mirror of
https://github.com/smartfrigde/armcord.git
synced 2024-08-14 23:56:58 +00:00
42 lines
1.2 KiB
JavaScript
42 lines
1.2 KiB
JavaScript
|
const cspAllowAll = [
|
||
|
|
'connect-src',
|
||
|
|
'style-src',
|
||
|
|
'img-src',
|
||
|
|
'font-src'
|
||
|
|
];
|
||
|
|
const corsAllowUrls = [
|
||
|
|
'https://github.com/GooseMod/GooseMod/releases/download/dev/index.js',
|
||
|
|
'https://github-releases.githubusercontent.com/',
|
||
|
|
'https://api.goosemod.com/inject.js',
|
||
|
|
'https://raw.githubusercontent.com/Cumcord/Cumcord/stable/dist/build.js'
|
||
|
|
];
|
||
|
|
|
||
|
|
chrome.webRequest.onHeadersReceived.addListener(({ responseHeaders, url }) => {
|
||
|
|
let csp = responseHeaders.find((x) => x.name === 'content-security-policy');
|
||
|
|
|
||
|
|
if (csp) {
|
||
|
|
for (let p of cspAllowAll) {
|
||
|
|
csp.value = csp.value.replace(`${p}`, `${p} * blob: data:`); // * does not include data: URIs
|
||
|
|
}
|
||
|
|
|
||
|
|
// Fix Discord's broken CSP which disallows unsafe-inline due to having a nonce (which they don't even use?)
|
||
|
|
csp.value = csp.value.replace(/'nonce-.*?' /, '');
|
||
|
|
}
|
||
|
|
if (corsAllowUrls.some((x) => url.startsWith(x))) {
|
||
|
|
let cors = responseHeaders.find((x) => x.name === 'access-control-allow-origin');
|
||
|
|
cors.value = '*';
|
||
|
|
}
|
||
|
|
return {
|
||
|
|
responseHeaders
|
||
|
|
};
|
||
|
|
|
||
|
|
},
|
||
|
|
|
||
|
|
{
|
||
|
|
urls: [
|
||
|
|
'*://*.discord.com/*'
|
||
|
|
]
|
||
|
|
},
|
||
|
|
|
||
|
|
['blocking', 'responseHeaders']
|
||
|
|
);
|