aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorVendicated <vendicated@riseup.net>2022-11-02 22:15:55 +0100
committerVendicated <vendicated@riseup.net>2022-11-02 22:15:55 +0100
commitc20dc269d27414c140be305a827c3a20fd94bacc (patch)
tree41e194591380c067ea87a8dfa8f6de425b3fbb71 /src
parenta7795533df4cced213a97fd5de268c6c3fe2c91c (diff)
downloadVencord-c20dc269d27414c140be305a827c3a20fd94bacc.tar.gz
Vencord-c20dc269d27414c140be305a827c3a20fd94bacc.tar.bz2
Vencord-c20dc269d27414c140be305a827c3a20fd94bacc.zip
Modify CSP instead of deleting it
Diffstat (limited to 'src')
-rw-r--r--src/patcher.ts18
1 files changed, 16 insertions, 2 deletions
diff --git a/src/patcher.ts b/src/patcher.ts
index 85f493b..c25505a 100644
--- a/src/patcher.ts
+++ b/src/patcher.ts
@@ -111,11 +111,25 @@ electron.app.whenReady().then(() => {
.catch(err => console.error("[Vencord] Failed to install React Developer Tools", err));
} catch { }
+
// Remove CSP
+ function patchCsp(headers: Record<string, string[]>, header: string) {
+ if (header in headers) {
+ let patchedHeader = headers[header][0];
+ for (const directive of ["style-src", "connect-src", "img-src", "font-src"]) {
+ patchedHeader = patchedHeader.replace(new RegExp(`${directive}.+?;`), `${directive} * blob: data: 'unsafe-inline';`);
+ }
+ // TODO: Restrict this to only imported packages with fixed version.
+ // Perhaps auto generate with esbuild
+ patchedHeader = patchedHeader.replace(/script-src.+?(?=;)/, "$& 'unsafe-eval' https://unpkg.com https://cdnjs.cloudflare.com");
+ headers[header] = [patchedHeader];
+ }
+ }
+
electron.session.defaultSession.webRequest.onHeadersReceived(({ responseHeaders, url }, cb) => {
if (responseHeaders) {
- delete responseHeaders["content-security-policy-report-only"];
- delete responseHeaders["content-security-policy"];
+ patchCsp(responseHeaders, "content-security-policy");
+ patchCsp(responseHeaders, "content-security-policy-report-only");
// Fix hosts that don't properly set the content type, such as
// raw.githubusercontent.com