diegodlh/custom_function.js

## custom_function.js
// CSP directives to which Hypothesis will be added as trusted source
let directives = ['script-src', 'style-src', 'font-src', 'frame-src'];

// Hypothesis sources
let hyp_sources = ['hypothes.is', '*.hypothes.is'];

for (const i in val) {
	// where val is the list of http response headers,
	// for each header check if it is a Content Security Policy header
	if (val[i].name.toLowerCase() === 'content-security-policy') {
		let policies = {};
		val[i].value.split(';').forEach(policy => {  // policy directives are separated with ';'
			// for each policy directive,
			// save list of sources under directive's name
			policy = policy.trim().split(' ');  // directive sources are separated with ' '
			let directive = policy[0];
			let sources = policy.slice(1);
			policies[directive] = sources;  // to-do: if directive exists, append
		})

		directives.forEach(directive => {
			// for each directive to which Hypothesis should be added as trusted source
			if (directive in policies) {
				// if directive already exists in the CSP response header,
				// append Hypothesis sources as trusted sources to it
				policies[directive] = policies[directive].concat(hyp_sources);
			} else if ('default-src' in policies) {  // to-do: some directives fall back to others before (e.g. frame-src)
				// if directive was not included in the CSP response header,
				// but the default directive is set to 'none' (meaning that
				// resource types, for which the corresponding fetch directive
				// is absent, should be blocked), add the directive, and
				// append Hypothesis sources as trusted sources to it
				if (policies['default-src'].includes("'none'")) {  // is it always 'none'?
					policies[directive] = hyp_sources;
				}
			}
		})

		// rebuild the csp header value before returning it
		let value = [];
		Object.keys(policies).forEach(directive => {
			value.push([directive].concat(policies[directive]).join(' '));
		})
		value = value.join(';');
		val[i].value = value;
	}
}
	// CSP directives to which Hypothesis will be added as trusted source
	let directives = ['script-src', 'style-src', 'font-src', 'frame-src'];

	// Hypothesis sources
	let hyp_sources = ['hypothes.is', '*.hypothes.is'];

	for (const i in val) {
	// where val is the list of http response headers,
	// for each header check if it is a Content Security Policy header
	if (val[i].name.toLowerCase() === 'content-security-policy') {
	let policies = {};
	val[i].value.split(';').forEach(policy => { // policy directives are separated with ';'
	// for each policy directive,
	// save list of sources under directive's name
	policy = policy.trim().split(' '); // directive sources are separated with ' '
	let directive = policy[0];
	let sources = policy.slice(1);
	policies[directive] = sources; // to-do: if directive exists, append
	})

	directives.forEach(directive => {
	// for each directive to which Hypothesis should be added as trusted source
	if (directive in policies) {
	// if directive already exists in the CSP response header,
	// append Hypothesis sources as trusted sources to it
	policies[directive] = policies[directive].concat(hyp_sources);
	} else if ('default-src' in policies) { // to-do: some directives fall back to others before (e.g. frame-src)
	// if directive was not included in the CSP response header,
	// but the default directive is set to 'none' (meaning that
	// resource types, for which the corresponding fetch directive
	// is absent, should be blocked), add the directive, and
	// append Hypothesis sources as trusted sources to it
	if (policies['default-src'].includes("'none'")) { // is it always 'none'?
	policies[directive] = hyp_sources;
	}
	}
	})

	// rebuild the csp header value before returning it
	let value = [];
	Object.keys(policies).forEach(directive => {
	value.push([directive].concat(policies[directive]).join(' '));
	})
	value = value.join(';');
	val[i].value = value;
	}
	}