Add --vanilla flag, strip csp on mainFrame only
This commit is contained in:
parent
daf3a1dcac
commit
b9e9d9bd64
164
src/patcher.ts
164
src/patcher.ts
@ -42,98 +42,102 @@ require.main!.filename = join(asarPath, discordPkg.main);
|
|||||||
// @ts-ignore Untyped method? Dies from cringe
|
// @ts-ignore Untyped method? Dies from cringe
|
||||||
app.setAppPath(asarPath);
|
app.setAppPath(asarPath);
|
||||||
|
|
||||||
// Repatch after host updates on Windows
|
if (!process.argv.includes("--vanilla")) {
|
||||||
if (process.platform === "win32")
|
// Repatch after host updates on Windows
|
||||||
require("./patchWin32Updater");
|
if (process.platform === "win32")
|
||||||
|
require("./patchWin32Updater");
|
||||||
|
|
||||||
class BrowserWindow extends electron.BrowserWindow {
|
class BrowserWindow extends electron.BrowserWindow {
|
||||||
constructor(options: BrowserWindowConstructorOptions) {
|
constructor(options: BrowserWindowConstructorOptions) {
|
||||||
if (options?.webPreferences?.preload && options.title) {
|
if (options?.webPreferences?.preload && options.title) {
|
||||||
const original = options.webPreferences.preload;
|
const original = options.webPreferences.preload;
|
||||||
options.webPreferences.preload = join(__dirname, "preload.js");
|
options.webPreferences.preload = join(__dirname, "preload.js");
|
||||||
options.webPreferences.sandbox = false;
|
options.webPreferences.sandbox = false;
|
||||||
|
|
||||||
process.env.DISCORD_PRELOAD = original;
|
process.env.DISCORD_PRELOAD = original;
|
||||||
|
|
||||||
super(options);
|
super(options);
|
||||||
initIpc(this);
|
initIpc(this);
|
||||||
} else super(options);
|
} else super(options);
|
||||||
}
|
|
||||||
}
|
|
||||||
Object.assign(BrowserWindow, electron.BrowserWindow);
|
|
||||||
// esbuild may rename our BrowserWindow, which leads to it being excluded
|
|
||||||
// from getFocusedWindow(), so this is necessary
|
|
||||||
// https://github.com/discord/electron/blob/13-x-y/lib/browser/api/browser-window.ts#L60-L62
|
|
||||||
Object.defineProperty(BrowserWindow, "name", { value: "BrowserWindow", configurable: true });
|
|
||||||
|
|
||||||
// Replace electrons exports with our custom BrowserWindow
|
|
||||||
const electronPath = require.resolve("electron");
|
|
||||||
delete require.cache[electronPath]!.exports;
|
|
||||||
require.cache[electronPath]!.exports = {
|
|
||||||
...electron,
|
|
||||||
BrowserWindow
|
|
||||||
};
|
|
||||||
|
|
||||||
// Patch appSettings to force enable devtools
|
|
||||||
onceDefined(global, "appSettings", s =>
|
|
||||||
s.set("DANGEROUS_ENABLE_DEVTOOLS_ONLY_ENABLE_IF_YOU_KNOW_WHAT_YOURE_DOING", true)
|
|
||||||
);
|
|
||||||
|
|
||||||
process.env.DATA_DIR = join(app.getPath("userData"), "..", "Vencord");
|
|
||||||
|
|
||||||
electron.app.whenReady().then(() => {
|
|
||||||
// Source Maps! Maybe there's a better way but since the renderer is executed
|
|
||||||
// from a string I don't think any other form of sourcemaps would work
|
|
||||||
electron.protocol.registerFileProtocol("vencord", ({ url: unsafeUrl }, cb) => {
|
|
||||||
let url = unsafeUrl.slice("vencord://".length);
|
|
||||||
if (url.endsWith("/")) url = url.slice(0, -1);
|
|
||||||
switch (url) {
|
|
||||||
case "renderer.js.map":
|
|
||||||
case "preload.js.map":
|
|
||||||
case "patcher.js.map": // doubt
|
|
||||||
cb(join(__dirname, url));
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
cb({ statusCode: 403 });
|
|
||||||
}
|
}
|
||||||
});
|
}
|
||||||
|
Object.assign(BrowserWindow, electron.BrowserWindow);
|
||||||
|
// esbuild may rename our BrowserWindow, which leads to it being excluded
|
||||||
|
// from getFocusedWindow(), so this is necessary
|
||||||
|
// https://github.com/discord/electron/blob/13-x-y/lib/browser/api/browser-window.ts#L60-L62
|
||||||
|
Object.defineProperty(BrowserWindow, "name", { value: "BrowserWindow", configurable: true });
|
||||||
|
|
||||||
try {
|
// Replace electrons exports with our custom BrowserWindow
|
||||||
const settings = JSON.parse(readSettings());
|
const electronPath = require.resolve("electron");
|
||||||
if (settings.enableReactDevtools)
|
delete require.cache[electronPath]!.exports;
|
||||||
installExt("fmkadmapgofadopljbjfkapdkoienihi")
|
require.cache[electronPath]!.exports = {
|
||||||
.then(() => console.info("[Vencord] Installed React Developer Tools"))
|
...electron,
|
||||||
.catch(err => console.error("[Vencord] Failed to install React Developer Tools", err));
|
