Skip to content

A browser extension to disable http header Content-Security-Policy and html meta Content-Security-Policy

Notifications You must be signed in to change notification settings

lisonge/Disable-CSP

Repository files navigation

Disable-CSP

A browser extension to disable http header Content-Security-Policy and html meta Content-Security-Policy

In the process of website development and testing, we inevitably need to inject cross-domain resources into some websites, but Content-Security-Policy prevents this. So you can use this extension to disable Content-Security-Policy so that you have a better development experience

  • disable http header csp
  • disable html meta csp (must open devtools)

image

Install

Sample

http header csp

image

disable http header csp

image

html meta csp

image

disable html meta csp (**must open devtools**)

image

Permission Specification

1.declarativeNetRequest: disable http header Content-Security-Policy, remove response headers

2.debugger: disable http meta Content-Security-Policy, attach devtools then modify http response body

3.storage: save disable/enable csp user config

4.tabs: disable http meta Content-Security-Policy, attach the current tabId of devtools then modify http response body

5.host_permissions<all_urls>: disable the Content-Security-Policy of any host