Git Product home page Git Product logo

Comments (2)

dreamer2908 avatar dreamer2908 commented on July 17, 2024

Hi. I've tested redirecting all images from Web Archive to Baka-Tsuki, but it was blocked by the site's Content Security Policy.

The policy is specified in Web Archive's HTTP header to ask the browser to only load stuff from archive.org web.archive.org analytics.archive.org pragma.archivelab.org for their pages.

Browser extensions can bypass this policy, but a userscript like Baka-HTML can't.

So I guess it won't happen.

2020-02-02_212735

--2020-02-02 21:25:57--  http://web.archive.org/web/20160430215705/https://www.baka-tsuki.org/project/index.php?title=Leviathan:Volume_1_Illustrations
Resolving web.archive.org (web.archive.org)... 207.241.233.214
Connecting to web.archive.org (web.archive.org)|207.241.233.214|:80... connected.
HTTP request sent, awaiting response... 
  HTTP/1.1 200 OK
  Server: nginx/1.15.8
  Date: Sun, 02 Feb 2020 14:25:58 GMT
  Content-Type: text/html; charset=UTF-8
  Content-Length: 38109
  Connection: keep-alive
  X-Archive-Orig-Server: nginx
  X-Archive-Orig-X-Powered-By: PHP/5.6.12
  X-Archive-Orig-X-Content-Type-Options: nosniff
  X-Archive-Orig-Content-language: en
  X-Archive-Orig-X-UA-Compatible: IE=Edge
  X-Archive-Orig-Vary: Accept-Encoding, Cookie, Accept-Encoding
  X-Archive-Orig-Expires: Sat, 30 Apr 2016 20:29:00 GMT
  X-Archive-Orig-Cache-Control: max-age=3600, s-maxage=3600,must-revalidate,proxy-revalidate
  X-Archive-Orig-Pragma: public
  X-Archive-Orig-Date: Sat, 30 Apr 2016 21:56:13 GMT
  X-Archive-Orig-Connection: close
  X-Archive-Orig-X-Cache: HIT
  X-Archive-Orig-X-Cache-Hits: 7
  X-Archive-Orig-X-Age: 8833
  X-Archive-Guessed-Content-Type: text/html
  X-Archive-Guessed-Charset: utf-8
  Memento-Datetime: Sat, 30 Apr 2016 21:57:05 GMT
  Link: <http://www.baka-tsuki.org/project/index.php?title=Leviathan:Volume_1_Illustrations>; rel="original", <http://web.archive.org/web/timemap/link/http://www.baka-tsuki.org/project/index.php?title=Leviathan:Volume_1_Illustrations>; rel="timemap"; type="application/link-format", <http://web.archive.org/web/http://www.baka-tsuki.org/project/index.php?title=Leviathan:Volume_1_Illustrations>; rel="timegate", <http://web.archive.org/web/20150227005201/http://www.baka-tsuki.org:80/project/index.php?title=Leviathan:Volume_1_Illustrations>; rel="first memento"; datetime="Fri, 27 Feb 2015 00:52:01 GMT", <http://web.archive.org/web/20150227005201/http://www.baka-tsuki.org:80/project/index.php?title=Leviathan:Volume_1_Illustrations>; rel="prev memento"; datetime="Fri, 27 Feb 2015 00:52:01 GMT", <http://web.archive.org/web/20160430215705/http://www.baka-tsuki.org/project/index.php?title=Leviathan:Volume_1_Illustrations>; rel="memento"; datetime="Sat, 30 Apr 2016 21:57:05 GMT", <http://web.archive.org/web/20160430215705/http://www.baka-tsuki.org/project/index.php?title=Leviathan:Volume_1_Illustrations>; rel="last memento"; datetime="Sat, 30 Apr 2016 21:57:05 GMT"
  Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org analytics.archive.org pragma.archivelab.org
  X-Archive-Src: WIDE-20160430205756-crawl429/WIDE-20160430213145-07357.warc.gz
  Server-Timing: exclusion.robots.policy;dur=0.157987
  Server-Timing: LoadShardBlock;dur=71.775003
  Server-Timing: esindex;dur=0.014554
  Server-Timing: CDXLines.iter;dur=18.151894
  Server-Timing: RedisCDXSource;dur=235.688717
  Server-Timing: captures_list;dur=328.558449
  Server-Timing: PetaboxLoader3.resolve;dur=116.597772
  Server-Timing: load_resource;dur=210.591993
  Server-Timing: exclusion.robots;dur=0.171507
  Server-Timing: PetaboxLoader3.datanode;dur=142.997838
  X-App-Server: wwwb-app100
  X-ts: 200
  X-location: All
  X-Cache-Key: httpweb.archive.org/web/20160430215705/https://www.baka-tsuki.org/project/index.php?title=Leviathan:Volume_1_IllustrationsVN
  X-Page-Cache: HIT
Length: 38109 (37K) [text/html]
Saving to: ‘STDOUT’
<html contents omitted>

from baka-epub.

amit34521 avatar amit34521 commented on July 17, 2024

Looking at this Mozilla developer docs, it is possible to disable or bypass CSP via meta tags.
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

<meta http-equiv="Content-Security-Policy" content="default-src https://cdn.example.net; child-src 'none'; object-src 'none'">
Adding the default-src and img-src there with baka-tsuki with self might be a possible bypass. The Mozilla link has some examples for that

Also there are extension to temporarily disabled the CSP on chrome.

from baka-epub.

Related Issues (2)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.