作者:Ran
2020-10-16 Ran
以WhatsApp网页版为例。
报错:
Refused to load the script \'https://xxx/xxx.js\' because it violates the following Content Security Policy directive: "script-src \'self\' data: blob: \'unsafe-eval\' \'unsafe-inline\' https://ajax.googleapis.com https://api.search.live.net https://maps.googleapis.com https://www.youtube.com https://s.ytimg.com". Note that \'script-src-elem\' was not explicitly set, so \'script-src\' is used as a fallback.
破解:
chrome.webRequest.onHeadersReceived.addListener(
function (details) {
console.log(\'Disabled CSP\', details)
for (var i = 0; i < details.responseHeaders.length; i++) {
if (details.responseHeaders[i].name.toLowerCase() === \'content-security-policy\') {
details.responseHeaders[i].value = \'\'
}
}
return {
responseHeaders: details.responseHeaders
}
},
{
urls: [
\'*://*.whatsapp.com/*\'
]
},
[\'blocking\', \'responseHeaders\']
)
