From 63f62a8025378c5a01b0889eeda495370efeb636 Mon Sep 17 00:00:00 2001
From: Jakob Getz <jakob@getz.de>
Date: Thu, 7 Dec 2023 20:28:42 +0900
Subject: [PATCH] fix content header security issue

---
 src/analyser.cts | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/analyser.cts b/src/analyser.cts
index 7c7d7f88..086eb2e9 100644
--- a/src/analyser.cts
+++ b/src/analyser.cts
@@ -82,6 +82,21 @@ export default class Analyser {
 
         await this.page.addInitScript({ content: initScript })
 
+        await this.page.route('**/*', async (route) => {
+            const response = await route.fetch()
+            const headers = response.headers()
+
+            // Remove or modify the CSP header
+            delete headers['content-security-policy'];
+            delete headers['content-security-policy-report-only']
+
+            await route.fulfill({
+                status: response.status(),
+                headers: headers,
+                body: await response.body()
+            });
+        })
+
         await this.page.route(`**/*.js*`, async route => {
             let response
             try {
@@ -98,9 +113,6 @@ export default class Analyser {
             } catch {
                 route.fulfill({ response, body: script })
             }
-            // const script = response.text()
-            // const body = `${initScript}${script}`
-            // await route.fulfill({ response, body: body })
         })
         this.page.on('worker', worker => {
             this.contexts.push(worker)