From 5610f372bf8cd8ae58b861d6c24ed4da893ff943 Mon Sep 17 00:00:00 2001
From: Cain Atkinson <19270622+yellowsink@users.noreply.github.com>
Date: Sun, 11 Dec 2022 17:59:33 +0000
Subject: [PATCH] Fully remove CSP as opposed to setting custom policies (#293)

* Just remove CSP instead of trying to work with it

* Simplify CSP removal further
---
 src/extensions/mods.ts | 49 +++---------------------------------------
 1 file changed, 3 insertions(+), 46 deletions(-)

diff --git a/src/extensions/mods.ts b/src/extensions/mods.ts
index 30359a1..9da4b18 100644
--- a/src/extensions/mods.ts
+++ b/src/extensions/mods.ts
@@ -1,55 +1,12 @@
 import electron from "electron";
 import {getConfig} from "../utils";
 
-interface PolicyResult {
-    [key: string]: string[];
-}
-
-const parsePolicy = (policy: string): PolicyResult => {
-    const result: PolicyResult = {};
-    policy.split(";").forEach((directive) => {
-        const [directiveKey, ...directiveValue] = directive.trim().split(/\s+/g);
-        if (directiveKey && !Object.prototype.hasOwnProperty.call(result, directiveKey)) {
-            result[directiveKey] = directiveValue;
-        }
-    });
-    return result;
-};
-
-const stringifyPolicy = (policy: PolicyResult): string =>
-    Object.entries(policy)
-        .filter(([, values]) => values?.length)
-        .map((directive) => directive.flat().join(" "))
-        .join("; ");
-
-const unstrictCSP = async () => {
+const unstrictCSP = () => {
     console.log("Setting up CSP unstricter...");
 
-    const cspAllowAll = ["style-src", "connect-src", "img-src", "font-src", "media-src", "worker-src"];
-
-    const isVencord = await getConfig("mods").then((s) => s.includes("vencord"));
     electron.session.defaultSession.webRequest.onHeadersReceived(({responseHeaders}, done) => {
-        let cspHeaders = responseHeaders!["content-security-policy"];
-
-        if (cspHeaders) {
-            const csp = parsePolicy(cspHeaders[0]);
-
-            for (const directive of cspAllowAll) {
-                csp[directive] = ["*", "blob:", "data:", "'unsafe-inline'"];
-            }
-
-            if (isVencord) {
-                // unpkg and cdnjs are used for QuickCss and some plugins' dependencies (e.g. GifEncoder & APNG for FakeNitro)
-                csp["script-src"] ??= [];
-                csp["script-src"].push("'unsafe-eval'", "https://unpkg.com", "https://cdnjs.cloudflare.com");
-            }
-            // Fix Discord's broken CSP which disallows unsafe-inline due to having a nonce (which they don't even use?)
-            csp["script-src"] = csp["script-src"]?.filter((value) => !value.includes("nonce-"));
-
-            cspHeaders[0] = stringifyPolicy(csp);
-        }
-
-        done({responseHeaders});
+        delete responseHeaders!["content-security-policy"];
+        done({ responseHeaders });
     });
 };