From 924696c0154a1deaf77af16a3d575c67ae8df50f Mon Sep 17 00:00:00 2001
From: joncrangle <94425204+joncrangle@users.noreply.github.com>
Date: Thu, 9 Nov 2023 21:50:46 -0500
Subject: [PATCH 1/3] Enable user to define their own content-security-policy

---
 README.md         |  1 +
 handlers/proxy.go |  6 ++++++
 handlers/types.go |  1 +
 ruleset.yaml      | 51 ++++++++++++++++++++++++-----------------------
 4 files changed, 34 insertions(+), 25 deletions(-)

diff --git a/README.md b/README.md
index 334d92b..24fb5de 100644
--- a/README.md
+++ b/README.md
@@ -128,6 +128,7 @@ See in [ruleset.yaml](ruleset.yaml) for an example.
     x-forwarded-for: none      # override X-Forwarded-For header or delete with none
     referer: none              # override Referer header or delete with none
     user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
+    content-security-policy: script-src 'self'; # override response header
     cookie: privacy=1
   regexRules:
     - match: <script\s+([^>]*\s+)?src="(/)([^"]*)"
diff --git a/handlers/proxy.go b/handlers/proxy.go
index 8862492..28c0694 100644
--- a/handlers/proxy.go
+++ b/handlers/proxy.go
@@ -33,6 +33,8 @@ func ProxySite(c *fiber.Ctx) error {
 	}
 
 	c.Set("Content-Type", resp.Header.Get("Content-Type"))
+	c.Set("Content-Security-Policy", resp.Header.Get("Content-Security-Policy"))
+
 	return c.SendString(body)
 }
 
@@ -111,6 +113,10 @@ func fetchSite(urlpath string, queries map[string]string) (string, *http.Request
 		return "", nil, nil, err
 	}
 
+	if rule.Headers.CSP != "" {
+		resp.Header.Set("Content-Security-Policy", rule.Headers.CSP)
+	}
+
 	log.Print("rule", rule)
 	body := rewriteHtml(bodyB, u, rule)
 	return body, req, resp, nil
diff --git a/handlers/types.go b/handlers/types.go
index 5aca088..16e4c49 100644
--- a/handlers/types.go
+++ b/handlers/types.go
@@ -16,6 +16,7 @@ type Rule struct {
 		XForwardedFor string `yaml:"x-forwarded-for,omitempty"`
 		Referer       string `yaml:"referer,omitempty"`
 		Cookie        string `yaml:"cookie,omitempty"`
+		CSP           string `yaml:"content-security-policy,omitempty"`
 	} `yaml:"headers,omitempty"`
 	GoogleCache bool    `yaml:"googleCache,omitempty"`
 	RegexRules  []Regex `yaml:"regexRules"`
diff --git a/ruleset.yaml b/ruleset.yaml
index 1fe50e3..4d97129 100644
--- a/ruleset.yaml
+++ b/ruleset.yaml
@@ -1,6 +1,6 @@
 - domain: example.com
-  domains: 
-  - www.beispiel.de
+  domains:
+    - www.beispiel.de
   googleCache: true
   headers:
     x-forwarded-for: none
@@ -61,16 +61,16 @@
             removeDOMElement(paywall)
           });
         </script>
-- domains: 
-  - www.architecturaldigest.com
-  - www.bonappetit.com
-  - www.cntraveler.com
-  - www.epicurious.com
-  - www.gq.com
-  - www.newyorker.com
-  - www.vanityfair.com
-  - www.vogue.com
-  - www.wired.com
+- domains:
+    - www.architecturaldigest.com
+    - www.bonappetit.com
+    - www.cntraveler.com
+    - www.epicurious.com
+    - www.gq.com
+    - www.newyorker.com
+    - www.vanityfair.com
+    - www.vogue.com
+    - www.wired.com
   injections:
     - position: head
       append: |
@@ -80,13 +80,13 @@
             banners.forEach(el => { el.remove(); });
           });
         </script>
-- domains: 
-  - www.nytimes.com
-  - www.time.com
+- domains:
+    - www.nytimes.com
+    - www.time.com
   headers:
     ueser-agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
     cookie: nyt-a=; nyt-gdpr=0; nyt-geo=DE; nyt-privacy=1
-    referer: https://www.google.com/ 
+    referer: https://www.google.com/
   injections:
     - position: head
       append: |
@@ -97,14 +97,14 @@
             banners.forEach(el => { el.remove(); });
           });
         </script>
-- domains: 
-  - www.thestar.com
-  - www.niagarafallsreview.ca
-  - www.stcatharinesstandard.ca
-  - www.thepeterboroughexaminer.com
-  - www.therecord.com
-  - www.thespec.com
-  - www.wellandtribune.ca
+- domains:
+    - www.thestar.com
+    - www.niagarafallsreview.ca
+    - www.stcatharinesstandard.ca
+    - www.thepeterboroughexaminer.com
+    - www.therecord.com
+    - www.thespec.com
+    - www.wellandtribune.ca
   injections:
     - position: head
       append: |
@@ -161,4 +161,5 @@
     referer: https://t.co/x?amp=1
     x-forwarded-for: none
     user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
-    cookie: 
\ No newline at end of file
+    content-security-policy: script-src 'self';
+    cookie:

From 66c4b3c9119952a5ed12c511d44cb99e1c8746d9 Mon Sep 17 00:00:00 2001
From: joncrangle <94425204+joncrangle@users.noreply.github.com>
Date: Thu, 9 Nov 2023 22:03:37 -0500
Subject: [PATCH 2/3] Undo prettier

---
 ruleset.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ruleset.yaml b/ruleset.yaml
index 4d97129..877a590 100644
--- a/ruleset.yaml
+++ b/ruleset.yaml
@@ -162,4 +162,4 @@
     x-forwarded-for: none
     user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
     content-security-policy: script-src 'self';
-    cookie:
+    cookie: 
\ No newline at end of file

From b6f0c644f87c3c0f60e32703dbb2f196dc0ce760 Mon Sep 17 00:00:00 2001
From: joncrangle <94425204+joncrangle@users.noreply.github.com>
Date: Thu, 9 Nov 2023 22:05:42 -0500
Subject: [PATCH 3/3] Undo prettier

---
 ruleset.yaml | 48 ++++++++++++++++++++++++------------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/ruleset.yaml b/ruleset.yaml
index 877a590..d1c1e9f 100644
--- a/ruleset.yaml
+++ b/ruleset.yaml
@@ -1,6 +1,6 @@
 - domain: example.com
-  domains:
-    - www.beispiel.de
+  domains: 
+  - www.beispiel.de
   googleCache: true
   headers:
     x-forwarded-for: none
@@ -61,16 +61,16 @@
             removeDOMElement(paywall)
           });
         </script>
-- domains:
-    - www.architecturaldigest.com
-    - www.bonappetit.com
-    - www.cntraveler.com
-    - www.epicurious.com
-    - www.gq.com
-    - www.newyorker.com
-    - www.vanityfair.com
-    - www.vogue.com
-    - www.wired.com
+- domains: 
+  - www.architecturaldigest.com
+  - www.bonappetit.com
+  - www.cntraveler.com
+  - www.epicurious.com
+  - www.gq.com
+  - www.newyorker.com
+  - www.vanityfair.com
+  - www.vogue.com
+  - www.wired.com
   injections:
     - position: head
       append: |
@@ -80,13 +80,13 @@
             banners.forEach(el => { el.remove(); });
           });
         </script>
-- domains:
-    - www.nytimes.com
-    - www.time.com
+- domains: 
+  - www.nytimes.com
+  - www.time.com
   headers:
     ueser-agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
     cookie: nyt-a=; nyt-gdpr=0; nyt-geo=DE; nyt-privacy=1
-    referer: https://www.google.com/
+    referer: https://www.google.com/ 
   injections:
     - position: head
       append: |
@@ -97,14 +97,14 @@
             banners.forEach(el => { el.remove(); });
           });
         </script>
-- domains:
-    - www.thestar.com
-    - www.niagarafallsreview.ca
-    - www.stcatharinesstandard.ca
-    - www.thepeterboroughexaminer.com
-    - www.therecord.com
-    - www.thespec.com
-    - www.wellandtribune.ca
+- domains: 
+  - www.thestar.com
+  - www.niagarafallsreview.ca
+  - www.stcatharinesstandard.ca
+  - www.thepeterboroughexaminer.com
+  - www.therecord.com
+  - www.thespec.com
+  - www.wellandtribune.ca
   injections:
     - position: head
       append: |