Add --vanilla flag, strip csp on mainFrame only

This commit is contained in:
Vendicated 2022-12-02 14:10:40 +01:00
parent daf3a1dcac
commit b9e9d9bd64
No known key found for this signature in database
GPG Key ID: EC781ADFB93EFFA3

@ -42,98 +42,102 @@ require.main!.filename = join(asarPath, discordPkg.main);
// @ts-ignore Untyped method? Dies from cringe
app.setAppPath(asarPath);
// Repatch after host updates on Windows
if (process.platform === "win32")
require("./patchWin32Updater");
if (!process.argv.includes("--vanilla")) {
// Repatch after host updates on Windows
if (process.platform === "win32")
require("./patchWin32Updater");
class BrowserWindow extends electron.BrowserWindow {
constructor(options: BrowserWindowConstructorOptions) {
if (options?.webPreferences?.preload && options.title) {
const original = options.webPreferences.preload;
options.webPreferences.preload = join(__dirname, "preload.js");
options.webPreferences.sandbox = false;
class BrowserWindow extends electron.BrowserWindow {
constructor(options: BrowserWindowConstructorOptions) {
if (options?.webPreferences?.preload && options.title) {
const original = options.webPreferences.preload;
options.webPreferences.preload = join(__dirname, "preload.js");
options.webPreferences.sandbox = false;
process.env.DISCORD_PRELOAD = original;
process.env.DISCORD_PRELOAD = original;
super(options);
initIpc(this);
} else super(options);
}
}
Object.assign(BrowserWindow, electron.BrowserWindow);
// esbuild may rename our BrowserWindow, which leads to it being excluded
// from getFocusedWindow(), so this is necessary
// https://github.com/discord/electron/blob/13-x-y/lib/browser/api/browser-window.ts#L60-L62
Object.defineProperty(BrowserWindow, "name", { value: "BrowserWindow", configurable: true });
// Replace electrons exports with our custom BrowserWindow
const electronPath = require.resolve("electron");
delete require.cache[electronPath]!.exports;
require.cache[electronPath]!.exports = {
...electron,
BrowserWindow
};
// Patch appSettings to force enable devtools
onceDefined(global, "appSettings", s =>
s.set("DANGEROUS_ENABLE_DEVTOOLS_ONLY_ENABLE_IF_YOU_KNOW_WHAT_YOURE_DOING", true)
);
process.env.DATA_DIR = join(app.getPath("userData"), "..", "Vencord");
electron.app.whenReady().then(() => {
// Source Maps! Maybe there's a better way but since the renderer is executed
// from a string I don't think any other form of sourcemaps would work
electron.protocol.registerFileProtocol("vencord", ({ url: unsafeUrl }, cb) => {
let url = unsafeUrl.slice("vencord://".length);
if (url.endsWith("/")) url = url.slice(0, -1);
switch (url) {
case "renderer.js.map":
case "preload.js.map":
case "patcher.js.map": // doubt
cb(join(__dirname, url));
break;
default:
cb({ statusCode: 403 });
super(options);
initIpc(this);
} else super(options);
}
});
}
Object.assign(BrowserWindow, electron.BrowserWindow);
// esbuild may rename our BrowserWindow, which leads to it being excluded
// from getFocusedWindow(), so this is necessary
// https://github.com/discord/electron/blob/13-x-y/lib/browser/api/browser-window.ts#L60-L62
Object.defineProperty(BrowserWindow, "name", { value: "BrowserWindow", configurable: true });
try {
const settings = JSON.parse(readSettings());
if (settings.enableReactDevtools)
installExt("fmkadmapgofadopljbjfkapdkoienihi")
.then(() => console.info("[Vencord] Installed React Developer Tools"))
.catch(err => console.error("[Vencord] Failed to install React Developer Tools", err));
} catch { }
// Replace electrons exports with our custom BrowserWindow
const electronPath = require.resolve("electron");
