justjavac · justjavac · Mar 28, 2022 · Mar 2, 2022 · Mar 2, 2022 · Mar 3, 2022
diff --git a/.gitignore b/.gitignore
@@ -3,3 +3,8 @@ extension.zip
 .idea/
 .DS_Store
 Thumbs.db
+server/nginx.conf
+server/conf.d
+server/tls/*
+!server/tls/.gitkeep
+
diff --git a/extension/js/background.js b/extension/js/background.js
@@ -20,7 +20,7 @@ function hasCSP(headers = []) {
  * 响应头里CSP相关的选项
  * @type {string[]}
  */
-const removeCSP=[
+const remove_csp_item=[
     'content-security-policy',
     'content-security-policy-report-only',
     'expect-ct',
@@ -34,7 +34,26 @@ const removeCSP=[
     'permissions-policy',
     'timing-allow-origin'
 ];
-
+/**
+ * 需要移除CSP的URL
+ * @type {string[]}
+ */
+const remove_cps_urls=[
+    "*://ajax.googleapis.com/*",
+    "*://fonts.googleapis.com/*",
+    "*://themes.googleusercontent.com/*",
+    "*://fonts.gstatic.com/*",
+    "*://*.google.com/*",
+    "*://secure.gravatar.com/*",
+    "*://www.gravatar.com/*",
+    "*://maxcdn.bootstrapcdn.com/*",
+    '*://api.github.com/*',
+    '*://www.gstatic.com/*',
+    '*://stackoverflow.com/*',
+    '*://translate.googleapis.com/*',
+    "*://developers.redhat.com/*",
+    "*://cloud-soft.xieyaokun.com/*"
+]
 /**
  * 移除CSP
  * 参考文档：
@@ -52,34 +71,86 @@ chrome.webRequest.onHeadersReceived.addListener(
         tabinfo.set(details.tabId, hasCSP(details.responseHeaders)); //暂时不知道什么地方用到
         return {
             responseHeaders:details.responseHeaders.filter(
-                header =>!removeCSP.includes(header.name.toLowerCase())
+                header =>!remove_csp_item.includes(header.name.toLowerCase())
             )
         };
   },
   {
 //    urls: ["<all_urls>"],
     //需要移除CSP自己添加url
     urls: [
-        "*://ajax.googleapis.com/*",
-        "*://fonts.googleapis.com/*",
-        "*://themes.googleusercontent.com/*",
-        "*://fonts.gstatic.com/*",
-        "*://*.google.com/*",
-        "*://secure.gravatar.com/*",
-        "*://www.gravatar.com/*",
-        "*://maxcdn.bootstrapcdn.com/*",
-        '*://api.github.com/*',
-        '*://www.gstatic.com/*',
-        '*://stackoverflow.com/*',
-        '*://translate.googleapis.com/*',
-        "*://developers.redhat.com/*",
-        "*://cloud-soft.xieyaokun.com/*"
+        ...remove_cps_urls
     ],
     types: ["main_frame", "sub_frame", "stylesheet", "script", "image", "font", "object", "xmlhttprequest", "ping", "csp_report", "media", "websocket", "other"]
   },
   ["blocking", 'responseHeaders']
 );
 
+//Open Source urls
+let opensource_goole_urls=[
+    "*://*.chromium.org/*", //Chromium ChromiumOS GN
+    "*://*.googlesource.com/*", //Chromium
+    "*://summerofcode.withgoogle.com/*",
+    "https://cs.opensource.google/*", //Google Open Source
+    "https://opensource.googleblog.com/*",
+    "https://opensource.google/*",
+]
+/**
+ *   使用自己架设的 nginx服务，替换CDN地址
+ *
+ *   容器运行 nginx 脚本位于 server 目录
+ *   备注： domain.com   请更换为自己的域名
+ *
+ *   测试案例 查看chromium 源码
+ *   https://gerrit.googlesource.com/gerrit
+ *   https://www.chromium.org
+ *   https://chromium.googlesource.com/
+ *   https://source.chromium.org/chromium
+ *   https://cs.opensource.google/
+ * @param details
+ * @param proxy_provider  # 请更换为自己的域名
+ * @returns {string}
+ *
+ */
+let use_nginx_proxy = (details, proxy_provider) => {
+    // 主要是和 nginx 配合使用
+    let url = details.url.replace('http://', 'https://')
+    // 代理服务提供者 需要支持泛域名
+    // let proxy_provider = '.proxy.domain.com'
+    let middle_builder = new URL(url);
+    // 中文域名编码转换 punycode标准编码: punycode('点')= 'xn--3px'
+    //替换点. 为了正则表达式好区分 _xn--3px_仅仅是分隔符号，可以自己定义分隔符号
+    let host = middle_builder.host.replace(/\./g, '_xn--3px_');
+    //计算符号点的个数
