From 0ab646ac68c2b76fb2778b9e2a8c3caf989fb6b4 Mon Sep 17 00:00:00 2001
From: ManeraKai <manerakai@protonmail.com>
Date: Sat, 11 Jun 2022 13:03:46 +0300
Subject: Fixed content-security-policy for youtube #279

---
 src/assets/javascripts/youtube/youtube.js | 59 ++++++++++++++++++++++++-------
 src/pages/background/background.js        |  6 ++--
 2 files changed, 50 insertions(+), 15 deletions(-)

(limited to 'src')

diff --git a/src/assets/javascripts/youtube/youtube.js b/src/assets/javascripts/youtube/youtube.js
index 61e73fdf..9caf6752 100644
--- a/src/assets/javascripts/youtube/youtube.js
+++ b/src/assets/javascripts/youtube/youtube.js
@@ -420,21 +420,56 @@ function pastePipedMaterialLocalStorage() {
   })
 }
 
-
 function removeXFrameOptions(e) {
-  if (e.type != 'sub_frame') return;
-  const url = new URL(e.url);
-  const protocolHost = utils.protocolHost(url);
-  if (!all().includes(protocolHost)) return;
   let isChanged = false;
-  for (const i in e.responseHeaders) {
-    if (e.responseHeaders[i].name == 'x-frame-options') {
-      e.responseHeaders.splice(i, 1);
-      isChanged = true;
+
+  if (e.type == 'main_frame') {
+    for (const i in e.responseHeaders) {
+      if (e.responseHeaders[i].name == 'content-security-policy') {
+        let instancesList;
+        if (youtubeFrontend == 'invidious') {
+          if (youtubeProtocol == 'normal') instancesList = [...invidiousNormalRedirectsChecks, ...invidiousNormalCustomRedirects];
+          else if (youtubeProtocol == 'tor') instancesList = [...invidiousTorRedirectsChecks, ...invidiousTorCustomRedirects];
+        }
+        else if (youtubeFrontend == 'piped') {
+          if (youtubeProtocol == 'normal') instancesList = [...pipedNormalRedirectsChecks, ...pipedNormalCustomRedirects];
+          else if (youtubeProtocol == 'tor') instancesList = [...pipedTorRedirectsChecks, ...pipedTorCustomRedirects];
+        }
+        else if (youtubeFrontend == 'pipedMaterial') {
+          if (youtubeProtocol == 'normal') instancesList = [...pipedMaterialNormalRedirectsChecks, ...pipedMaterialNormalCustomRedirects];
+          else if (youtubeProtocol == 'tor') instancesList = [...pipedMaterialTorRedirectsChecks, ...pipedMaterialTorCustomRedirects];
+        }
+        let securityPolicyList = e.responseHeaders[i].value.split(';');
+        for (const i in securityPolicyList) securityPolicyList[i] = securityPolicyList[i].trim();
+
+        let newSecurity = '';
+        for (const item of securityPolicyList) {
+          if (item.trim() == '') continue
+          console.log('item', item);
+          let [, key, vals] = item.match(/([a-z-]{0,}) (.*)/);
+          if (key == 'frame-src') vals = vals + ' ' + instancesList.join(' ');
+          newSecurity += key + ' ' + vals + '; ';
+        }
+
+        e.responseHeaders[i].value = newSecurity;
+        isChanged = true;
+      }
     }
-    else if (e.responseHeaders[i].name == 'content-security-policy') {
-      e.responseHeaders.splice(i, 1);
-      isChanged = true;
+    if (isChanged) return { responseHeaders: e.responseHeaders };
+  }
+  else if (e.type == 'sub_frame') {
+    const url = new URL(e.url);
+    const protocolHost = utils.protocolHost(url);
+    if (!all().includes(protocolHost)) return;
+    for (const i in e.responseHeaders) {
+      if (e.responseHeaders[i].name == 'x-frame-options') {
+        e.responseHeaders.splice(i, 1);
+        isChanged = true;
+      }
+      else if (e.responseHeaders[i].name == 'content-security-policy') {
+        e.responseHeaders.splice(i, 1);
+        isChanged = true;
+      }
     }
   }
   if (isChanged) return { responseHeaders: e.responseHeaders };
diff --git a/src/pages/background/background.js b/src/pages/background/background.js
index 892f019d..a1ac27db 100644
--- a/src/pages/background/background.js
+++ b/src/pages/background/background.js
@@ -162,7 +162,7 @@ browser.webRequest.onHeadersReceived.addListener(
     if (!response) response = youtubeHelper.removeXFrameOptions(e);
     return response;
   },
-  { urls: ["<all_urls>"], },
+  { urls: ["<all_urls>"] },
   ["blocking", "responseHeaders"]
 );
 
@@ -201,7 +201,7 @@ browser.webRequest.onResponseStarted.addListener(
     if (!await isAutoRedirect()) return null;
     if (details.type == 'main_frame' && details.statusCode >= 500) redirectOfflineInstance(new URL(details.url), details.tabId);
   },
-  { urls: ["<all_urls>"], }
+  { urls: ["<all_urls>"] }
 )
 
 browser.webRequest.onErrorOccurred.addListener(
@@ -209,7 +209,7 @@ browser.webRequest.onErrorOccurred.addListener(
     if (!await isAutoRedirect()) return;
     if (details.type == 'main_frame') redirectOfflineInstance(new URL(details.url), details.tabId);
   },
-  { urls: ["<all_urls>"], }
+  { urls: ["<all_urls>"] }
 )
 
 browser.commands.onCommand.addListener(
-- 
cgit 1.4.1