diff --git a/main.js b/main.js index 148242c..e210174 100644 --- a/main.js +++ b/main.js @@ -1228,6 +1228,40 @@ app.whenReady().then(async () => { } ); + // Strip Trusted Types directives from CSP for sites that enforce them + // (YouTube, Gmail, etc.). The cliqz adblocker injects inline scriptlets to + // neutralize anti-adblock tricks; those injections use plain script.text + // assignment which TT blocks → "An HTMLScriptElement was directly modified + // and will not be executed" (52+ console errors on YouTube). Without TT + // the adblocker's scripts run and YouTube works normally. + const TT_STRIP_HOSTS = [ + 'youtube.com', 'youtu.be', 'youtubekids.com', + 'google.com', 'gmail.com', 'mail.google.com', + ]; + const stripTrustedTypes = (sess) => { + sess.webRequest.onHeadersReceived( + { urls: ['https://*/*'] }, + (details, callback) => { + let host = ''; + try { host = new URL(details.url).hostname; } catch {} + const match = TT_STRIP_HOSTS.some(d => host === d || host.endsWith('.' + d)); + const headers = details.responseHeaders; + if (!match || !headers) return callback({}); + for (const k of Object.keys(headers)) { + if (/^content-security-policy(-report-only)?$/i.test(k)) { + headers[k] = headers[k].map(v => v + .replace(/require-trusted-types-for[^;]*;?\s*/gi, '') + .replace(/trusted-types[^;]*;?\s*/gi, '')); + } + } + callback({ responseHeaders: headers }); + } + ); + }; + stripTrustedTypes(session.defaultSession); + stripTrustedTypes(getProxySession()); + stripTrustedTypes(getDirectSession()); + // Apply proxy from config before blocker tries to download filter lists loadTrustedDomainsFromDisk(); try { diff --git a/package.json b/package.json index 703328c..bf93a78 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "ESH-Media", - "version": "1.0.5", + "version": "1.0.6", "private": true, "main": "main.js", "scripts": {