├── .gitignore ├── images ├── icon128.png ├── icon48.png ├── icon38-off.png └── icon38-on.png ├── _locales ├── en │ └── messages.json └── en_GB │ └── messages.json ├── README.md ├── CHANGELOG.md ├── manifest.json └── background.js /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | -------------------------------------------------------------------------------- /images/icon128.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/chrome-csp-disable/master/images/icon128.png -------------------------------------------------------------------------------- /images/icon48.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/chrome-csp-disable/master/images/icon48.png -------------------------------------------------------------------------------- /images/icon38-off.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/chrome-csp-disable/master/images/icon38-off.png -------------------------------------------------------------------------------- /images/icon38-on.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/chrome-csp-disable/master/images/icon38-on.png -------------------------------------------------------------------------------- /_locales/en/messages.json: -------------------------------------------------------------------------------- 1 | { 2 | "extDescription": { 3 | "message": "Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.", 4 | "description": "The description of this extention" 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /_locales/en_GB/messages.json: -------------------------------------------------------------------------------- 1 | { 2 | "extDescription": { 3 | "message": "Disable Content-Security-Policy for web application testing. When the icon is coloured, CSP headers are disabled.", 4 | "description": "The description of this extention" 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Disable Content-Security-Policy in Chromium browers for web application testing. 2 | 3 | [Install via the Chrome Web Store](https://chrome.google.com/webstore/detail/disable-content-security/ieelmcmcagommplceebfedjlakkhpden) 4 | 5 | ## Contributors 6 | 7 | * [Phil Grayson](https://github.com/PhilGrayson) 8 | * [Denis Gorbachev](https://github.com/DenisGorbachev) 9 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | 1.0.6 2 | - Fix the extension not working for https://web.whatsapp.com 3 | 4 | 1.0.5 5 | - Fix manifest description being too long from v1.0.4 6 | 7 | 1.0.4 8 | - CSP headers are enabled by default when you install this extension. You must 9 | click the extention's button to disable CSP. 10 | 11 | 1.0.3 12 | - Fixes bad extension packaging of 1.0.2. Do not use 1.0.2. 13 | 14 | 1.0.2 15 | - Make the extension work for iframes. 16 | 17 | 1.0.1 18 | - Initial version. 19 | -------------------------------------------------------------------------------- /manifest.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Disable Content-Security-Policy", 3 | "default_locale": "en", 4 | "description": "__MSG_extDescription__", 5 | "version": "1.0.6", 6 | "author": "Phil Grayson", 7 | "homepage_url": "https://github.com/PhilGrayson/chrome-csp-disable", 8 | "manifest_version": 2, 9 | "permissions": [ 10 | "webRequest", 11 | "webRequestBlocking", 12 | "browsingData", 13 | "http://*/*", 14 | "https://*/*" 15 | ], 16 | "background": { 17 | "scripts": ["background.js"], 18 | "persistent": true 19 | }, 20 | "browser_action": { 21 | "default_title": "Content-Security-Policy headers are enabled", 22 | "default_icon": { 23 | "16": "images/icon38-off.png" 24 | } 25 | }, 26 | "icons": { 27 | "48": "images/icon48.png", 28 | "128": "images/icon128.png" 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /background.js: -------------------------------------------------------------------------------- 1 | var isCSPDisabled = false; 2 | 3 | var onHeadersReceived = function(details) { 4 | if (!isCSPDisabled) { 5 | return; 6 | } 7 | 8 | for (var i = 0; i < details.responseHeaders.length; i++) { 9 | if ('content-security-policy' === details.responseHeaders[i].name.toLowerCase()) { 10 | details.responseHeaders[i].value = ''; 11 | } 12 | } 13 | 14 | return { 15 | responseHeaders: details.responseHeaders 16 | }; 17 | }; 18 | 19 | var updateUI = function() { 20 | var iconName = isCSPDisabled ? 'on' : 'off'; 21 | var title = isCSPDisabled ? 'disabled' : 'enabled'; 22 | 23 | chrome.browserAction.setIcon({ path: "images/icon38-" + iconName + ".png" }); 24 | chrome.browserAction.setTitle({ title: 'Content-Security-Policy headers are ' + title }); 25 | }; 26 | 27 | var filter = { 28 | urls: ["*://*/*"], 29 | types: ["main_frame", "sub_frame"] 30 | }; 31 | 32 | chrome.webRequest.onHeadersReceived.addListener(onHeadersReceived, filter, ["blocking", "responseHeaders"]); 33 | 34 | chrome.browserAction.onClicked.addListener(function() { 35 | isCSPDisabled = !isCSPDisabled; 36 | 37 | if (isCSPDisabled) { 38 | chrome.browsingData.remove({}, {"serviceWorkers": true}, function () {}); 39 | } 40 | 41 | updateUI() 42 | }); 43 | 44 | updateUI(); 45 | --------------------------------------------------------------------------------