From a30e20c359f92db16fd25c96b15bf4a86eaca843 Mon Sep 17 00:00:00 2001
From: ThaUnknown <6506529+ThaUnknown@users.noreply.github.com>
Date: Fri, 16 Sep 2022 21:06:58 +0200
Subject: [PATCH] feat: manifest CSP

---
 background.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/background.js b/background.js
index 19b3bd7..40521e9 100644
--- a/background.js
+++ b/background.js
@@ -12,6 +12,8 @@ chrome.webRequest.onHeadersReceived.addListener(({ responseHeaders, url }) => {
     for (let p of cspAllowAll) {
       csp.value = csp.value.replace(`${p}`, `${p} * blob: data:`); // * does not include data: URIs
     }
+    // Discord doesn't even specify a manifest CSP so we create our own
+    csp.value += ' manifest-src * blob: data:;';
 
     // Fix Discord's broken CSP which disallows unsafe-inline due to having a nonce (which they don't even use?)
     csp.value = csp.value.replace(/'nonce-.*?' /, '');