open.source/stylus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixup! styleViaXhr: allow cookies for sandbox CSP

Browse Source
This commit is contained in:
tophf 2020-11-15 12:16:58 +03:00
parent 89ec4f352a
commit f4a4b05b6e
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
background/style-via-xhr.js
View File

@ -78,11 +78,11 @@ CHROME && (async () => {
name: 'Set-Cookie', name: 'Set-Cookie',
value: `${chrome.runtime.id}=${prefs.get('disableAll') ? 1 : 0}${blobId}`, value: `${chrome.runtime.id}=${prefs.get('disableAll') ? 1 : 0}${blobId}`,
}); });
// allow cookies or strip sandbox from CSP (known case: raw github urls) // allow cookies for sandbox CSP (known case: raw github urls)
for (const h of responseHeaders) { for (const h of responseHeaders) {
if (h.name.toLowerCase() === 'content-security-policy' && h.value.includes('sandbox')) { if (h.name.toLowerCase() === 'content-security-policy' && h.value.includes('sandbox')) {
h.value = h.value.replace(/((?:^|;)\s*sandbox)(\s+[^;]+)?\s*(?=;|$)/, h.value = h.value.replace(/(?:^|;)\s*sandbox(\s+[^;]*|)(?=;|$)/, (s, allow) =>
(_, a, b) => !b || b === 'allow-same-origin' ? `${a} allow-same-origin` : ''); allow.split(/\s+/).includes('allow-same-origin') ? s : `${s} allow-same-origin`);
break; break;
} }
} }