+    let dot_nums = middle_builder.host.match(/\./g).length
+    let query_string = middle_builder.pathname + middle_builder.search
+    return "https://" + dot_nums + '_' + host + proxy_provider + query_string;
+}
+
+let suffix_doman = '.proxy.domain.com'
+let need_replace_cdn_urls = [
+    'ajax.googleapis.com',
+    'fonts.googleapis.com',
+    'themes.googleusercontent.com',
+    'fonts.gstatic.com',
+    'ssl.gstatic.com',
+    'www.gstatic.com',
+    'secure.gravatar.com',
+    'maxcdn.bootstrapcdn.com'
+]
+let cdn_urls = need_replace_cdn_urls.map((currentValue, index, arr) => {
+    return "https://" + currentValue.replace(/\./g, '-') + suffix_doman
+})
+let repace_cdn_urls = (details) => {
+    let url_obj = new URL(details.url);
+    let query_string = url_obj.pathname + url_obj.search
+    let element_postion = need_replace_cdn_urls.indexOf(url_obj.hostname);
+    if (element_postion !== -1) {
+        return cdn_urls[element_postion] + query_string;
+    }
+    return null;
+}
+
 chrome.webRequest.onBeforeRequest.addListener(
   function (details) {
     // Comment out these lines
@@ -93,6 +164,18 @@ chrome.webRequest.onBeforeRequest.addListener(
     //     return details.url;
     // }
 
+    //方法一： 使用nginx架设的服务地址替换 (支持N个域名)
+      /*
+      return {redirectUrl: use_nginx_proxy(details,suffix_doman)};
+      */
+
+    //方法二： 支持指定数目的域名
+     /*
+    let des_url;
+    if ((des_url = repace_cdn_urls(details))) {
+     return {redirectUrl: des_url};
+    }
+    */
     let url = details.url.replace("http://", "https://");
     url = url.replace("ajax.googleapis.com", "ajax.loli.net");
     url = url.replace("fonts.googleapis.com", "fonts.loli.net");
@@ -112,15 +195,18 @@ chrome.webRequest.onBeforeRequest.addListener(
   },
   {
     urls: [
-      "*://ajax.googleapis.com/*",
-      "*://fonts.googleapis.com/*",
-      "*://themes.googleusercontent.com/*",
-      "*://fonts.gstatic.com/*",
-      "*://www.google.com/recaptcha/*",
-      "*://secure.gravatar.com/*",
-      "*://www.gravatar.com/*",
-      "*://maxcdn.bootstrapcdn.com/bootstrap/*",
-
+        "*://ajax.googleapis.com/*",
+        "*://fonts.googleapis.com/*",
+        "*://themes.googleusercontent.com/*",
+        "*://fonts.gstatic.com/*",
+        "*://www.google.com/recaptcha/*",
+        "*://secure.gravatar.com/*",
+        "*://www.gravatar.com/*",
+        "*://maxcdn.bootstrapcdn.com/bootstrap/*",
+   /*
+        ...opensource_goole_urls,
+        "*://apis.google.com/*",
+   */
     ],
   },
   ["blocking"]

diff --git a/extension/test/use-self-build-cdn.js b/extension/test/use-self-build-cdn.js
@@ -0,0 +1,34 @@
+/*
+*    测试用例
+*
+*   测试步骤
+*   1.  打开 extension/js/background.js
+*   2.  修改第130行代码 ,修改结果如下：
+*   3.   let suffix_doman = '.proxy.xiaoshuogeng.com'
+*   4.  （167-175行 选择去掉相应的注释，打开调用入口）
+*   5.   (207 行 打开注释 )
+*   5.  浏览器更新扩展
+*   6.  浏览器打开:  https://summerofcode.withgoogle.com/programs/2022/organizations
+*   7.  浏览器打开:  https://source.chromium.org/chromium
+*   8.  浏览器打开:   https://gerrit.googlesource.com/gerrit
+
+*   6.  能打开成功--OK-结束！
+
+*/
+
+
+// 打开替换CDN 功能
+/*
+// extension/js/background.js （167-175行 选择去掉相应的注释）
+
+
+//方法一： 使用nginx架设的服务地址替换 (支持N个域名)
+return {redirectUrl: use_nginx_proxy(details,'.proxy.domain.com')};
+
+
+//方法二： 支持指定数目的域名
+let des_url;
+if ((des_url = repace_cdn_urls(details))) {
+     return {redirectUrl: des_url};
+}
+*/
diff --git a/server/README.md b/server/README.md
@@ -0,0 +1,21 @@
+# 使用nginx 自建 CDN 
+
+## 准备
+1. docker 
+2. docker image:  nginx:alpine
+3. TLS证书 用于支持https
+
+## nginx配置文件: server/nginx-ok.conf中，请更换domain.com为自己的域名
+## js/background.js，129行 或者 144行 请更换domain.com为自己的域名
+
+
+
+##行 nginx
+
+
+```shell
+
