fix csp & cors errors

dimdenGD · Jul 22, 2022 · 260dd19 · 260dd19
1 parent 954c2e2
commit 260dd19
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 17 deletions.
diff --git a/layouts/home/script.js b/layouts/home/script.js
@@ -127,8 +127,13 @@ async function updateTimeline() {
 
     if(vars.linkColorsInTL) {
         let tlUsers = tl.map(t => t.user.screen_name).filter(u => !linkColors[u]);
-        let linkData = await fetch(`https://dimden.dev/services/twitter_link_colors/get_multiple/${tlUsers.join(',')}`).then(res => res.json());
-        for(let i in linkData) {
+        try {
+            await fetch(`https://dimden.dev/services/twitter_link_colors/get_multiple/${tlUsers.join(',')}`)
+        } catch(e) {
+            console.error(e);
+        }
+        let linkData = await fetch(`https://dimden.dev/services/twitter_link_colors/get_multiple/${tlUsers.join(',')}`).then(res => res.json()).catch(console.error);
+        if(linkData) for(let i in linkData) {
             linkColors[linkData[i].username] = linkData[i].color;
         }
     }

diff --git a/layouts/tweet/script.js b/layouts/tweet/script.js
@@ -88,8 +88,8 @@ async function updateReplies(id, c) {
             }
         }
         tlUsers = tlUsers.filter(i => !linkColors[i]);
-        let linkData = await fetch(`https://dimden.dev/services/twitter_link_colors/get_multiple/${tlUsers.join(',')}`).then(res => res.json());
-        for(let i in linkData) {
+        let linkData = await fetch(`https://dimden.dev/services/twitter_link_colors/get_multiple/${tlUsers.join(',')}`).then(res => res.json()).catch(console.error);
+        if(linkData) for(let i in linkData) {
             linkColors[linkData[i].username] = linkData[i].color;
         }
     }

diff --git a/manifest.json b/manifest.json
@@ -1,9 +1,12 @@
 {
   "name": "Old Twitter Layout (2022)",
   "description": "A new extension that returns old Twitter's look.",
-  "version": "1.1.6",
+  "version": "1.1.7",
   "manifest_version": 3,
   "homepage_url": "https://github.com/dimdenGD/OldTwitter",
+  "content_security_policy": {
+    "extension_page": "default-src 'self' dimden.dev raw.githubusercontent.com twitter.com *.twitter.com twimg.com *.twimg.com"
+  },
   "background": {
     "service_worker": "scripts/background.js"
   },

diff --git a/pack.js b/pack.js
@@ -30,9 +30,12 @@ copyDir('./', '../OldTwitterFirefox').then(async () => {
     manifest.permissions = [
         ...manifest.permissions,
         ...manifest.host_permissions,
+        "https://dimden.dev/*",
+        "https://raw.githubusercontent.com/*",
         "webRequest",
         "webRequestBlocking"
     ];
+    manifest.content_security_policy = manifest.content_security_policy.extension_page;
     delete manifest.host_permissions;
     delete manifest.declarative_net_request;
     delete manifest.background.service_worker;
@@ -59,7 +62,7 @@ copyDir('./', '../OldTwitterFirefox').then(async () => {
     chrome.webRequest.onBeforeRequest.addListener(
         function(details) {
             return {
-                cancel: !details.url.includes("mobile.twitter.com") && (details.url.includes("://twitter.com/manifest.json") || details.url.includes("https://abs.twimg.com/responsive-web/client-web/"))
+                cancel: !details.url.includes("mobile.twitter.com") && (details.url.includes("twitter.com/manifest.json") || details.url.includes("abs.twimg.com/responsive-web/client-web/"))
             };
         }, {
             urls: ["*://twitter.com/*"]
@@ -68,25 +71,41 @@ copyDir('./', '../OldTwitterFirefox').then(async () => {
     );
     chrome.webRequest.onBeforeSendHeaders.addListener(
         function(details) {
-            if (details.url.includes("twimg.com")) {
-                if(!details.requestHeaders.find(h => h.name.toLowerCase() === 'origin')) details.requestHeaders.push({
-                    name: "Origin",
-                    value: "https://twitter.com"
-                });
-            }
-            for (var i = 0; i < details.requestHeaders.length; ++i) {
-                if (details.requestHeaders[i].name.toLowerCase() === 'content-security-policy') {
-                    details.requestHeaders.splice(i, 1);
+            if(!details.requestHeaders.find(h => h.name.toLowerCase() === 'origin')) details.requestHeaders.push({
+                name: "Origin",
+                value: "https://twitter.com"
+            });
+            return {
+                requestHeaders: details.requestHeaders
+            };
+        }, {
+            urls: ["*://*.twimg.com/*", "*://twimg.com/*"]
+        },
+        ["blocking", "requestHeaders"]
+    );
+    chrome.webRequest.onHeadersReceived.addListener(
+        function(details) {
+            for (let i = 0; i < details.responseHeaders.length; ++i) {
+                if (details.responseHeaders[i].name.toLowerCase() === 'content-security-policy') {
+                    details.responseHeaders.splice(i, 1);
                     break;
                 }
             }
+            if(!details.responseHeaders.find(h => h.name.toLowerCase() === 'access-control-allow-origin')) details.requestHeaders.push({
+                name: "access-control-allow-origin",
+                value: "*"
+            });
+            if(!details.responseHeaders.find(h => h.name.toLowerCase() === 'access-control-allow-headers')) details.requestHeaders.push({
+                name: "access-control-allow-headers",
+                value: "*"
+            });
             return {
-                requestHeaders: details.requestHeaders
+                responseHeaders: details.responseHeaders
             };
         }, {
             urls: ["*://twitter.com/*", "*://*.twitter.com/*", "*://*.twimg.com/*", "*://twimg.com/*"]
         },
-        ["blocking", "requestHeaders"]
+        ["blocking", "responseHeaders"]
     );
     `;