Dev

.gitignore

@@ -3,3 +3,7 @@ extension.zip
 .idea/
 .DS_Store
 Thumbs.db
+server/nginx.conf
+server/tls/*
+!server/tls/.gitkeep
+

extension/js/background.js

@@ -80,6 +80,37 @@ chrome.webRequest.onHeadersReceived.addListener(
   ["blocking", 'responseHeaders']
 );
 
+/**
+ *   使用自己架设nginx服务，替换地址
+ *
+ *   容器运行 nginx 脚本位于server 目录
+ *   备注： domain.com   请更换为自己的域名
+ *
+ *   测试案例 查看chromium 源码
+ *   https://gerrit.googlesource.com/gerrit
+ *   https://www.chromium.org
+ *   https://chromium.googlesource.com/
+ *   https://source.chromium.org/chromium
+ * @param details
+ * @param proxy_provider  # 请更换为自己的域名
+ * @returns {string}
+ *
+ */
+let use_nginx_proxy=(details,proxy_provider='.proxy.domain.com')=>{
+    // 主要是和 nginx 配合使用
+    let url = details.url.replace('http://', 'https://')
+    // 代理服务提供者 需要支持泛域名
+    // let proxy_provider = '.proxy.domain.com'
+    let middle_builder = new URL(url);
+    // 中文域名编码转换 punycode标准编码: punycode('点')= 'xn--3px'
+    //替换点. 为了正则表达式好区分
+    let host = middle_builder.host.replace(/\./g, '_xn--3px_');
+    //计算符号点的个数
+    let dot_nums = middle_builder.host.match(/\./g).length
+    let query_string = middle_builder.pathname + middle_builder.search
+    return  "https://" + dot_nums + '_' + host + proxy_provider + query_string;
+}
+
 chrome.webRequest.onBeforeRequest.addListener(
   function (details) {
     // Comment out these lines
@@ -93,6 +124,9 @@ chrome.webRequest.onBeforeRequest.addListener(
     //     return details.url;
     // }
 
+    // 使用nginx架设的服务地址替换
+    // return {redirectUrl: use_nginx_proxy(details)};
+
     let url = details.url.replace("http://", "https://");
     url = url.replace("ajax.googleapis.com", "ajax.loli.net");
     url = url.replace("fonts.googleapis.com", "fonts.loli.net");
@@ -112,15 +146,16 @@ chrome.webRequest.onBeforeRequest.addListener(
   },
   {
     urls: [
-      "*://ajax.googleapis.com/*",
-      "*://fonts.googleapis.com/*",
-      "*://themes.googleusercontent.com/*",
-      "*://fonts.gstatic.com/*",
-      "*://www.google.com/recaptcha/*",
-      "*://secure.gravatar.com/*",
-      "*://www.gravatar.com/*",
-      "*://maxcdn.bootstrapcdn.com/bootstrap/*",
-
+        "*://ajax.googleapis.com/*",
+        "*://fonts.googleapis.com/*",
+        "*://themes.googleusercontent.com/*",
+        "*://fonts.gstatic.com/*",
+        "*://www.google.com/recaptcha/*",
+        "*://secure.gravatar.com/*",
+        "*://www.gravatar.com/*",
+        "*://maxcdn.bootstrapcdn.com/bootstrap/*",
+       // "*://*.chromium.org/*",
+       // "*://*.googlesource.com/*"
     ],
   },
   ["blocking"]

server/README.md

@@ -0,0 +1,18 @@
+# 自建 nginx 服务
+
+## 准备
+1. docker 
+2. TLS证书
+
+## # 请更换 domain 为自己的域名
+
+
+##行 nginx
+
+
+```shell
+
+bash  run-server.sh
+
+```
+

server/custom-proxy-header.item

@@ -0,0 +1,37 @@
+set $cors_origin "*";
+set $allow_credentials "true";
+
+set $origin_is_exists 0;
+
+if ( $http_origin = "null" ){
+    set $origin_is_exists 1;
+}
+
+if ( $http_origin != '' ){
+    set $origin_is_exists 1;
+}
+
+if ($origin_is_exists = 1) {
+    set $cors_origin $http_origin;
+}
+
+if ( $request_uri ~* .(eot|ttf|woff|svg|otf|woff2)$ )
+{
+    set $cors_origin "*";
+}
+
+set $custom_headers 'Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,authorization,accept-ranges,content-length,content-type,date,server,last-modified,etag,access-control-allow-credentials,access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,access-control-expose-headers,content-security-policy,content-security-policy-report-only,referrer-policy,Strict-Transport-Security';
+
+add_header Access-Control-Allow-Origin $cors_origin always;
+add_header Access-Control-Allow-Methods 'GET,HEAD,POST,PUT,DELETE,CONNECT,OPTIONS,TRACE,PATCH' always;
+add_header Access-Control-Allow-Credentials $allow_credentials always;
+
+add_header 'Access-Control-Allow-Headers' "$custom_headers";
+add_header 'Access-Control-Expose-Headers' "$custom_headers";
+#   预检请求处理
+if ( $request_method = "OPTIONS" ) {
+    return 204;
+}
+
+
+

