Google-chrome – How to relax Content Security Policy in Chrome

google-chromehttp

Lately, some websites such as Facebook use the Content Security Policy (CSP) to restrict loading of scripts from "untrusted sources". For example, when requesting Facebook HTML content (e.g. https://www.facebook.com ), Facebook's HTTP response includes the following response header:

x-webkit-csp:default-src *;script-src https://*.facebook.com http://*.facebook.com https://*.fbcdn.net http://*.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl 'unsafe-inline' 'unsafe-eval' https://*.akamaihd.net http://*.akamaihd.net;style-src * 'unsafe-inline';connect-src https://*.facebook.com http://*.facebook.com https://*.fbcdn.net http://*.fbcdn.net *.facebook.net *.spotilocal.com:* https://*.akamaihd.net ws://*.facebook.com:* http://*.akamaihd.net;

This has impact on some bookmarklets which require to load and execute Javascript libraries from untrusted sources.

For example, whenever I try to run the Show Anchors bookmarklet on a Facebook page, execution of this bookmarklet fails as it tries to load jQuery from an untrusted source. In Chrome's Developer console, it will say:

Refused to load the script 'http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js' because it violates the following Content Security Policy directive: "script-src https://*.facebook.com http://*.facebook.com https://*.fbcdn.net http://*.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl 'unsafe-inline' 'unsafe-eval' https://*.akamaihd.net http://*.akamaihd.net".

I've found a Chrome documentation page about this topic, but it only applies to Chrome extensions.

I'm looking for solutions that allow me to

either for a single time deactivate CSP
or permanently whitelist my trusted sources.

Best Answer

Methods Endorsed by Chrome Apps

Use templating libraries

Use a library that offers precompiled templates and you’re all set. You can still use a library that doesn’t offer precompilation, but it will require some work on your part and there are restrictions.

You will need to use sandboxing to isolate any content that you want to do ‘eval’ things to. Sandboxing lifts CSP on the content that you specify.

Sandbox local content

Sandboxing allows specified pages to be served in a sandboxed, unique origin. These pages are then exempt from their Content Security Policy. Sandboxed pages can use iframes, inline scripting, and eval() (and the last two are the ones being prevented). That'll fix 'unsafe-inline' and 'unsafe-eval'.

Use inline scripts in sandbox
Include sandbox in manifest

Access remote resources

You can fetch remote resources via XMLHttpRequest and serve them via blob:, data:, or filesystem: URLs. This should fix the jQuery fetching issue.

Manifest requirement

To be able to do cross-origin XMLHttpRequests, you'll need to add a permission for the remote URL's host.

Cross-origin `XMLHttpRequest`

Fetch the remote URL into the app and serve its contents as a blob: URL.

I don't think you can do any of these. To fix the unsafe-eval and unsafe-inline response headers, only the script owner can fix the code or if it's in public domain, you can fix it. All this is probably a one-time fix.

Hacks

UnsafeWindow

http://wiki.greasespot.net/UnsafeWindow

Content Script Injection

http://wiki.greasespot.net/Content_Script_Injection

The hacks however have downsides because they've known to cause security holes atleast the first one, definitely.

Change the Chrome cache size

The cache size is not fixed; rather, it can change dynamically:

#28 rvargas@chromium.org

The default size is calculated at start time and depends on the available disk space in the volume where the cache is located.

We try hard to use at least 80 [MiB], with the size growing slowly until it caps at about 320 [MiB] (for 32 [GiB] free).

This is of course subject to change depending on overall measured performance.

_{Source: Issue 96264 - chromium - Implement a policy to clear browser cache on shut down}

The behavior described above still applies as of version 35.0.1916.153. The cache size will also determine the maximum size for cached files, which is 1/8 of the total amount in bytes. Anything bigger won't be cached on the disk.

Chrome doesn't provide a way to change its cache size through the user interface. In order to override the default limit you either need to use a specific switch/flag or enable a group policy setting.

Before proceeding, make sure empty the entire cache and then close the browser. To check whether the changes were applied successfully you can use this internal page afterwards:

chrome://net-internals/#httpCache

Using a command-line switch

Copy the Google Chrome application shortcut, and paste it to the desktop.
Right-click the pasted shortcut, and choose Properties from the context menu.
Edit the Target field by adding a space character and the following switch at the very end:
```
--disk-cache-size=<amount in bytes>
```
For example, to set a 32 MiB limit (33554432 bytes) the ending part should look like this:
```
chrome.exe --disk-cache-size=33554432
```
Click OK to apply the changes. Whenever you need to start Chrome, use the modified shortcut.

Through the Group Policy Editor

Note The following steps apply to Windows Vista and later. Only Business/Professional/Pro or higher editions are supported.

