From b3763e55526ab7b5b8874e0dd009cbd4b0c60d33 Mon Sep 17 00:00:00 2001
From: Simon Cheng <simoncheng559@gmail.com>
Date: Tue, 9 Nov 2021 18:00:27 -0500
Subject: [PATCH] fix case that site uses meta tags instead of headers for
 content-security-policy

---
 nginx.conf | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/nginx.conf b/nginx.conf
index 8ca5fe56..4ab3b219 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -270,25 +270,30 @@ http {
                 # 5. rewrite 'integrity="' to 'nointegrity=' to disable script integrity checking
                 sub_filter 'integrity="' 'nointegrity="';
 
+                # 6. disable meta tag's Content-Security-Policy
+                sub_filter 'http-equiv="Content-Security-Policy"' 'http-equiv="No-U-Content-Security-Policy"';
+
                 # do the same thing but instead of ", do '
-                # # 1.
+                # 1.
                 sub_filter "<script src='//" "<script $processed_flag_attribute src='/main/js_/$relativescheme://";
                 sub_filter "<script type='text/javascript' src='//" "<script type='text/javascript' $processed_flag_attribute src='/main/js_/$relativescheme://";
                 sub_filter "src='//" "$processed_flag_attribute src='/main/$relativescheme://";
-                # # 2.
+                # 2.
                 sub_filter "<script src='/" "<script $processed_flag_attribute src='/main/js_/$dest_hostwithscheme/";
                 sub_filter "<script type='text/javascript' src='/" "<script type='text/javascript' $processed_flag_attribute src='/main/js_/$dest_hostwithscheme/";
                 sub_filter "src='/" "$processed_flag_attribute src='/main/$dest_hostwithscheme/";
-                # # 3.
+                # 3.
                 sub_filter "<script src='https://" "<script $processed_flag_attribute src='/main/js_/https://";
                 sub_filter "<script type='text/javascript' src='https://" "<script type='text/javascript' $processed_flag_attribute src='/main/js_/https://";
                 sub_filter "src='https://" "$processed_flag_attribute src='/main/https://";
-                # # 4.
+                # 4.
                 sub_filter "<script src='http://" "<script $processed_flag_attribute src='/main/js_/http://";
                 sub_filter "<script type='text/javascript' src='http://" "<script type='text/javascript' $processed_flag_attribute src='/main/js_/http://";
                 sub_filter "src='http://" "$processed_flag_attribute src='/main/http://";
-                # # 5.
+                # 5.
                 sub_filter "integrity='" "nointegrity='";
+                # 6. disable meta tag's Content-Security-Policy
+                sub_filter "http-equiv='Content-Security-Policy'" "http-equiv='No-U-Content-Security-Policy'";
 
 
                 # insert wombat.js and wombat-handler.js scripts