diff --git a/background/style-via-xhr.js b/background/style-via-xhr.js index 74498c3d..b118e5e4 100644 --- a/background/style-via-xhr.js +++ b/background/style-via-xhr.js @@ -78,10 +78,11 @@ CHROME && (async () => { name: 'Set-Cookie', value: `${chrome.runtime.id}=${prefs.get('disableAll') ? 1 : 0}${blobId}`, }); - // allow cookies for sandbox CSP (known case: raw github urls) + // allow cookies or strip sandbox from CSP (known case: raw github urls) for (const h of responseHeaders) { if (h.name.toLowerCase() === 'content-security-policy' && h.value.includes('sandbox')) { - h.value = h.value.replace(/((^|;)\s*sandbox)(\s+[^;]+)?\s*(?=;|$)/, '$1 allow-same-origin'); + h.value = h.value.replace(/((?:^|;)\s*sandbox)(\s+[^;]+)?\s*(?=;|$)/, + (_, a, b) => !b || b === 'allow-same-origin' ? `${a} allow-same-origin` : ''); break; } }