BrowserWindow
|
||||||
} catch { }
|
};
|
||||||
|
|
||||||
|
// Patch appSettings to force enable devtools
|
||||||
|
onceDefined(global, "appSettings", s =>
|
||||||
|
s.set("DANGEROUS_ENABLE_DEVTOOLS_ONLY_ENABLE_IF_YOU_KNOW_WHAT_YOURE_DOING", true)
|
||||||
|
);
|
||||||
|
|
||||||
// Remove CSP
|
process.env.DATA_DIR = join(app.getPath("userData"), "..", "Vencord");
|
||||||
function patchCsp(headers: Record<string, string[]>, header: string) {
|
|
||||||
if (header in headers) {
|
electron.app.whenReady().then(() => {
|
||||||
let patchedHeader = headers[header][0];
|
// Source Maps! Maybe there's a better way but since the renderer is executed
|
||||||
for (const directive of ["style-src", "connect-src", "img-src", "font-src", "media-src"]) {
|
// from a string I don't think any other form of sourcemaps would work
|
||||||
patchedHeader = patchedHeader.replace(new RegExp(`${directive}.+?;`), `${directive} * blob: data: 'unsafe-inline';`);
|
electron.protocol.registerFileProtocol("vencord", ({ url: unsafeUrl }, cb) => {
|
||||||
|
let url = unsafeUrl.slice("vencord://".length);
|
||||||
|
if (url.endsWith("/")) url = url.slice(0, -1);
|
||||||
|
switch (url) {
|
||||||
|
case "renderer.js.map":
|
||||||
|
case "preload.js.map":
|
||||||
|
case "patcher.js.map": // doubt
|
||||||
|
cb(join(__dirname, url));
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
cb({ statusCode: 403 });
|
||||||
}
|
}
|
||||||
// TODO: Restrict this to only imported packages with fixed version.
|
});
|
||||||
// Perhaps auto generate with esbuild
|
|
||||||
patchedHeader = patchedHeader.replace(/script-src.+?(?=;)/, "$& 'unsafe-eval' https://unpkg.com https://cdnjs.cloudflare.com");
|
|
||||||
headers[header] = [patchedHeader];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
electron.session.defaultSession.webRequest.onHeadersReceived(({ responseHeaders, url }, cb) => {
|
try {
|
||||||
if (responseHeaders) {
|
const settings = JSON.parse(readSettings());
|
||||||
patchCsp(responseHeaders, "content-security-policy");
|
if (settings.enableReactDevtools)
|
||||||
patchCsp(responseHeaders, "content-security-policy-report-only");
|
installExt("fmkadmapgofadopljbjfkapdkoienihi")
|
||||||
|
.then(() => console.info("[Vencord] Installed React Developer Tools"))
|
||||||
|
.catch(err => console.error("[Vencord] Failed to install React Developer Tools", err));
|
||||||
|
} catch { }
|
||||||
|
|
||||||
// Fix hosts that don't properly set the content type, such as
|
|
||||||
// raw.githubusercontent.com
|
// Remove CSP
|
||||||
if (url.endsWith(".css"))
|
function patchCsp(headers: Record<string, string[]>, header: string) {
|
||||||
responseHeaders["content-type"] = ["text/css"];
|
if (header in headers) {
|
||||||
|
let patchedHeader = headers[header][0];
|
||||||
|
for (const directive of ["style-src", "connect-src", "img-src", "font-src", "media-src"]) {
|
||||||
|
patchedHeader = patchedHeader.replace(new RegExp(`${directive}.+?;`), `${directive} * blob: data: 'unsafe-inline';`);
|
||||||
|
}
|
||||||
|
// TODO: Restrict this to only imported packages with fixed version.
|
||||||
|
// Perhaps auto generate with esbuild
|
||||||
|
patchedHeader = patchedHeader.replace(/script-src.+?(?=;)/, "$& 'unsafe-eval' https://unpkg.com https://cdnjs.cloudflare.com");
|
||||||
|
headers[header] = [patchedHeader];
|
||||||
|
}
|
||||||
}
|
}
|
||||||
cb({ cancel: false, responseHeaders });
|
|
||||||
|
electron.session.defaultSession.webRequest.onHeadersReceived(({ responseHeaders, resourceType }, cb) => {
|
||||||
|
if (responseHeaders) {
|
||||||
|
if (resourceType === "mainFrame")
|
||||||
|
patchCsp(responseHeaders, "content-security-policy");
|
||||||
|
|
||||||
|
// Fix hosts that don't properly set the css content type, such as
|
||||||
|
// raw.githubusercontent.com
|
||||||
|
if (resourceType === "stylesheet")
|
||||||
|
responseHeaders["content-type"] = ["text/css"];
|
||||||
|
}
|
||||||
|
cb({ cancel: false, responseHeaders });
|
||||||
|
});
|
||||||
});
|
});
|
||||||
});
|
} else {
|
||||||
|
console.log("[Vencord] Running in vanilla mode. Not loading Vencord");
|
||||||
|
}
|
||||||
|
|
||||||
console.log("[Vencord] Loading original Discord app.asar");
|
console.log("[Vencord] Loading original Discord app.asar");
|
||||||
// Legacy Vencord Injector requires "../app.asar". However, because we
|
// Legacy Vencord Injector requires "../app.asar". However, because we
|
||||||
|
Loading…
Reference in New Issue
Block a user