fixup! styleViaXhr: allow cookies for sandbox CSP

background/style-via-xhr.js

@@ -78,11 +78,11 @@ CHROME && (async () => {
         name: 'Set-Cookie',
         value: `${chrome.runtime.id}=${prefs.get('disableAll') ? 1 : 0}${blobId}`,
       });
-      // allow cookies or strip sandbox from CSP (known case: raw github urls)
+      // allow cookies for sandbox CSP (known case: raw github urls)
       for (const h of responseHeaders) {
         if (h.name.toLowerCase() === 'content-security-policy' && h.value.includes('sandbox')) {
-          h.value = h.value.replace(/((?:^|;)\s*sandbox)(\s+[^;]+)?\s*(?=;|$)/,
-            (_, a, b) => !b || b === 'allow-same-origin' ? `${a} allow-same-origin` : '');
+          h.value = h.value.replace(/(?:^|;)\s*sandbox(\s+[^;]*|)(?=;|$)/, (s, allow) =>
+            allow.split(/\s+/).includes('allow-same-origin') ? s : `${s} allow-same-origin`);
           break;
         }
       }