├── icon ├── cola.png ├── cola_128.png ├── cola_48.png └── cola_gray.png ├── manifest.json ├── README.md └── background.js /icon/cola.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WithoutHair/Disable-Content-Security-Policy/HEAD/icon/cola.png -------------------------------------------------------------------------------- /icon/cola_128.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WithoutHair/Disable-Content-Security-Policy/HEAD/icon/cola_128.png -------------------------------------------------------------------------------- /icon/cola_48.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WithoutHair/Disable-Content-Security-Policy/HEAD/icon/cola_48.png -------------------------------------------------------------------------------- /icon/cola_gray.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WithoutHair/Disable-Content-Security-Policy/HEAD/icon/cola_gray.png -------------------------------------------------------------------------------- /manifest.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Disable Content Security Policy", 3 | "description": "A extension that set csp value empty", 4 | "version": "1.0.0", 5 | "author": "Mywait", 6 | "homepage_url": "https://github.com/WithoutHair/Disable-Content-Security-Policy", 7 | "manifest_version": 3, 8 | "permissions": [ 9 | "declarativeNetRequest", 10 | "browsingData", 11 | "tabs" 12 | ], 13 | "host_permissions": [ 14 | "http://*/*", 15 | "https://*/*" 16 | ], 17 | "background": { 18 | "service_worker": "background.js" 19 | }, 20 | "action": { 21 | "default_icon": { 22 | "16": "icon/cola_gray.png" 23 | } 24 | }, 25 | "icons": { 26 | "48": "icon/cola_48.png", 27 | "128": "icon/cola_128.png" 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Disable-Content-Security-Policy 2 | A chrome extension that helps you disable or bypass Content Security Policy(CSP). 3 | 4 | It is developed based on Manifest V3. 5 | 6 | Google annouces that Manifest version 2 is deprecated, and support will be removed in 2023. See https://developer.chrome.com/blog/mv2-transition/ for more details. 7 | 8 | That's one reason why the project borns. 9 | 10 | The project use this repository for reference. 11 | 12 | If it is useful for you, please star.Thanks! 13 | 14 | 一个能够帮助你禁用或者说绕过内容安全策略的chrome扩展。 15 | 16 | 如果帮助到了你,请不吝star! 17 | 18 | # Usage 19 | 20 | Click the cola icon.When it turns red,it's working.When it turns gray,it's not. 21 | 22 | 点击可乐icon开启/关闭,红色代表启用扩展,灰色代表否。 23 | 24 | # Download 25 | 26 | Chrome: https://chrome.google.com/webstore/detail/disable-content-security/eckgajjlhojckchohogcblfjhpfdmoge 27 | 28 | Edge: https://microsoftedge.microsoft.com/addons/detail/cddgnofgikhkclcjhmenlmhnmbehdnmf 29 | 30 | You can also download the .crx file in the release page and drag it into the explorer. 31 | 32 | 访问不了谷歌的请点击页面右侧Releases下载.crx文件拖动到浏览器中安装。 33 | 34 | # Next Release Preview 35 | 36 | Hi guys!I'm planning to add a new feature that the extension can be enabled on every page you open.Let me know if you need this.Any other suggestions are welcome.:) 37 | -------------------------------------------------------------------------------- /background.js: -------------------------------------------------------------------------------- 1 | let isRunning = false 2 | 3 | let getCurrentTab = async () => { 4 | let queryOptions = { active: true, lastFocusedWindow: true } 5 | // `tab` will either be a `tabs.Tab` instance or `undefined`. 6 | let [tab] = await chrome.tabs.query(queryOptions) 7 | 8 | return tab 9 | } 10 | 11 | let isCSPDisabled = async () => { 12 | let rules = await chrome.declarativeNetRequest.getSessionRules(), 13 | urls = rules.map(rule => rule.condition.urlFilter), 14 | {url} = await getCurrentTab() 15 | 16 | return urls.some(item => item === url) 17 | } 18 | 19 | let updateUI = async () => { 20 | let isDisabled = await isCSPDisabled(), 21 | iconColor = isDisabled ? '' : '_gray', 22 | title = isDisabled ? 'is' : 'is not' 23 | 24 | chrome.action.setIcon({ path: `icon/cola${iconColor}.png` }) 25 | chrome.action.setTitle({ title: `The extension ${title} working` }) 26 | } 27 | 28 | let disableCSP = async (id) => { 29 | if (isRunning) return 30 | isRunning = true 31 | 32 | let addRules = [], 33 | removeRuleIds = [], 34 | {url} = await getCurrentTab() 35 | 36 | if (!await isCSPDisabled()) { 37 | addRules.push({ 38 | id, 39 | action: { 40 | type: 'modifyHeaders', 41 | responseHeaders: [{ header: 'content-security-policy', operation: 'set', value: '' }] 42 | }, 43 | condition: {urlFilter: url, resourceTypes: ['main_frame', 'sub_frame']} 44 | }) 45 | 46 | chrome.browsingData.remove({}, { serviceWorkers: true }, () => {}) 47 | } else { 48 | let rules = await chrome.declarativeNetRequest.getSessionRules() 49 | 50 | rules.forEach(rule => { 51 | if (rule.condition.urlFilter === url) { 52 | removeRuleIds.push(rule.id) 53 | } 54 | }) 55 | } 56 | 57 | await chrome.declarativeNetRequest.updateSessionRules({addRules, removeRuleIds}) 58 | 59 | await updateUI() 60 | isRunning = false 61 | } 62 | 63 | let init = () => { 64 | // When the user clicks the plugin icon 65 | chrome.action.onClicked.addListener((tab) => { 66 | disableCSP(tab.id) 67 | }) 68 | 69 | // When the user changes tab 70 | chrome.tabs.onActivated.addListener(() => { 71 | updateUI() 72 | }) 73 | } 74 | 75 | init() 76 | --------------------------------------------------------------------------------