2 files changed, 17 insertions, 6 deletions

diff --git a/src/assets/javascripts/twitter.js b/src/assets/javascripts/twitter.js
index 1ee7f755..59b784bb 100644
--- a/src/assets/javascripts/twitter.js
+++ b/src/assets/javascripts/twitter.js
@@ -133,13 +133,20 @@ function switchInstance(url) {
 }
 
 function removeXFrameOptions(e) {
+  if (e.type != 'sub_frame') return;
   let url = new URL(e.url);
   let protocolHost = utils.protocolHost(url);
-  if (!all().includes(protocolHost) || e.type != 'sub_frame') return;
+  if (!all().includes(protocolHost)) return;
   let isChanged = false;
-  for (const i in e.responseHeaders) if (e.responseHeaders[i].name == 'x-frame-options') {
-    e.responseHeaders.splice(i, 1);
-    isChanged = true;
+  for (const i in e.responseHeaders) {
+    if (e.responseHeaders[i].name == 'x-frame-options') {
+      e.responseHeaders.splice(i, 1);
+      isChanged = true;
+    }
+    else if (e.responseHeaders[i].name == 'content-security-policy') {
+      e.responseHeaders.splice(i, 1);
+      isChanged = true;
+    }
   }
   if (isChanged) return { responseHeaders: e.responseHeaders };
 }
diff --git a/src/assets/javascripts/youtube/youtube.js b/src/assets/javascripts/youtube/youtube.js
index 6f022e21..61e73fdf 100644
--- a/src/assets/javascripts/youtube/youtube.js
+++ b/src/assets/javascripts/youtube/youtube.js
@@ -426,13 +426,17 @@ function removeXFrameOptions(e) {
   const url = new URL(e.url);
   const protocolHost = utils.protocolHost(url);
   if (!all().includes(protocolHost)) return;
-
   let isChanged = false;
-  for (const i in e.responseHeaders)
+  for (const i in e.responseHeaders) {
     if (e.responseHeaders[i].name == 'x-frame-options') {
       e.responseHeaders.splice(i, 1);
       isChanged = true;
     }
+    else if (e.responseHeaders[i].name == 'content-security-policy') {
+      e.responseHeaders.splice(i, 1);
+      isChanged = true;
+    }
+  }
   if (isChanged) return { responseHeaders: e.responseHeaders };
 }