS).
     const proxyBlockingFunction = function () {
-        console.log("well it runs");
+
         const settings = window.WEB_API_MANAGER_PAGE;
         const shouldLog = settings.shouldLog;
         const standardsToBlock = settings.toBlock;
@@ -177,7 +177,6 @@
         // it when we're done, and before the page scripts can start running.
         delete window.WEB_API_MANAGER_PAGE;
 
-        console.log("well its done");
         // Last, remove the script tag containing this code from the document,
         // so that the structure of the page looks like what the page author
         // expects / intended.

add-on/lib/storage.js

@@ -14,7 +14,7 @@
 
             // If there are no currently saved domain rules, then create
             // a stubbed out one, using an empty blocking rule set.
-            if (!loadedValues || 
+            if (!loadedValues ||
                     !loadedValues.domainRules ||
                     Object.keys(loadedValues.domainRules).length === 0) {
 

add-on/manifest.json

@@ -34,7 +34,7 @@
         "lib/vendor/js.cookie.js",
         "lib/vendor/sjcl.js",
         "lib/init.js",
-        "data/standards.js",
+        "lib/standards.js",
         "lib/pack.js",
         "lib/cookieencoding.js",
         "lib/proxyblock.js",
@@ -49,7 +49,7 @@
       "lib/vendor/sjcl.js",
       "lib/vendor/URI.js",
       "lib/init.js",
-      "data/standards.js",
+      "lib/standards.js",
       "lib/pack.js",
       "lib/defaults.js",
       "lib/storage.js",

gulpfile.js

@@ -35,5 +35,5 @@ gulp.task('default', function () {
 
     const renderedStandardsModule = builtScriptComment + `window.WEB_API_MANAGER.standards = ${JSON.stringify(combinedStandards)};`;
 
-    fs.writeFileSync("data/standards.js", renderedStandardsModule);
+    fs.writeFileSync("add-on/lib/standards.js", renderedStandardsModule);
 });

package.json

@@ -1,11 +1,12 @@
 {
   "name": "web-api-manager",
-  "version": "0.9.1",
+  "version": "0.9.2",
   "description": "Tools to generate Web API managing browser extensions for Firefox and Chrome.",
   "author": "Peter Snyder <psnyde2@uic.edu> (https://www.cs.uic.edu/~psnyder/)",
   "license": "GPL-3.0",
   "dependencies": {
-    "gulp": "^3.9.1"
+    "gulp": "^3.9.1",
+    "web-ext": "^2.2.2"
   },
   "homepage": "https://github.com/snyderp/web-api-manager",
   "bugs": {
@@ -21,5 +22,9 @@
     "privacy",
     "security"
   ],
-  "contributors": []
+  "contributors": [],
+  "scripts": {
+    "bundle": "web-ext -s add-on -a dist build --overwrite-dest",
+    "firefox": "web-ext -s add-on run"
+  }
 }