Enable user to define their own content-security-policy
This commit is contained in:
joncrangle
@@ -128,6 +128,7 @@ See in [ruleset.yaml](ruleset.yaml) for an example.
|
|||||||
x-forwarded-for: none # override X-Forwarded-For header or delete with none
|
x-forwarded-for: none # override X-Forwarded-For header or delete with none
|
||||||
referer: none # override Referer header or delete with none
|
referer: none # override Referer header or delete with none
|
||||||
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
|
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
|
||||||
|
content-security-policy: script-src 'self'; # override response header
|
||||||
cookie: privacy=1
|
cookie: privacy=1
|
||||||
regexRules:
|
regexRules:
|
||||||
- match: <script\s+([^>]*\s+)?src="(/)([^"]*)"
|
- match: <script\s+([^>]*\s+)?src="(/)([^"]*)"
|
||||||
|
|||||||
@@ -33,6 +33,8 @@ func ProxySite(c *fiber.Ctx) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
c.Set("Content-Type", resp.Header.Get("Content-Type"))
|
c.Set("Content-Type", resp.Header.Get("Content-Type"))
|
||||||
|
c.Set("Content-Security-Policy", resp.Header.Get("Content-Security-Policy"))
|
||||||
|
|
||||||
return c.SendString(body)
|
return c.SendString(body)
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -111,6 +113,10 @@ func fetchSite(urlpath string, queries map[string]string) (string, *http.Request
|
|||||||
return "", nil, nil, err
|
return "", nil, nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if rule.Headers.CSP != "" {
|
||||||
|
resp.Header.Set("Content-Security-Policy", rule.Headers.CSP)
|
||||||
|
}
|
||||||
|
|
||||||
log.Print("rule", rule)
|
log.Print("rule", rule)
|
||||||
body := rewriteHtml(bodyB, u, rule)
|
body := rewriteHtml(bodyB, u, rule)
|
||||||
return body, req, resp, nil
|
return body, req, resp, nil
|
||||||
|
|||||||
@@ -16,6 +16,7 @@ type Rule struct {
|
|||||||
XForwardedFor string `yaml:"x-forwarded-for,omitempty"`
|
XForwardedFor string `yaml:"x-forwarded-for,omitempty"`
|
||||||
Referer string `yaml:"referer,omitempty"`
|
Referer string `yaml:"referer,omitempty"`
|
||||||
Cookie string `yaml:"cookie,omitempty"`
|
Cookie string `yaml:"cookie,omitempty"`
|
||||||
|
CSP string `yaml:"content-security-policy,omitempty"`
|
||||||
} `yaml:"headers,omitempty"`
|
} `yaml:"headers,omitempty"`
|
||||||
GoogleCache bool `yaml:"googleCache,omitempty"`
|
GoogleCache bool `yaml:"googleCache,omitempty"`
|
||||||
RegexRules []Regex `yaml:"regexRules"`
|
RegexRules []Regex `yaml:"regexRules"`
|
||||||
|
|||||||
39
ruleset.yaml
39
ruleset.yaml
@@ -1,6 +1,6 @@
|
|||||||
- domain: example.com
|
- domain: example.com
|
||||||
domains:
|
domains:
|
||||||
- www.beispiel.de
|
- www.beispiel.de
|
||||||
googleCache: true
|
googleCache: true
|
||||||
headers:
|
headers:
|
||||||
x-forwarded-for: none
|
x-forwarded-for: none
|
||||||
@@ -62,15 +62,15 @@
|
|||||||
});
|
});
|
||||||
</script>
|
</script>
|
||||||
- domains:
|
- domains:
|
||||||
- www.architecturaldigest.com
|
- www.architecturaldigest.com
|
||||||
- www.bonappetit.com
|
- www.bonappetit.com
|
||||||
- www.cntraveler.com
|
- www.cntraveler.com
|
||||||
- www.epicurious.com
|
- www.epicurious.com
|
||||||
- www.gq.com
|
- www.gq.com
|
||||||
- www.newyorker.com
|
- www.newyorker.com
|
||||||
- www.vanityfair.com
|
- www.vanityfair.com
|
||||||
- www.vogue.com
|
- www.vogue.com
|
||||||
- www.wired.com
|
- www.wired.com
|
||||||
injections:
|
injections:
|
||||||
- position: head
|
- position: head
|
||||||
append: |
|
append: |
|
||||||
@@ -81,8 +81,8 @@
|
|||||||
});
|
});
|
||||||
</script>
|
</script>
|
||||||
- domains:
|
- domains:
|
||||||
- www.nytimes.com
|
- www.nytimes.com
|
||||||
- www.time.com
|
- www.time.com
|
||||||
headers:
|
headers:
|
||||||
ueser-agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
|
ueser-agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
|
||||||
cookie: nyt-a=; nyt-gdpr=0; nyt-geo=DE; nyt-privacy=1
|
cookie: nyt-a=; nyt-gdpr=0; nyt-geo=DE; nyt-privacy=1
|
||||||
@@ -98,13 +98,13 @@
|
|||||||
});
|
});
|
||||||
</script>
|
</script>
|
||||||
- domains:
|
- domains:
|
||||||
- www.thestar.com
|
- www.thestar.com
|
||||||
- www.niagarafallsreview.ca
|
- www.niagarafallsreview.ca
|
||||||
- www.stcatharinesstandard.ca
|
- www.stcatharinesstandard.ca
|
||||||
- www.thepeterboroughexaminer.com
|
- www.thepeterboroughexaminer.com
|
||||||
- www.therecord.com
|
- www.therecord.com
|
||||||
- www.thespec.com
|
- www.thespec.com
|
||||||
- www.wellandtribune.ca
|
- www.wellandtribune.ca
|
||||||
injections:
|
injections:
|
||||||
- position: head
|
- position: head
|
||||||
append: |
|
append: |
|
||||||
@@ -161,4 +161,5 @@
|
|||||||
referer: https://t.co/x?amp=1
|
referer: https://t.co/x?amp=1
|
||||||
x-forwarded-for: none
|
x-forwarded-for: none
|
||||||
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
|
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
|
||||||
|
content-security-policy: script-src 'self';
|
||||||
cookie:
|
cookie:
|
||||||
Reference in New Issue
Block a user