Can't skewer some sites: Content Security Policy

[formido]

Sadly, I can't skewer some sites, e.g., GitHub, because attempting to do so results in an error in the console:

VM6662:37 Refused to load the script 'http://localhost:8080/skewer' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' assets-cdn.github.com".

It looks like there's no solution:

https://medium.com/making-instapaper/bookmarklets-are-dead-d470d4bbb626#.nnx4p58sl

[skeeto]

Yup, this browser feature makes perfect sense, but it's certainly a
roadblock. It didn't exist when I first wrote Skewer, so it wasn't a
consideration. There are two workarounds, which I should probably
document in the README:

• In Firefox you can disable CSP by toggling security.csp.enable in
  about:config. This should probably be done in a separate profile where
  you're not logged into anything important.
• The bookmarklet is out, but the Greasemonkey userscript could be
  updated to inject Skewer from a privileged context that gets to bypass
  CSP. Currently it uses "@grant none" which runs it in the normal
  sandbox and therefore gets blocked by CSP. Updating it will take some
  care to avoid running Skewer itself in the privileged context.

[formido]

Interesting. And for Chrome, it turns out there's an extension to disable CSP:

https://chrome.google.com/webstore/detail/disable-content-security/ieelmcmcagommplceebfedjlakkhpden?hl=en