armcord/mods/cumcord/background.js
smartfridge 64c6c1f118 2.6.0
2021-11-01 11:47:32 +01:00

42 lines
No EOL
1.2 KiB
JavaScript

const cspAllowAll = [
'connect-src',
'style-src',
'img-src',
'font-src'
];
const corsAllowUrls = [
'https://github.com/GooseMod/GooseMod/releases/download/dev/index.js',
'https://github-releases.githubusercontent.com/',
'https://api.goosemod.com/inject.js',
'https://raw.githubusercontent.com/Cumcord/Cumcord/stable/dist/build.js'
];
chrome.webRequest.onHeadersReceived.addListener(({ responseHeaders, url }) => {
let csp = responseHeaders.find((x) => x.name === 'content-security-policy');
if (csp) {
for (let p of cspAllowAll) {
csp.value = csp.value.replace(`${p}`, `${p} * blob: data:`); // * does not include data: URIs
}
// Fix Discord's broken CSP which disallows unsafe-inline due to having a nonce (which they don't even use?)
csp.value = csp.value.replace(/'nonce-.*?' /, '');
}
if (corsAllowUrls.some((x) => url.startsWith(x))) {
let cors = responseHeaders.find((x) => x.name === 'access-control-allow-origin');
cors.value = '*';
}
return {
responseHeaders
};
},
{
urls: [
'*://*.discord.com/*'
]
},
['blocking', 'responseHeaders']
);