31 lines
1.0 KiB
Go
31 lines
1.0 KiB
Go
package responsemodifers
|
|
|
|
import (
|
|
"ladder/proxychain"
|
|
)
|
|
|
|
// TODO: handle edge case where CSP is specified in meta tag:
|
|
// <meta http-equiv="Content-Security-Policy" content="default-src 'self'">
|
|
|
|
// BypassContentSecurityPolicy modifies response headers to prevent the browser
|
|
// from enforcing any CSP restrictions. This should run at the end of the chain.
|
|
func BypassContentSecurityPolicy() proxychain.ResponseModification {
|
|
return func(chain *proxychain.ProxyChain) error {
|
|
chain.AddResponseModifications(
|
|
DeleteResponseHeader("Content-Security-Policy"),
|
|
DeleteResponseHeader("Content-Security-Policy-Report-Only"),
|
|
DeleteResponseHeader("X-Content-Security-Policy"),
|
|
DeleteResponseHeader("X-WebKit-CSP"),
|
|
)
|
|
return nil
|
|
}
|
|
}
|
|
|
|
// SetContentSecurityPolicy modifies response headers to a specific CSP
|
|
func SetContentSecurityPolicy(csp string) proxychain.ResponseModification {
|
|
return func(chain *proxychain.ProxyChain) error {
|
|
chain.Response.Header.Set("Content-Security-Policy", csp)
|
|
return nil
|
|
}
|
|
}
|