The biggest issue right now is that they still haven't implemented an
official way to edit the body of a request. However, there is one alternate
solution that seems promising.
This solution involves editing the content security policy headers of
requests to allow either blob URLs or data URLs to load.
Specifically, I'm trying to edit the "script-src" keyword's section under
the "content-security-policy" header by appending "blob:" and "data:" . It
then adds a listener to script requests and then redirects them all to a
"data:" URL of a blob containing 'console.log("it worked");'.
Currently I am having trouble with the details of implementing this and I
would appreciate advice from anyone who knows how CSP headers work better
than I do.
