🐛 修复firefox csp策略问题 #170

CodFrm · CodFrm · commit d3102754bed5 · 2023-05-27T22:25:43.000+08:00
diff --git a/src/runtime/background/runtime.ts b/src/runtime/background/runtime.ts
@@ -412,7 +412,7 @@ export default class Runtime extends Manager {
             return;
           }
           const exclude = this.customizeExclude.match(sender.url);
-          // 自定义排除的
+          // 自定义排除的, buildScriptRunResource时会将selfMetadata合并,所以后续不需要再处理metadata.exclude,这算是一个隐性的坑,后面看看要不要处理
           exclude.forEach((val) => {
             addRunScript(sender.tabId!, val, false, 0);
           });
diff --git a/src/runtime/background/utils.ts b/src/runtime/background/utils.ts
@@ -1,11 +1,12 @@
 import LoggerCore from "@App/app/logger/core";
 import Logger from "@App/app/logger/logger";
 import { Channel } from "@App/app/message/channel";
-import { Script } from "@App/app/repo/scripts";
+import { SCRIPT_STATUS_ENABLE, Script } from "@App/app/repo/scripts";
 import { isFirefox } from "@App/pkg/utils/utils";
 import MessageCenter from "@App/app/message/center";
 import IoC from "@App/app/ioc";
 import { Request } from "./gm_api";
+import Runtime from "./runtime";
 
 export const unsafeHeaders: { [key: string]: boolean } = {
   // 部分浏览器中并未允许
@@ -173,6 +174,37 @@ export function listenerWebRequest(headerFlag: string) {
   chrome.webRequest.onHeadersReceived.addListener(
     (details) => {
       if (!isExtensionRequest(details)) {
+        // 判断是否为页面请求
+        if (!(details.type === "main_frame" || details.type === "sub_frame")) {
+          return {};
+        }
+        // 判断页面上是否有脚本会运行,如果有判断是否有csp,有则移除csp策略
+        const runtime = IoC.instance(Runtime) as Runtime;
+        // 这块代码与runtime里的pageLoad一样,考虑后面要不要优化
+        const result = runtime.matchUrl(details.url, (script) => {
+          // 如果是iframe,判断是否允许在iframe里运行
+          if (details.type === "sub_frame") {
+            if (script.metadata.noframes) {
+              return true;
+            }
+            return script.status !== SCRIPT_STATUS_ENABLE;
+          }
+          return script.status !== SCRIPT_STATUS_ENABLE;
+        });
+        if (result.length > 0 && details.responseHeaders) {
+          // 移除csp
+          for (let i = 0; i < details.responseHeaders.length; i += 1) {
+            if (
+              details.responseHeaders[i].name.toLowerCase() ===
+              "content-security-policy"
+            ) {
+              details.responseHeaders[i].value = "";
+            }
+          }
+          return {
+            responseHeaders: details.responseHeaders,
+          };
+        }
         return {};
       }
       const appendHeaders: chrome.webRequest.HttpHeader[] = [];

Original file line number	Diff line number	Diff line change
`@@ -412,7 +412,7 @@ export default class Runtime extends Manager {`
`412`	`412`	`return;`
`413`	`413`	`}`
`414`	`414`	`const exclude = this.customizeExclude.match(sender.url);`
`415`		`- // 自定义排除的`
	`415`	`+ // 自定义排除的, buildScriptRunResource时会将selfMetadata合并,所以后续不需要再处理metadata.exclude,这算是一个隐性的坑,后面看看要不要处理`
`416`	`416`	`exclude.forEach((val) => {`
`417`	`417`	`addRunScript(sender.tabId!, val, false, 0);`
`418`	`418`	`});`