segment-boneyard/nightmare

Bypass CSP (Content Security Policy)

Open

#889 opened on Nov 15, 2016

View on GitHub
 (5 comments) (0 reactions) (0 assignees)JavaScript (1,076 forks)batch import
Help Wanted

Repository metrics

Stars
 (19,507 stars)
PR merge metrics
 (No merged PRs in 30d)

Description

I am trying to bypass CSP in order to run some eval() code or spawn web workers.

I found this issue on electron: https://github.com/electron/electron/issues/3430 which suggests using webFrame.registerURLSchemeAsBypassingCSP(scheme) http://electron.atom.io/docs/api/web-frame/#webframeregisterurlschemeasbypassingcspscheme

I have tried to do that in a preloader script but it doesn't seem to affect the page's policy.

Have you ever faced this or have any clue what might be wrong or a possible solution?

Thanks!

Contributor guide