mirror of
https://github.com/aureliendavid/rsspreview.git
synced 2025-08-22 19:28:39 +00:00
csp bypass: remove nonce and hash directives (#78)
This commit is contained in:
parent
722c8e6054
commit
910f4a4cb4
@ -105,8 +105,14 @@ function patchCSP(csp) {
|
|||||||
|
|
||||||
let stylesrc = parsed_csp['style-src'] || [];
|
let stylesrc = parsed_csp['style-src'] || [];
|
||||||
if (! stylesrc.includes("'unsafe-inline'") ) {
|
if (! stylesrc.includes("'unsafe-inline'") ) {
|
||||||
stylesrc.push("'unsafe-inline'");
|
let newstylesrc = ["'unsafe-inline'"];
|
||||||
parsed_csp['style-src'] = stylesrc;
|
|
||||||
|
for (let src of stylesrc) {
|
||||||
|
if (!src.startsWith("'nonce") && !src.startsWith('sha'))
|
||||||
|
newstylesrc.push(src);
|
||||||
|
}
|
||||||
|
|
||||||
|
parsed_csp['style-src'] = newstylesrc;
|
||||||
|
|
||||||
let new_csp = "";
|
let new_csp = "";
|
||||||
|
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
"manifest_version": 2,
|
"manifest_version": 2,
|
||||||
"name": "RSSPreview",
|
"name": "RSSPreview",
|
||||||
"version": "3.20",
|
"version": "3.20.1",
|
||||||
"author": "Aurelien David",
|
"author": "Aurelien David",
|
||||||
"homepage_url": "https://github.com/aureliendavid/rsspreview",
|
"homepage_url": "https://github.com/aureliendavid/rsspreview",
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user