Modify CSP instead of deleting it

This commit is contained in:
Vendicated 2022-11-02 22:15:55 +01:00
parent a7795533df
commit c20dc269d2
No known key found for this signature in database
GPG Key ID: EC781ADFB93EFFA3

@ -111,11 +111,25 @@ electron.app.whenReady().then(() => {
.catch(err => console.error("[Vencord] Failed to install React Developer Tools", err)); .catch(err => console.error("[Vencord] Failed to install React Developer Tools", err));
} catch { } } catch { }
// Remove CSP // Remove CSP
function patchCsp(headers: Record<string, string[]>, header: string) {
if (header in headers) {
let patchedHeader = headers[header][0];
for (const directive of ["style-src", "connect-src", "img-src", "font-src"]) {
patchedHeader = patchedHeader.replace(new RegExp(`${directive}.+?;`), `${directive} * blob: data: 'unsafe-inline';`);
}
// TODO: Restrict this to only imported packages with fixed version.
// Perhaps auto generate with esbuild
patchedHeader = patchedHeader.replace(/script-src.+?(?=;)/, "$& 'unsafe-eval' https://unpkg.com https://cdnjs.cloudflare.com");
headers[header] = [patchedHeader];
}
}
electron.session.defaultSession.webRequest.onHeadersReceived(({ responseHeaders, url }, cb) => { electron.session.defaultSession.webRequest.onHeadersReceived(({ responseHeaders, url }, cb) => {
if (responseHeaders) { if (responseHeaders) {
delete responseHeaders["content-security-policy-report-only"]; patchCsp(responseHeaders, "content-security-policy");
delete responseHeaders["content-security-policy"]; patchCsp(responseHeaders, "content-security-policy-report-only");
// Fix hosts that don't properly set the content type, such as // Fix hosts that don't properly set the content type, such as
// raw.githubusercontent.com // raw.githubusercontent.com