feat: csp list

public/manifest.firefox.json

@@ -44,7 +44,13 @@
       "description": "__MSG_open_options__"
     }
   },
-  "permissions": ["<all_urls>", "storage", "contextMenus", "scripting"],
+  "permissions": [
+    "<all_urls>",
+    "storage",
+    "contextMenus",
+    "scripting",
+    "declarativeNetRequest"
+  ],
   "icons": {
     "16": "images/logo16.png",
     "32": "images/logo32.png",

public/manifest.json

@@ -45,7 +45,12 @@
       "description": "__MSG_open_options__"
     }
   },
-  "permissions": ["storage", "contextMenus", "scripting"],
+  "permissions": [
+    "storage",
+    "contextMenus",
+    "scripting",
+    "declarativeNetRequest"
+  ],
   "host_permissions": ["<all_urls>"],
   "icons": {
     "16": "images/logo16.png",

src/background.js

@@ -12,6 +12,8 @@ import {
   MSG_COMMAND_SHORTCUTS,
   MSG_INJECT_JS,
   MSG_INJECT_CSS,
+  MSG_UPDATE_CSP,
+  DEFAULT_CSPLIST,
   CMD_TOGGLE_TRANSLATE,
   CMD_TOGGLE_STYLE,
   CMD_OPEN_OPTIONS,
@@ -26,9 +28,17 @@ import { tryClearCaches } from "./libs";
 import { saveRule } from "./libs/rules";
 import { getCurTabId } from "./libs/msg";
 import { injectInlineJs, injectInternalCss } from "./libs/injector";
+import { kissLog } from "./libs/log";
 
 globalThis.ContextType = "BACKGROUND";
 
+const REMOVE_HEADERS = [
+  `content-security-policy`,
+  `content-security-policy-report-only`,
+  `x-webkit-csp`,
+  `x-content-security-policy`,
+];
+
 /**
  * 添加右键菜单
  */
@@ -79,6 +89,41 @@ async function addContextMenus(contextMenuType = 1) {
   }
 }
 
+/**
+ * 更新CSP策略
+ * @param {*} csplist 
+ */
+async function updateCspRules(csplist = DEFAULT_CSPLIST.join(",\n")) {
+  try {
+    const newRules = csplist
+      .split(/\n|,/)
+      .map((url) => url.trim())
+      .filter(Boolean)
+      .map((url, idx) => ({
+        id: idx + 1,
+        action: {
+          type: "modifyHeaders",
+          responseHeaders: REMOVE_HEADERS.map((header) => ({
+            operation: "remove",
+            header,
+          })),
+        },
+        condition: {
+          urlFilter: url,
+          resourceTypes: ["main_frame", "sub_frame"],
+        },
+      }));
+    const oldRules = await browser.declarativeNetRequest.getDynamicRules();
+    const oldRuleIds = oldRules.map((rule) => rule.id);
+    await browser.declarativeNetRequest.updateDynamicRules({
+      removeRuleIds: oldRuleIds,
+      addRules: newRules,
+    });
+  } catch (err) {
+    kissLog(err, "update csp rules");
+  }
+}
+
 /**
  * 插件安装
  */
@@ -87,6 +132,9 @@ browser.runtime.onInstalled.addListener(() => {
 
   // 右键菜单
   addContextMenus();
+
+  // 禁用CSP
+  updateCspRules();
 });
 
