Skip to content

Instantly share code, notes, and snippets.

@wearhere

wearhere/rewrite_CSP_header.js

Created December 17, 2014 04:36
Show Gist options
  • Save wearhere/5118d8d4236cdf5aaac9 to your computer and use it in GitHub Desktop.
Save wearhere/5118d8d4236cdf5aaac9 to your computer and use it in GitHub Desktop.
Download ZIP
How to rewrite the 'content-security-policy' HTTP header to work around bugs in the Chrome extension APIs: https://www.mixmax.com/blog/what-to-do-when-your-app-breaks
Raw
rewrite_CSP_header.js
var hosts = 'https://d1j5o6e2vipffp.cloudfront.net';
var iframeHosts = 'https://app.mixmax.com';
chrome.webRequest.onHeadersReceived.addListener(function(details) {
for (var i = 0; i < details.responseHeaders.length; i++) {
var isCSPHeader = /content-security-policy/i.test(details.responseHeaders[i].name);
if (isCSPHeader) {
var csp = details.responseHeaders[i].value;
csp = csp.replace('script-src', 'script-src ' + hosts);
csp = csp.replace('style-src', 'style-src ' + hosts);
csp = csp.replace('frame-src', 'frame-src ' + iframeHosts);
details.responseHeaders[i].value = csp;
}
}
return {
responseHeaders: details.responseHeaders
};
}, {
urls: ['https://mail.google.com/*'],
types: ['main_frame']
}, ['blocking', 'responseHeaders']);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment