The Un-Official Proxomitron Forum / Forum Related / Privoxy / Something like “decentraleyes” for Privoxy…


Post Reply 
Something like “decentraleyes” for Privoxy…
Apr. 02, 2019, 05:59 PM (This post was last modified: Apr. 02, 2019 07:01 PM by vlad_s.)
Post: #22
vlad_s Offline
Member
**
 		Posts: 116
Joined: Sep 2016
RE: Something like “decentraleyes” for Privoxy…
The exact sequence of my actions. In the file filter:
Code:
SERVER-HEADER-FILTER: Content-Security-Policy Content Security Policy.
s@^(Content-Security-Policy:\s+.*)$@$1 192.168.2.1@i
To comply with the "Content Security Policy directive". There are two actions in the file action:
Code:
{+server-header-filter{Content-Security-Policy} \
}
.yandex.*/
.yastatic.*/
{+redirect{s@^(https?://)?[^,%]+\b(angularjs|jquery|modernizr|moment)(js)?/([0-9\.]+)/[a-z\-]+\b[^/]*\.js$@https://192.168.2.1/decentraleyes/$2/$4/$2.min.jsm@} \
}
yastatic.net/(angularjs|jquery|modernizr|momentjs)/
I get this:
[Image: 2019-04-02-205011.png] [Image: 2019-04-02-205204.png]
It can be seen that my added ip 192.168.2.1 appears somewhere, but the script does not load.
And I can see in the Apache log that the request for https://192.168.2.1/decentraleyes/jquery...ry.min.jsm does not even pass, but a message in the console like "Refused to load the script" https: // 192.168.2.1/decentraleyes/jquery/2.1.4/jquery.min.jsm ..." appears. How does the browser know that something is wrong with 192.168.1, because it did not download the script from this link to find out the Content Security Policy header?

I added another filter to eliminate the message "Refused to load the script" https: // 192.168.2.1/decentraleyes/jquery/2.1.4/jquery.min.jsm ... ":
Code:
SERVER-HEADER-FILTER: Add-Content-Security-Policy Add header Content Security Policy.
s@^(Content-Length:\s+.*)$@$1\r\nContent-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-*' yastatic.net
*.yandex.net yandex.st *.yandex.st yandex.ru *.yandex.ru mc.yandex.ru mc.yandex.by mc.yandex.kz mc.yandex.ua mc.yandex.co.il mc
.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.az mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt
mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.webvisor.com mc.webvisor.org yastat.net pass.ya
ndex.ru suggest.yandex.ru news.yandex.ru social.yandex.ru export.yandex.ru an.yandex.ru awaps.yandex.ru yabs.yandex.ru news-clck
.yandex.ru 192.168.2.1@i
and action:
Code:
{+server-header-filter{Content-Security-Policy} \
}
.yandex.*/
.yastatic.*/
{+server-header-filter{Add-Content-Security-Policy} \
}
192.168.2.1/decentraleyes/
I get this:
[Image: 2019-04-02-215454.png]
I load the script using the link https://192.168.2.1/decentraleyes/jquery...ry.min.jsm to see the headers:
[Image: 2019-04-02-215629.png]
It seems all right? But does not work.
Add Thank You Quote this message in a reply
Post Reply 


Messages In This Thread
RE: Something like “decentraleyes” for Privoxy… - vlad_s - Apr. 02, 2019 05:59 PM

Forum Jump:


Contact Us | The Un-Official Proxomitron Site | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication