CSP Unblock
大小:114KiB版本:v 0.1.1更新时间:2022-04-28
No more Content-Security-Policy limitations. This extension removes all CSP-related headers during website testing.
CSP Unblock 的使用方法详解,最全面的教程
CSP Unblock 描述:
用户数:134
分类:开发者工具插件
扩展大小:114 KiB
最后更新时间:2022-04-28
版本:v 0.1.1
CSP Unblock 插件简介:
这是来自Chrome商店的 CSP Unblock 浏览器插件,您可以在当前页面下载它的最新版本安装文件,并安装在Chrome、Edge等浏览器上。
CSP Unblock插件下载方法/流程:
点击下载按钮,关注“扩展迷Extfans”公众号并获取验证码,在网页弹窗中输入验证码,即可下载最新安装文件。
CSP Unblock插件安装教程/方法:
(1)将扩展迷上下载的安装包文件(.zip)解压为文件夹,其中类型为“crx”的文件就是接下来需要用到的安装文件
(2) 从设置->更多工具->扩展程序 打开扩展程序页面,或者地址栏输入 Chrome://extensions/ 按下回车打开扩展程序页面
(3) 打开扩展程序页面的“开发者模式”
(4) 将crx文件拖拽到扩展程序页面,
完成安装如有其它安装问题,
请扫描网站底部二维码与客服联系如有疑问请参考:
https://www.extfans.com/installation/This extension removes the following CSP-related response headers to remove limitations caused by CSP.
1. "content-security-policy" header
2. "content-security-policy-report-only" header
3. "x-webkit-csp" header
4. "x-content-security-policy" header
Use Cases:
1. This extension can temporarily remove the limitations of CSP so that the developer can test inline and remote scripts. Also, you can load different cross-origin resources without any limitation.
2. Allow a website to load a remote worker script
3. Allow a website to play remote media
Notes:
1. Disable the extension when you are browsing the internet. By removing CSP, the website's protection reduces significantly which might harm you.
2. The extension removes specified CSP-related headers from the top-frame and all sub-frame elements
Definitions:
"content-security-policy" header: The HTTP Content-Security-Policy response header allows website administrators to control resources the user agent is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints. This helps guard against cross-site scripting attacks (Cross-site_scripting).
"content-security-policy-report-only" header: The HTTP Content-Security-Policy-Report-Only response header allows web developers to experiment with policies by monitoring (but not enforcing) their effects. These violation reports consist of JSON documents sent via an HTTP POST request to the specified URI.