+bash  run-server.sh
+
+```
+
diff --git a/server/custom-proxy-header.item b/server/custom-proxy-header.item
@@ -0,0 +1,37 @@
+set $cors_origin "*";
+set $allow_credentials "true";
+
+set $origin_is_exists 0;
+
+if ( $http_origin = "null" ){
+    set $origin_is_exists 1;
+}
+
+if ( $http_origin != '' ){
+    set $origin_is_exists 1;
+}
+
+if ($origin_is_exists = 1) {
+    set $cors_origin $http_origin;
+}
+
+if ( $request_uri ~* .(eot|ttf|woff|svg|otf|woff2)$ )
+{
+    set $cors_origin "*";
+}
+
+set $custom_headers 'Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,authorization,accept-ranges,content-length,content-type,date,server,last-modified,etag,access-control-allow-credentials,access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,access-control-expose-headers,content-security-policy,content-security-policy-report-only,referrer-policy,Strict-Transport-Security';
+
+add_header Access-Control-Allow-Origin $cors_origin always;
+add_header Access-Control-Allow-Methods 'GET,HEAD,POST,PUT,DELETE,CONNECT,OPTIONS,TRACE,PATCH' always;
+add_header Access-Control-Allow-Credentials $allow_credentials always;
+
+add_header 'Access-Control-Allow-Headers' "$custom_headers";
+add_header 'Access-Control-Expose-Headers' "$custom_headers";
+#   预检请求处理
+if ( $request_method = "OPTIONS" ) {
+    return 204;
+}
+
+
+
diff --git a/server/get-nginx-default-conf.sh b/server/get-nginx-default-conf.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -eux
+__DIR__=$(cd "$(dirname "$0")";pwd)
+cd ${__DIR__}
+
+# 获得nginx 默认配置文件
+container_id=$(docker create nginx:alpine)  # returns container ID
+docker cp "$container_id":/etc/nginx/nginx.conf nginx.conf
+docker cp "$container_id":/etc/nginx/conf.d/ conf.d
+
+# shellcheck disable=SC2086
+docker rm $container_id
diff --git a/server/hidden_proxy_headers.item b/server/hidden_proxy_headers.item
@@ -0,0 +1,42 @@
+proxy_hide_header "Set-Cookie";
+proxy_hide_header 'access-control-allow-origin';
+proxy_hide_header 'content-security-policy';
+proxy_hide_header 'Content-Security-Policy';
+proxy_hide_header 'content-security-policy-report-only';
+proxy_hide_header 'Content-Security-Policy-Report-Only';
+proxy_hide_header 'expect-ct';
+proxy_hide_header 'Expect-Ct';
+proxy_hide_header 'x-content-security-policy';
+proxy_hide_header 'X-Content-Security-Policy';
+proxy_hide_header 'x-webkit-csp';
+proxy_hide_header 'X-Webkit-CSP';
+proxy_hide_header 'x-xss-protection';
+proxy_hide_header 'X-Xss-Protection';
+proxy_hide_header 'x-content-type-options';
+proxy_hide_header 'X-Content-Type-Options';
+proxy_hide_header 'permissions-policy';
+proxy_hide_header 'Permissions-Policy';
+proxy_hide_header 'x-frame-options';
+proxy_hide_header 'X-Frame-Options';
+proxy_hide_header 'cross-origin-opener-policy-report-only';
+proxy_hide_header 'Cross-Origin-Opener-Policy-Report-Only';
+proxy_hide_header 'cross-origin-embedder-policy-report-only';
+proxy_hide_header 'Cross-Origin-Embedder-Policy-Report-Only';
+proxy_hide_header 'cross-origin-opener-policy';
+proxy_hide_header 'Cross-Origin-Opener-Policy';
+proxy_hide_header 'report-to';
+proxy_hide_header 'Report-To';
+proxy_hide_header 'timing-allow-origin';
+proxy_hide_header 'Timing-Allow-Origin';
+proxy_hide_header 'nel';
+proxy_hide_header 'Nel';
+proxy_hide_header 'link';
+proxy_hide_header 'Link';
+proxy_hide_header 'referrer-policy';
+proxy_hide_header 'Referrer Policy';
+proxy_hide_header 'access-control-allow-credentials';
+#proxy_hide_header 'access-control-allow-headers';
+proxy_hide_header 'access-control-allow-methods';
+proxy_hide_header 'access-control-allow-origin';
+#proxy_hide_header 'access-control-expose-headers';
+proxy_hide_header 'alt-svc';