fix(1.0.6): strip Trusted Types CSP on YouTube/Google to unbreak adblocker
YouTube response sends Content-Security-Policy: require-trusted-types-for 'script' which blocks the cliqz adblocker's inline-script injection used to neutralize YT's anti-adblock detection (52 "HTMLScriptElement was directly modified and will not be executed" console errors). Strip require-trusted-types-for and trusted-types directives from CSP and CSP-Report-Only headers for youtube.com / youtu.be / google.com / gmail.com (and subdomains) via onHeadersReceived on all 3 sessions. Other CSP directives stay intact so site-level security boundaries hold. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "ESH-Media",
|
||||
"version": "1.0.5",
|
||||
"version": "1.0.6",
|
||||
"private": true,
|
||||
"main": "main.js",
|
||||
"scripts": {
|
||||
|
||||
Reference in New Issue
Block a user