Question

0

33

Views

How To Disable/Bypass Content-Security-Policy with Tampermonkey

So i used firebase auth to connect to small web app i made in tampermonkey

auth.signInWithEmailAndPassword(email, password)

The issue is when i use it on the target page the content get blocked because Content-Security-Policy but this can be fixed in Firefox by disabling Content-Security-Policy

What i tried

1 / Fetch the data with this script fetch(auth.signInWithEmailAndPassword(email, password)) https://github.com/mitchellmebane/GM_fetch/blob/master/GM_fetch.js

2/ GM.xmlHttpRequest

GM.xmlHttpRequest({
  method: "POST",
  url: "...googleapis.com/v1/accounts:signInWithCustomToken?key="bla..bla",
 headers: {
    "Content-Type": "application/json"
  },
   data: {"email":email,"password":password,"returnSecureToken":true},

 onload: function(response) {
   auth.signInWithEmailAndPassword(email, password)

  }
})

3 / Chrome extension

https://chrome.google.com/webstore/detail/disable-content-security/ieelmcmcagommplceebfedjlakkhpden?hl=en

5 months ago · Juan Pablo Isaza

Answer question

0

33

How To Disable/Bypass Content-Security-Policy with Tampermonkey

Find remote jobs