delete require.cache[electronPath]!.exports;
require.cache[electronPath]!.exports = {
...electron,
BrowserWindow
};
// Patch appSettings to force enable devtools
onceDefined(global, "appSettings", s =>
s.set("DANGEROUS_ENABLE_DEVTOOLS_ONLY_ENABLE_IF_YOU_KNOW_WHAT_YOURE_DOING", true)
);
// Remove CSP
function patchCsp(headers: Record<string, string[]>, header: string) {
if (header in headers) {
let patchedHeader = headers[header][0];
for (const directive of ["style-src", "connect-src", "img-src", "font-src", "media-src"]) {
patchedHeader = patchedHeader.replace(new RegExp(`${directive}.+?;`), `${directive} * blob: data: 'unsafe-inline';`);
process.env.DATA_DIR = join(app.getPath("userData"), "..", "Vencord");
electron.app.whenReady().then(() => {
// Source Maps! Maybe there's a better way but since the renderer is executed
// from a string I don't think any other form of sourcemaps would work
electron.protocol.registerFileProtocol("vencord", ({ url: unsafeUrl }, cb) => {
let url = unsafeUrl.slice("vencord://".length);
if (url.endsWith("/")) url = url.slice(0, -1);
switch (url) {
case "renderer.js.map":
case "preload.js.map":
case "patcher.js.map": // doubt
cb(join(__dirname, url));
break;
default:
cb({ statusCode: 403 });
}
// TODO: Restrict this to only imported packages with fixed version.
// Perhaps auto generate with esbuild
patchedHeader = patchedHeader.replace(/script-src.+?(?=;)/, "$& 'unsafe-eval' https://unpkg.com https://cdnjs.cloudflare.com");
headers[header] = [patchedHeader];
}
}
});
electron.session.defaultSession.webRequest.onHeadersReceived(({ responseHeaders, url }, cb) => {
if (responseHeaders) {
patchCsp(responseHeaders, "content-security-policy");
patchCsp(responseHeaders, "content-security-policy-report-only");
try {
const settings = JSON.parse(readSettings());
if (settings.enableReactDevtools)
installExt("fmkadmapgofadopljbjfkapdkoienihi")
.then(() => console.info("[Vencord] Installed React Developer Tools"))
.catch(err => console.error("[Vencord] Failed to install React Developer Tools", err));
} catch { }
// Fix hosts that don't properly set the content type, such as
// raw.githubusercontent.com
if (url.endsWith(".css"))
responseHeaders["content-type"] = ["text/css"];
// Remove CSP
function patchCsp(headers: Record<string, string[]>, header: string) {
if (header in headers) {
let patchedHeader = headers[header][0];
for (const directive of ["style-src", "connect-src", "img-src", "font-src", "media-src"]) {
patchedHeader = patchedHeader.replace(new RegExp(`${directive}.+?;`), `${directive} * blob: data: 'unsafe-inline';`);
}
// TODO: Restrict this to only imported packages with fixed version.
// Perhaps auto generate with esbuild
patchedHeader = patchedHeader.replace(/script-src.+?(?=;)/, "$& 'unsafe-eval' https://unpkg.com https://cdnjs.cloudflare.com");
headers[header] = [patchedHeader];
}
}
cb({ cancel: false, responseHeaders });
electron.session.defaultSession.webRequest.onHeadersReceived(({ responseHeaders, resourceType }, cb) => {
if (responseHeaders) {
if (resourceType === "mainFrame")
patchCsp(responseHeaders, "content-security-policy");
// Fix hosts that don't properly set the css content type, such as
// raw.githubusercontent.com
if (resourceType === "stylesheet")
responseHeaders["content-type"] = ["text/css"];
}
cb({ cancel: false, responseHeaders });
});
});
});
} else {
console.log("[Vencord] Running in vanilla mode. Not loading Vencord");
}
console.log("[Vencord] Loading original Discord app.asar");
// Legacy Vencord Injector requires "../app.asar". However, because we