server/get-nginx-default-conf.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -eux
+__DIR__=$(cd "$(dirname "$0")";pwd)
+cd ${__DIR__}
+
+# 获得nginx 默认配置文件
+container_id=$(docker create nginx:alpine)  # returns container ID
+docker cp "$container_id":/etc/nginx/nginx.conf nginx.conf
+
+# shellcheck disable=SC2086
+docker rm $container_id

server/hidden_proxy_headers.item

@@ -0,0 +1,42 @@
+proxy_hide_header "Set-Cookie";
+proxy_hide_header 'access-control-allow-origin';
+proxy_hide_header 'content-security-policy';
+proxy_hide_header 'Content-Security-Policy';
+proxy_hide_header 'content-security-policy-report-only';
+proxy_hide_header 'Content-Security-Policy-Report-Only';
+proxy_hide_header 'expect-ct';
+proxy_hide_header 'Expect-Ct';
+proxy_hide_header 'x-content-security-policy';
+proxy_hide_header 'X-Content-Security-Policy';
+proxy_hide_header 'x-webkit-csp';
+proxy_hide_header 'X-Webkit-CSP';
+proxy_hide_header 'x-xss-protection';
+proxy_hide_header 'X-Xss-Protection';
+proxy_hide_header 'x-content-type-options';
+proxy_hide_header 'X-Content-Type-Options';
+proxy_hide_header 'permissions-policy';
+proxy_hide_header 'Permissions-Policy';
+proxy_hide_header 'x-frame-options';
+proxy_hide_header 'X-Frame-Options';
+proxy_hide_header 'cross-origin-opener-policy-report-only';
+proxy_hide_header 'Cross-Origin-Opener-Policy-Report-Only';
+proxy_hide_header 'cross-origin-embedder-policy-report-only';
+proxy_hide_header 'Cross-Origin-Embedder-Policy-Report-Only';
+proxy_hide_header 'cross-origin-opener-policy';
+proxy_hide_header 'Cross-Origin-Opener-Policy';
+proxy_hide_header 'report-to';
+proxy_hide_header 'Report-To';
+proxy_hide_header 'timing-allow-origin';
+proxy_hide_header 'Timing-Allow-Origin';
+proxy_hide_header 'nel';
+proxy_hide_header 'Nel';
+proxy_hide_header 'link';
+proxy_hide_header 'Link';
+proxy_hide_header 'referrer-policy';
+proxy_hide_header 'Referrer Policy';
+proxy_hide_header 'access-control-allow-credentials';
+#proxy_hide_header 'access-control-allow-headers';
+proxy_hide_header 'access-control-allow-methods';
+proxy_hide_header 'access-control-allow-origin';
+#proxy_hide_header 'access-control-expose-headers';
+proxy_hide_header 'alt-svc';

