To help move this forward, here is a draft of how these two additional modes can be structured as native Manifest V3 declarativeNetRequest rules to append or modify the Content-Security-Policy header.1. Permissive Plus (permissive-plus)This rule modifies the response headers to remove unsafe-eval and inline WebAssembly execution from the script-src and wasm-src directives.json{
"id": 101,
"priority": 1,
"action": {
"type": "modifyHeaders",
"responseHeaders": [
{
"header": "Content-Security-Policy",
"operation": "append",
"value": "script-src 'self' 'unsafe-inline' http: https:; object-src 'none';"
}
]
},
"condition": {
"resourceTypes": ["main_frame", "sub_frame"]
}
}
Permissive Plus Plus (permissive-plus-plus)This rule enforces a lightweight sandbox via CSP headers. By explicitly omitting allow-downloads and allow-popups from the sandbox tokens, the browser automatically blocks forced files and new windows while letting the rest of the site function normally.json{
"id": 102,
"priority": 1,
"action": {
"type": "modifyHeaders",
"responseHeaders": [
{
"header": "Content-Security-Policy",
"operation": "append",
"value": "sandbox allow-scripts allow-forms allow-same-origin allow-modals allow-pointer-lock; script-src 'self' 'unsafe-inline' http: https:;"
}
]
},
"condition": {
"resourceTypes": ["main_frame", "sub_frame"]
}
}
Matrix³ UIThese rules can be mapped directly to two new toggles in the matrix grid or options menu, allowing users to activate them globally or per-domain by injecting these specific rule IDs into the active dynamic ruleset.
To help move this forward, here is a draft of how these two additional modes can be structured as native Manifest V3 declarativeNetRequest rules to append or modify the Content-Security-Policy header.1. Permissive Plus (permissive-plus)This rule modifies the response headers to remove unsafe-eval and inline WebAssembly execution from the script-src and wasm-src directives.json{
"id": 101,
"priority": 1,
"action": {
"type": "modifyHeaders",
"responseHeaders": [
{
"header": "Content-Security-Policy",
"operation": "append",
"value": "script-src 'self' 'unsafe-inline' http: https:; object-src 'none';"
}
]
},
"condition": {
"resourceTypes": ["main_frame", "sub_frame"]
}
}
Permissive Plus Plus (permissive-plus-plus)This rule enforces a lightweight sandbox via CSP headers. By explicitly omitting allow-downloads and allow-popups from the sandbox tokens, the browser automatically blocks forced files and new windows while letting the rest of the site function normally.json{
"id": 102,
"priority": 1,
"action": {
"type": "modifyHeaders",
"responseHeaders": [
{
"header": "Content-Security-Policy",
"operation": "append",
"value": "sandbox allow-scripts allow-forms allow-same-origin allow-modals allow-pointer-lock; script-src 'self' 'unsafe-inline' http: https:;"
}
]
},
"condition": {
"resourceTypes": ["main_frame", "sub_frame"]
}
}
Matrix³ UIThese rules can be mapped directly to two new toggles in the matrix grid or options menu, allowing users to activate them globally or per-domain by injecting these specific rule IDs into the active dynamic ruleset.