From 3a16c0a2c2d0868ea3ccfb77cfb7871ece08ba14 Mon Sep 17 00:00:00 2001
From: Hygna <hygna@proton.me>
Date: Thu, 13 Oct 2022 16:52:16 +0100
Subject: [PATCH] Fixed bug where websites with strict CSPs would not allow for
 the redirected instance embed to be loaded

Closes https://github.com/libredirect/libredirect/issues/481
---
 src/assets/javascripts/services.js | 39 ++++++++++++++++++++++++++++++
 src/pages/background/background.js | 10 ++++++++
 2 files changed, 49 insertions(+)

diff --git a/src/assets/javascripts/services.js b/src/assets/javascripts/services.js
index 0b15706..6aeeff7 100644
--- a/src/assets/javascripts/services.js
+++ b/src/assets/javascripts/services.js
@@ -742,6 +742,44 @@ function processUpdate() {
 	})
 }
 
+// For websites that have a strict policy that would not normally allow these frontends to be embedded within the website.
+function modifyContentSecurityPolicy(details) {
+	let isChanged = false
+	if (details.type == "main_frame") {
+		for (const header in details.responseHeaders) {
+			if (details.responseHeaders[header].name == "content-security-policy") {
+				let instancesList = []
+				for (const service in config.services) {
+					if (config.services[service].embeddable) {
+						for (const frontend in config.services[service].frontends) {
+							if (config.services[service].frontends[frontend].embeddable) {
+								for (const network in config.networks) {
+									instancesList.push(...options[frontend][network].enabled, ...options[frontend][network].custom)
+								}
+							}
+						}
+					}
+				}
+				let securityPolicyList = details.responseHeaders[header].value.split(";")
+				for (const i in securityPolicyList) securityPolicyList[i] = securityPolicyList[i].trim()
+				let newSecurity = ""
+				for (const item of securityPolicyList) {
+					if (item.trim() == "") continue
+					let regex = item.match(/([a-z-]{0,}) (.*)/)
+					if (regex == null) continue
+					let [, key, vals] = regex
+					if (key == "frame-src") vals = vals + " " + instancesList.join(" ")
+					newSecurity += key + " " + vals + "; "
+				}
+
+				details.responseHeaders[header].value = newSecurity
+				isChanged = true
+			}
+		}
+		if (isChanged) return { responseHeaders: details.responseHeaders }
+	}
+}
+
 export default {
 	redirect,
 	computeService,
@@ -752,4 +790,5 @@ export default {
 	initDefaults,
 	upgradeOptions,
 	processUpdate,
+	modifyContentSecurityPolicy,
 }
diff --git a/src/pages/background/background.js b/src/pages/background/background.js
index 9db27fa..5416c12 100644
--- a/src/pages/background/background.js
+++ b/src/pages/background/background.js
@@ -245,6 +245,16 @@ browser.contextMenus.onClicked.addListener((info, tab) => {
 	})
 })
 
+browser.webRequest.onHeadersReceived.addListener(
+	e => {
+		let response = servicesHelper.modifyContentSecurityPolicy(e)
+		if (!response) response = servicesHelper.modifyContentSecurityPolicy(e)
+		return response
+	},
+	{ urls: ["<all_urls>"] },
+	["blocking", "responseHeaders"]
+)
+
 browser.runtime.onMessage.addListener((message, sender, sendResponse) => {
 	if (message.function === "unify") utils.unify(false).then(r => sendResponse({ response: r }))
 	return true