1
0
mirror of https://github.com/aureliendavid/rsspreview.git synced 2025-08-22 19:28:39 +00:00

csp bypass: remove nonce and hash directives (#78)

This commit is contained in:
Aurelien David 2023-06-19 21:19:01 +02:00
parent 722c8e6054
commit 910f4a4cb4
2 changed files with 9 additions and 3 deletions

View File

@ -105,8 +105,14 @@ function patchCSP(csp) {
let stylesrc = parsed_csp['style-src'] || []; let stylesrc = parsed_csp['style-src'] || [];
if (! stylesrc.includes("'unsafe-inline'") ) { if (! stylesrc.includes("'unsafe-inline'") ) {
stylesrc.push("'unsafe-inline'"); let newstylesrc = ["'unsafe-inline'"];
parsed_csp['style-src'] = stylesrc;
for (let src of stylesrc) {
if (!src.startsWith("'nonce") && !src.startsWith('sha'))
newstylesrc.push(src);
}
parsed_csp['style-src'] = newstylesrc;
let new_csp = ""; let new_csp = "";

View File

@ -2,7 +2,7 @@
"manifest_version": 2, "manifest_version": 2,
"name": "RSSPreview", "name": "RSSPreview",
"version": "3.20", "version": "3.20.1",
"author": "Aurelien David", "author": "Aurelien David",
"homepage_url": "https://github.com/aureliendavid/rsspreview", "homepage_url": "https://github.com/aureliendavid/rsspreview",