Monday, 11 June
- Register Content Policy to hook into shouldLoad and shouldProcess methods.
Tuesday, 12 June
- Successfully register Content Policy in XUL extension of Firefox. However, I was not able to register it in Jetpack.
- Did a google search to find a way to inject "X-Content-Security-Policy" header when "shouldProcess" event for Content Policy fires. However, I didn't find any way to achieve this.
Wednesday, 13 June
- Get The document URI when an HTTP response is received to retrieve user specified CSP policy.
- I noticed that this way is not correct, because document URI is not ready when first response is received for a page load.
Thursday, 14 June
- Register for "http-on-examine-response" observer notification.
Friday, 15 June
- Retrieved user specified CSP values from sqlite database for the host name in an HTTP response header.
- Injected "X-Content-Security-Policy" header into an HTTP response using "setResponseHeader" method of nsIHttpChannel interface.