Company logo
  • Jobs
  • Bootcamp
  • About Us
  • For professionals
    • Home
    • Jobs
    • Courses
    • Questions
    • Teachers
    • Bootcamp
  • For business
    • Home
    • Our process
    • Plans
    • Assessments
    • Payroll
    • Blog
    • Calculator

0

33
Views
How To Disable/Bypass Content-Security-Policy with Tampermonkey

So i used firebase auth to connect to small web app i made in tampermonkey

auth.signInWithEmailAndPassword(email, password)

The issue is when i use it on the target page the content get blocked because Content-Security-Policy but this can be fixed in Firefox by disabling Content-Security-Policy

What i tried

1 / Fetch the data with this script fetch(auth.signInWithEmailAndPassword(email, password)) https://github.com/mitchellmebane/GM_fetch/blob/master/GM_fetch.js

2/ GM.xmlHttpRequest

GM.xmlHttpRequest({
  method: "POST",
  url: "...googleapis.com/v1/accounts:signInWithCustomToken?key="bla..bla",
 headers: {
    "Content-Type": "application/json"
  },
   data: {"email":email,"password":password,"returnSecureToken":true},

 onload: function(response) {
   auth.signInWithEmailAndPassword(email, password)

  }
})

3 / Chrome extension

https://chrome.google.com/webstore/detail/disable-content-security/ieelmcmcagommplceebfedjlakkhpden?hl=en

5 months ago · Juan Pablo Isaza
Answer question
Find remote jobs

Discover the new way to find a job!

Top jobs
Top job categories
Business
Post job Plans Our process Sales
Legal
Terms and conditions Privacy policy
© 2023 PeakU Inc. All Rights Reserved.