 /**
@@ -143,8 +191,10 @@ browser.runtime.onMessage.addListener(async ({ action, args }) => {
         args: [args],
         world: "MAIN",
       });
+    case MSG_UPDATE_CSP:
+      return await updateCspRules(args);
     case MSG_CONTEXT_MENUS:
-      return await addContextMenus(args.contextMenuType);
+      return await addContextMenus(args);
     case MSG_COMMAND_SHORTCUTS:
       return await browser.commands.getAll();
     default:

src/config/i18n.js

@@ -755,6 +755,14 @@ export const I18N = {
     zh: `禁用翻译名单`,
     en: `Translate Blacklist`,
   },
+  disabled_csplist: {
+    zh: `禁用CSP名单`,
+    en: `Disabled CSP List`,
+  },
+  disabled_csplist_helper: {
+    zh: `3、通过调整CSP策略，使得某些页面能够注入JS/CSS/Media，请谨慎使用，除非您已知晓相关风险。`,
+    en: `3. By adjusting the CSP policy, some pages can inject JS/CSS/Media. Please use it with caution unless you are aware of the related risks.`,
+  },
   skip_langs: {
     zh: `不翻译的语言`,
     en: `Disable Languages`,

src/config/index.js

@@ -65,6 +65,7 @@ export const MSG_CONTEXT_MENUS = "context_menus";
 export const MSG_COMMAND_SHORTCUTS = "command_shortcuts";
 export const MSG_INJECT_JS = "inject_js";
 export const MSG_INJECT_CSS = "inject_css";
+export const MSG_UPDATE_CSP = "update_csp";
 
 export const THEME_LIGHT = "light";
 export const THEME_DARK = "dark";
@@ -486,6 +487,7 @@ export const DEFAULT_BLACKLIST = [
   "oapi.dingtalk.com",
   "login.dingtalk.com",
 ]; // 禁用翻译名单
+export const DEFAULT_CSPLIST = ["https://github.com"]; // 禁用CSP名单
 
 export const DEFAULT_SETTING = {
   darkMode: false, // 深色模式
@@ -513,6 +515,7 @@ export const DEFAULT_SETTING = {
   tranboxSetting: DEFAULT_TRANBOX_SETTING, // 划词翻译设置
   touchTranslate: 2, // 触屏翻译
   blacklist: DEFAULT_BLACKLIST.join(",\n"), // 禁用翻译名单
+  csplist: DEFAULT_CSPLIST.join(",\n"), // 禁用CSP名单
   // disableLangs: [], // 不翻译的语言(移至rule，作废)
   transInterval: 500, // 翻译间隔时间
 };

src/views/Options/Setting.js

@@ -22,7 +22,9 @@ import {
   OPT_SHORTCUT_POPUP,
   OPT_SHORTCUT_SETTING,
   DEFAULT_BLACKLIST,
+  DEFAULT_CSPLIST,
   MSG_CONTEXT_MENUS,
+  MSG_UPDATE_CSP,
 } from "../../config";
 import { useShortcut } from "../../hooks/Shortcut";
 import ShortcutInput from "./ShortcutInput";
@@ -69,7 +71,10 @@ export default function Settings() {
         value = limitNumber(value, 0, 4);
         break;
       case "contextMenuType":
-        isExt && sendBgMsg(MSG_CONTEXT_MENUS, { contextMenuType: value });
+        isExt && sendBgMsg(MSG_CONTEXT_MENUS, value);
+        break;
+      case "csplist":
+        isExt && sendBgMsg(MSG_UPDATE_CSP, value);
         break;
       default:
     }
@@ -96,6 +101,7 @@ export default function Settings() {
     contextMenuType = 1,
     touchTranslate = 2,
     blacklist = DEFAULT_BLACKLIST.join(",\n"),
+    csplist = DEFAULT_CSPLIST.join(",\n"),
     transInterval = 500,
   } = setting;
   const { isHide = false } = fab || {};
@@ -219,6 +225,18 @@ export default function Settings() {
                 </Link>
               </FormHelperText>
             </FormControl>
+
+            <TextField
+              size="small"
+              label={i18n("disabled_csplist")}
+              helperText={
+                i18n("pattern_helper") + " " + i18n("disabled_csplist_helper")
+              }
+              name="csplist"
+              defaultValue={csplist}
+              onChange={handleChange}
+              multiline
+            />
           </>
         ) : (
           <>