Skip to content

Commit

Permalink
fix case that site uses meta tags instead of headers for content-secu…
Browse files Browse the repository at this point in the history 
…rity-policy
  • Loading branch information
@binary-person
binary-person committed Nov 9, 2021
1 parent bd70ced commit b3763e5
Showing 1 changed file with 10 additions and 5 deletions.
15 changes: 10 additions & 5 deletions nginx.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -270,25 +270,30 @@ http {
# 5. rewrite 'integrity="' to 'nointegrity=' to disable script integrity checking
sub_filter 'integrity="' 'nointegrity="';

# 6. disable meta tag's Content-Security-Policy
sub_filter 'http-equiv="Content-Security-Policy"' 'http-equiv="No-U-Content-Security-Policy"';

# do the same thing but instead of ", do '
# # 1.
# 1.
sub_filter "<script src='//" "<script $processed_flag_attribute src='/main/js_/$relativescheme://";
sub_filter "<script type='text/javascript' src='//" "<script type='text/javascript' $processed_flag_attribute src='/main/js_/$relativescheme://";
sub_filter "src='//" "$processed_flag_attribute src='/main/$relativescheme://";
# # 2.
# 2.
sub_filter "<script src='/" "<script $processed_flag_attribute src='/main/js_/$dest_hostwithscheme/";
sub_filter "<script type='text/javascript' src='/" "<script type='text/javascript' $processed_flag_attribute src='/main/js_/$dest_hostwithscheme/";
sub_filter "src='/" "$processed_flag_attribute src='/main/$dest_hostwithscheme/";
# # 3.
# 3.
sub_filter "<script src='https://" "<script $processed_flag_attribute src='/main/js_/https://";
sub_filter "<script type='text/javascript' src='https://" "<script type='text/javascript' $processed_flag_attribute src='/main/js_/https://";
sub_filter "src='https://" "$processed_flag_attribute src='/main/https://";
# # 4.
# 4.
sub_filter "<script src='http://" "<script $processed_flag_attribute src='/main/js_/http://";
sub_filter "<script type='text/javascript' src='http://" "<script type='text/javascript' $processed_flag_attribute src='/main/js_/http://";
sub_filter "src='http://" "$processed_flag_attribute src='/main/http://";
# # 5.
# 5.
sub_filter "integrity='" "nointegrity='";
# 6. disable meta tag's Content-Security-Policy
sub_filter "http-equiv='Content-Security-Policy'" "http-equiv='No-U-Content-Security-Policy'";


# insert wombat.js and wombat-handler.js scripts
Expand Down

0 comments on commit b3763e5

Please sign in to comment.