Skip to content

Commit

Permalink
csp bypass: remove nonce and hash directives (#78)
Browse files Browse the repository at this point in the history
  • Loading branch information
@aureliendavid
aureliendavid committed Jun 19, 2023
1 parent 722c8e6 commit 910f4a4
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 3 deletions.
10 changes: 8 additions & 2 deletions background.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,8 +105,14 @@ function patchCSP(csp) {

let stylesrc = parsed_csp['style-src'] || [];
if (! stylesrc.includes("'unsafe-inline'") ) {
stylesrc.push("'unsafe-inline'");
parsed_csp['style-src'] = stylesrc;
let newstylesrc = ["'unsafe-inline'"];

for (let src of stylesrc) {
if (!src.startsWith("'nonce") && !src.startsWith('sha'))
newstylesrc.push(src);
}

parsed_csp['style-src'] = newstylesrc;

let new_csp = "";

Expand Down
2 changes: 1 addition & 1 deletion manifest.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

"manifest_version": 2,
"name": "RSSPreview",
"version": "3.20",
"version": "3.20.1",
"author": "Aurelien David",
"homepage_url": "https://github.com/aureliendavid/rsspreview",

Expand Down

0 comments on commit 910f4a4

Please sign in to comment.