server/nginx-ok.conf

@@ -0,0 +1,142 @@
+
+#user  nobody;
+user  nginx;
+worker_processes  auto;
+# worker_cpu_affinity auto;
+
+
+error_log  /var/log/nginx/error.log info;
+pid        /var/run/nginx.pid;
+#error_log  logs/error.log  notice;
+#error_log  logs/error.log  info;
+
+#pid        logs/nginx.pid;
+
+
+events {
+    worker_connections  10240;
+}
+
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  ' $remote_addr - $remote_user [$time_local] "$request" '
+                      ' $status $body_bytes_sent "$http_referer" '
+                      ' "$http_user_agent" "$http_x_forwarded_for" '
+                      ' host:"$host"            des_host:"$custom_des_host" '
+                      ' origin:"$http_origin"   des_origin:"$custom_des_origin" '
+                      ' referer:"$http_referer" des_referer:"$custom_des_referer" ';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+
+
+    gzip  on;
+    gzip_vary on;
+    gzip_comp_level 6;
+    gzip_buffers 4 16k;
+    gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/xml text/javascript application/json image/png image/gif image/jpeg;
+    server_tokens off;
+    resolver  1.1.1.1 ipv6=off;
+
+    proxy_buffer_size  128k;
+    proxy_buffers   32 32k;
+    proxy_busy_buffers_size 128k;
+    proxy_temp_file_write_size 128k;
+    client_body_buffer_size 1024k;
+    server_names_hash_bucket_size 128;
+
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        '' close;
+    }
+
+    # 将 domain.com  更换成为你自己的域名, 域名解析需要支持泛域名
+    map $host $custom_des_host {
+         default $host ;
+         ~^1_([\w|-]+?)_xn--3px_([\w|-]+?)\.proxy\.domain.com$ $1.$2;
+         ~^2_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_(\w+?)\.proxy\.domain.com$ $1.$2.$3;
+         ~^3_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)\.proxy\.domain.com$ $1.$2.$3.$4;
+         ~^4_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)\.proxy\.domain.com$ $1.$2.$3.$4.$5;
+         ~^5_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)\.proxy\.domain.com$ $1.$2.$3.$4.$5.$6.$5.$6;
+    }
+    # 定制referer
+    map $http_referer $custom_des_referer {
+        default $http_origin ;
+        ~^(http|https)://1_([\w|-]+?)_xn--3px_([\w|-]+?)\.proxy\.domain.com:443/(.*)$ $1://$2.$3/$4 ;
+        ~^(http|https)://2_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_(\w+?)\.proxy\.domain.com:443/(.*)$ $1://$2.$3.$4/$5 ;
+        ~^(http|https)://3_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)\.proxy\.domain.com:443/(.*)$ $1://$2.$3.$4.$5/$6 ;
+        ~^(http|https)://4_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)\.proxy\.domain.com:443/(.*)$ $1://$2.$3.$4.$5.$6/$7 ;
+        ~^(http|https)://5_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)\.proxy\.domain.com:443/(.*)$ $1://$2.$3.$4.$5.$6.$7/$8 ;
+
+    }
+    # 定制origin
+    map $http_referer $custom_des_origin {
+        default $http_origin ;
+        ~^(http|https)://1_([\w|-]+?)_xn--3px_([\w|-]+?)\.proxy\.domain.com:443/(.*)$ $1://$2.$3/$4 ;
+        ~^(http|https)://2_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_(\w+?)\.proxy\.domain.com:443/(.*)$ $1://$2.$3.$4/$5 ;
+        ~^(http|https)://3_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)\.proxy\.domain.com:443/(.*)$ $1://$2.$3.$4.$5/$6 ;
+        ~^(http|https)://4_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)\.proxy\.domain.com:443/(.*)$ $1://$2.$3.$4.$5.$6/$7 ;
+        ~^(http|https)://5_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)_xn--3px_([\w|-]+?)\.proxy\.domain.com:443/(.*)$ $1://$2.$3.$4.$5.$6.$7/$8 ;
+    }
+
+    server {
+        listen  443 ssl http2 default_server;
+        listen  [::]:443 ssl http2 default_server;
+        # 将 domain.com  更换成为你自己的域名, 域名解析需要支持泛域名 *.proxy.domain.com
+        server_name   ~^(?<subdomain>.+)\.proxy\.domain.com$;
+
+        charset utf-8;
+
+        #access_log  logs/access.log  main;
+        # https tls  配置例子  https://ssl-config.mozilla.org/#server=nginx
+
+        ssl_certificate     /tls/wildcard.domain.com.fullchain.pem;
+        ssl_certificate_key /tls/wildcard.domain.com.key.pem;
+        ssl_session_timeout 1d;
+        ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
+        ssl_session_tickets off;
+        ssl_protocols  TLSv1.3;
+        ssl_prefer_server_ciphers off;
+
+        resolver  1.1.1.1 ipv6=off;
+
+        # 简单cookie权限验证
+        # if ( $cookie_proxy_token != "123456") {
+        #     return 401 '{"status":"401","result":"您没有权限,请联系管理员","message":"unauthorized"}';
+        # }
+
+        include conf.d/custom-proxy-header.item;
+        location / {
+
+            proxy_pass "$scheme://$custom_des_host$request_uri";
+
+            proxy_set_header Host    $custom_des_host;
+            proxy_set_header Referer $custom_des_referer;
+            proxy_set_header Origin $custom_des_origin;
+
+            proxy_ignore_headers "Set-Cookie";
+            include conf.d/hidden_proxy_headers.item;
+
+            proxy_read_timeout 30s;
+            proxy_send_timeout 30s;
+
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection  $connection_upgrade;
+            proxy_set_header        Cookie "";
+            proxy_ssl_protocols  TLSv1.2 TLSv1.3;
+            proxy_ssl_session_reuse off;
+            proxy_ssl_server_name on ;
+
+        }
+    }
+
+}

server/run-server.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+set -eux
+
+__DIR__=$(cd "$(dirname "$0")";pwd)
+cd "${__DIR__}"
+
+# tls 目录存放 https 证书
+
+docker run --rm  \
+--name nginx-proxy-server \
+-p 8081:80 \
+-p 443:443 \
+-v "${__DIR__}"/nginx-ok.conf:/etc/nginx/nginx.conf \
+-v "${__DIR__}"/custom-proxy-header.item:/etc/nginx/conf.d/custom-proxy-header.item \
+-v "${__DIR__}"/hidden_proxy_headers.item:/etc/nginx/conf.d/hidden_proxy_headers.item \
+-v "${__DIR__}"/tls:/tls/ \
+nginx:alpine

server/start.sh

@@ -0,0 +1,7 @@
+#!/bin/env bash
+
+set -exu
+
+__DIR__=$(cd "$(dirname "$0")";pwd)
+cd "${__DIR__}" &&
+docker stop nginx-proxy-server

server/stop.sh

@@ -0,0 +1,7 @@
+#!/bin/env bash
+
+set -eux
+
+__DIR__=$(cd "$(dirname "$0")";pwd)
+cd "${__DIR__}" &&
+docker start nginx-proxy-server