From f4a4b05b6e4a11a1210700abd0e2a39f38213fb2 Mon Sep 17 00:00:00 2001
From: tophf <tophf@gmx.com>
Date: Sun, 15 Nov 2020 12:16:58 +0300
Subject: [PATCH] fixup! styleViaXhr: allow cookies for sandbox CSP

---
 background/style-via-xhr.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/background/style-via-xhr.js b/background/style-via-xhr.js
index b118e5e4..cc8d63f7 100644
--- a/background/style-via-xhr.js
+++ b/background/style-via-xhr.js
@@ -78,11 +78,11 @@ CHROME && (async () => {
         name: 'Set-Cookie',
         value: `${chrome.runtime.id}=${prefs.get('disableAll') ? 1 : 0}${blobId}`,
       });
-      // allow cookies or strip sandbox from CSP (known case: raw github urls)
+      // allow cookies for sandbox CSP (known case: raw github urls)
       for (const h of responseHeaders) {
         if (h.name.toLowerCase() === 'content-security-policy' && h.value.includes('sandbox')) {
-          h.value = h.value.replace(/((?:^|;)\s*sandbox)(\s+[^;]+)?\s*(?=;|$)/,
-            (_, a, b) => !b || b === 'allow-same-origin' ? `${a} allow-same-origin` : '');
+          h.value = h.value.replace(/(?:^|;)\s*sandbox(\s+[^;]*|)(?=;|$)/, (s, allow) =>
+            allow.split(/\s+/).includes('allow-same-origin') ? s : `${s} allow-same-origin`);
           break;
         }
       }