Post Reply 
Something like “decentraleyes” for Privoxy…
Apr. 02, 2019, 05:59 PM (This post was last modified: Apr. 02, 2019 07:01 PM by vlad_s.)
Post: #22
RE: Something like “decentraleyes” for Privoxy…
The exact sequence of my actions. In the file filter:
Code:
SERVER-HEADER-FILTER: Content-Security-Policy Content Security Policy.
[email protected]^(Content-Security-Policy:\s+.*)$@$1 [email protected]
To comply with the "Content Security Policy directive". There are two actions in the file action:
Code:
{+server-header-filter{Content-Security-Policy} \
}
.yandex.*/
.yastatic.*/
{+redirect{[email protected]^(https?://)?[^,%]+\b(angularjs|jquery|modernizr|moment)(js)?/([0-9\.]+)/[a-z\-]+\b[^/]*\.js$@https://192.168.2.1/decentraleyes/$2/$4/$[email protected]} \
}
yastatic.net/(angularjs|jquery|modernizr|momentjs)/
I get this:
[Image: 2019-04-02-205011.png] [Image: 2019-04-02-205204.png]
It can be seen that my added ip 192.168.2.1 appears somewhere, but the script does not load.
And I can see in the Apache log that the request for https://192.168.2.1/decentraleyes/jquery...ry.min.jsm does not even pass, but a message in the console like "Refused to load the script" https: // 192.168.2.1/decentraleyes/jquery/2.1.4/jquery.min.jsm ..." appears. How does the browser know that something is wrong with 192.168.1, because it did not download the script from this link to find out the Content Security Policy header?

I added another filter to eliminate the message "Refused to load the script" https: // 192.168.2.1/decentraleyes/jquery/2.1.4/jquery.min.jsm ... ":
Code:
SERVER-HEADER-FILTER: Add-Content-Security-Policy Add header Content Security Policy.
[email protected]^(Content-Length:\s+.*)$@$1\r\nContent-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-*' yastatic.net
*.yandex.net yandex.st *.yandex.st yandex.ru *.yandex.ru mc.yandex.ru mc.yandex.by mc.yandex.kz mc.yandex.ua mc.yandex.co.il mc
.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.az mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt
mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.webvisor.com mc.webvisor.org yastat.net pass.ya
ndex.ru suggest.yandex.ru news.yandex.ru social.yandex.ru export.yandex.ru an.yandex.ru awaps.yandex.ru yabs.yandex.ru news-clck
.yandex.ru [email protected]
and action:
Code:
{+server-header-filter{Content-Security-Policy} \
}
.yandex.*/
.yastatic.*/
{+server-header-filter{Add-Content-Security-Policy} \
}
192.168.2.1/decentraleyes/
I get this:
[Image: 2019-04-02-215454.png]
I load the script using the link https://192.168.2.1/decentraleyes/jquery...ry.min.jsm to see the headers:
[Image: 2019-04-02-215629.png]
It seems all right? But does not work.
Add Thank You Quote this message in a reply
Post Reply 


Messages In This Thread
RE: Something like “decentraleyes” for Privoxy… - vlad_s - Apr. 02, 2019 05:59 PM

Forum Jump: