chromium-web-store icon indicating copy to clipboard operation
chromium-web-store copied to clipboard
verified publisher icon NeverDecaf

Bypassing CSP (Content Security Policy)

Open arteze opened this issue 1 year ago • 1 comments

I made a Tampermonkey script to bypass CSP, you can see it here:

  • https://gist.github.com/arteze/056cb20abaf4615d762c7e46360ccffd

What it does is convert to base64 and convert to blob, I don't know why but that works.

I want this extension to do the same, I had this problem when trying to download EditThisCookie.

  • https://chromewebstore.google.com/detail/editthiscookies/hlgpnddmgbhkmilmcnejaibhmoiljhhb

arteze avatar Dec 13 '24 19:12 arteze

The problem is that the extension has the wasm-unsafe-eval property, I would like to be able to download it, extract it, remove that property from the manifest for all extensions that have it, then repackage it with a library that allows handling zip (which is crx), and that way it could be installed.

I think that being a blob it does not have a crx extension and can be installed.

"extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self'"

arteze avatar Dec 16 '24 04:12 arteze