Enable user to define their own content-security-policy
This commit is contained in:
joncrangle
@@ -128,6 +128,7 @@ See in [ruleset.yaml](ruleset.yaml) for an example.
|
||||
x-forwarded-for: none # override X-Forwarded-For header or delete with none
|
||||
referer: none # override Referer header or delete with none
|
||||
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
|
||||
content-security-policy: script-src 'self'; # override response header
|
||||
cookie: privacy=1
|
||||
regexRules:
|
||||
- match: <script\s+([^>]*\s+)?src="(/)([^"]*)"
|
||||
|
||||
@@ -33,6 +33,8 @@ func ProxySite(c *fiber.Ctx) error {
|
||||
}
|
||||
|
||||
c.Set("Content-Type", resp.Header.Get("Content-Type"))
|
||||
c.Set("Content-Security-Policy", resp.Header.Get("Content-Security-Policy"))
|
||||
|
||||
return c.SendString(body)
|
||||
}
|
||||
|
||||
@@ -111,6 +113,10 @@ func fetchSite(urlpath string, queries map[string]string) (string, *http.Request
|
||||
return "", nil, nil, err
|
||||
}
|
||||
|
||||
if rule.Headers.CSP != "" {
|
||||
resp.Header.Set("Content-Security-Policy", rule.Headers.CSP)
|
||||
}
|
||||
|
||||
log.Print("rule", rule)
|
||||
body := rewriteHtml(bodyB, u, rule)
|
||||
return body, req, resp, nil
|
||||
|
||||
@@ -16,6 +16,7 @@ type Rule struct {
|
||||
XForwardedFor string `yaml:"x-forwarded-for,omitempty"`
|
||||
Referer string `yaml:"referer,omitempty"`
|
||||
Cookie string `yaml:"cookie,omitempty"`
|
||||
CSP string `yaml:"content-security-policy,omitempty"`
|
||||
} `yaml:"headers,omitempty"`
|
||||
GoogleCache bool `yaml:"googleCache,omitempty"`
|
||||
RegexRules []Regex `yaml:"regexRules"`
|
||||
|
||||
39
ruleset.yaml
39
ruleset.yaml
@@ -1,6 +1,6 @@
|
||||
- domain: example.com
|
||||
domains:
|
||||
- www.beispiel.de
|
||||
- www.beispiel.de
|
||||
googleCache: true
|
||||
headers:
|
||||
x-forwarded-for: none
|
||||
@@ -62,15 +62,15 @@
|
||||
});
|
||||
</script>
|
||||
- domains:
|
||||
- www.architecturaldigest.com
|
||||
- www.bonappetit.com
|
||||
- www.cntraveler.com
|
||||
- www.epicurious.com
|
||||
- www.gq.com
|
||||
- www.newyorker.com
|
||||
- www.vanityfair.com
|
||||
- www.vogue.com
|
||||
- www.wired.com
|
||||
- www.architecturaldigest.com
|
||||
- www.bonappetit.com
|
||||
- www.cntraveler.com
|
||||
- www.epicurious.com
|
||||
- www.gq.com
|
||||
- www.newyorker.com
|
||||
- www.vanityfair.com
|
||||
- www.vogue.com
|
||||
- www.wired.com
|
||||
injections:
|
||||
- position: head
|
||||
append: |
|
||||
@@ -81,8 +81,8 @@
|
||||
});
|
||||
</script>
|
||||
- domains:
|
||||
- www.nytimes.com
|
||||
- www.time.com
|
||||
- www.nytimes.com
|
||||
- www.time.com
|
||||
headers:
|
||||
ueser-agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
|
||||
cookie: nyt-a=; nyt-gdpr=0; nyt-geo=DE; nyt-privacy=1
|
||||
@@ -98,13 +98,13 @@
|
||||
});
|
||||
</script>
|
||||
- domains:
|
||||
- www.thestar.com
|
||||
- www.niagarafallsreview.ca
|
||||
- www.stcatharinesstandard.ca
|
||||
- www.thepeterboroughexaminer.com
|
||||
- www.therecord.com
|
||||
- www.thespec.com
|
||||
- www.wellandtribune.ca
|
||||
- www.thestar.com
|
||||
- www.niagarafallsreview.ca
|
||||
- www.stcatharinesstandard.ca
|
||||
- www.thepeterboroughexaminer.com
|
||||
- www.therecord.com
|
||||
- www.thespec.com
|
||||
- www.wellandtribune.ca
|
||||
injections:
|
||||
- position: head
|
||||
append: |
|
||||
@@ -161,4 +161,5 @@
|
||||
referer: https://t.co/x?amp=1
|
||||
x-forwarded-for: none
|
||||
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
|
||||
content-security-policy: script-src 'self';
|
||||
cookie:
|
||||
Reference in New Issue
Block a user