save file

javascript-2020 · javascript-2020 · commit ac65dd79b503 · 2025-12-04T17:27:10.000Z
diff --git a/blog/25-12-04/bypass-csp/bypass-csp.html b/blog/25-12-04/bypass-csp/bypass-csp.html
@@ -128,7 +128,7 @@
             </script init>
 
 
-            <link rel=stylesheet href='https://fonts.googleapis.com/css2?family=Pacifico&display=swap'>
+            <link rel=stylesheet href='https://fonts.googleapis.com/css2?family=Pacifico&display=swap' crossorigin=anonymous>
             <link rel=stylesheet href='/blog/css/blog.css'>
 
             <style>
@@ -209,7 +209,10 @@
 
   blog-hdr h1
     {font-family:pacifico}
-            
+
+  .br
+    {margin-top: 1.5em}
+    
             </style>
             
       </head>
@@ -230,21 +233,45 @@ <h1 class=title style='position:absolute;left:0;right:0;margin:auto;top:-10px'>
       
             <div class=description>
                   <p>
+                        I was in the process of answer this question
+                        <br>
+                        <br>
+                        <a href='https://stackoverflow.com/questions/79833235/is-it-possible-to-connect-to-a-local-python-server-using-secure-web-sockets-from'>
+                              Is it possible to connect to a local Python server using secure web sockets from a browser console on an HTTPS webpage?
+                              <span class=link-domain>
+                                    stackoverflow.com
+                              </span>
+                        </a>
+                        <br>
+                        <br>
+                        but i didnt qant to get -1'd for no reason ...
+                        <a href='https://stackoverflow.com/questions/28099493/running-ffmpeg-in-browser-options/79820132#79820132'>
+                              Running ffmpeg in browser - options?
+                              <span class=link-domain>
+                                    stackoverflow.com
+                              </span>
+                        </a>
+                        <br>
+                        <br>
+                        so i thought i'd write a blog post about it anyway
+                        <br>
+                        <br>
                         Discover how to overcome the content-security-policy for a website.
                   </p>
             </div>
 
 
             <h3 class=blog-hdr>
-                  Manidest v2
+                  Manifest v2
             </h3>
             
             <section class=blog-text>
                   so right off the bat, manifest v2 is capable of removing the contest-security-policy on a web request<br>
-                  <br>
                   firefox still ( currently, at the time of writing ) supports manifest v2, it has the bindings for manifest v3 but
                   they are just stubs that do nothing<br>
-                  <br>
+                  
+                  <div class=br></div>
+                  
                   chromium and hence google chrome, edge, brave, opera and any of the myriad of browsers that are based on chromium do
                   not support manifest v2<br>
                   <br>