Log on with an administrator account.
Download the official policy templates.
Open the download archive (e.g. using 7-Zip). Navigate to the windows folder, and extract the admx folder somewhere.
The admx folder contains different subfolders named after a culture name which contain localization strings. There's also a chrome.admx file which is the actual template. Copy it in the PolicyDefinitions folder, which is usually located here:
```
 C:\Windows\PolicyDefinitions
```
Then copy the chrome.adml localization file matching the system locale in the corresponding PolicyDefinitions subfolder.
Start gpedit.msc.
Navigate to Computer Configuration > Administrative Templates > Google > Google Chrome.
Double-click the Set disk cache size in bytes setting, enable it, and choose the desired amount. Click OK when you're done.

At least Windows XP SP2.

Configures the cache size that Google Chrome will use for storing cached files on the disk.

If you set this policy, Google Chrome will use the provided cache size regardless whether the user has specified the --disk-cache-size flag or not. The value specified in this policy is not a hard boundary but rather a suggestion to the caching system, any value below a few megabytes is too small and will be rounded up to a sane minimum.

If the value of this policy is 0, the default cache size will be used but the user will not be able to change it.

If this policy is not set the default size will be used and the user will be able to override it with the --disk-cache-size flag.

_{Source: Policy List - The Chromium Projects}

Additional information

In case the cache folder takes more space than reported, that means there are some leftovers that were left behind. The easiest way to get rid of them is to close the browser, and manually delete all cached files. A brand new cache will be created next time the browser is started.

When it comes to group policies, manually editing the registry is not supported:

Note: starting with Chrome 28, policies are loaded directly from the Group Policy API on Windows. Policies manually written to the registry will be ignored. See http://crbug.com/259236 for details.

Starting with Google Chrome 35, policies are read directly from the registry if the workstation is joined to an Active Directory domain; otherwise the policies are read from GPO.

_{Source: Policy List - The Chromium Projects}

This can be confirmed by Process Monitor. Whether it's intentional or not, there are a few exceptions:

HKEY_CURRENT_USER\Software\Policies\Google\Chrome\MetricsReportingEnabled
HKEY_CURRENT_USER\Software\Policies\Google\Chrome\UserDataDir
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\MetricsReportingEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\UserDataDir
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update\Update{8A69D345-D564-463c-AFF1-A69D9E530F96}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update\UpdateDefault
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome\MetricsReportingEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome\UserDataDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Update\Update{8A69D345-D564-463c-AFF1-A69D9E530F96}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Update\UpdateDefault

Aside from the main HTTP cache, Chrome also use other folders which can take extra space:

Application Cache - HTML5 Application Cache
GPUCache - GPU shader cache
IndexedDB - HTML5 Indexed Database
Media Cache - Multimedia-optimized cache (audio and video clips)
Local Storage / Session Storage - Web storage cache
PnaclTranslationCache - Portable Native Client Translation Cache

The media cache can be limited to a fixed amount of bytes either using a switch or by enabling the related policy setting. You can't really limit the application cache or the GPU shader cache; you can just disable them through switches. There's no way to tweak the rest.

Testing the cache limit

Here's the procedure I followed before running the tests below:

Install Chrome.
Ensure the volume where the Cache folder is stored has more than 32 GiB of free space.
Set the homepage to about:blank to prevent a dirty cache on startup.
Clear all cached images and files from the beginning of time.
Close the browser.

All results shown are for Chrome version 34.0.1847.137 running on Windows 7 SP1 x86 (32-bit). The cache was emptied before each test, and there were no noticeable differences in cache behavior when using latest Chrome version.

Batch script

To automate the tests I created a batch script:

@echo off
setlocal
setlocal enabledelayedexpansion

set exePath=%localappdata%\Google\Chrome\Application

if not "%~1" == "" (
start "%~n0" /d "%exePath%" "chrome.exe" "%~1"
pause >nul
)

pushd "%~dp0"
set /a counter=1

for /f "usebackq" %%G in (`findstr /i "^https*://" "samples.txt"`) do (
echo Load sample !counter!
start "%~n0" /d "%exePath%" "chrome.exe" "%%~G"
set /a counter += 1
pause >nul
)

popd
endlocal
pause & exit /b

It has only one parameter, which is used to start Chrome with specific flags. The script parses a samples.txt file, collecting all the URLs and open them one at a time. When each sample has finished loading and rendering, press any key to load the next one. The executable path might need to be adjusted.

Test A1

The goal of the test is to check whether the maximum cache size is a true boundary. The fastest way to prove that is to load some image-filled website: as long as there's enough content, you should quickly reach the cache limit.

Flags

None

Samples

http://www.tumblr.com/search/gif+1
http://www.tumblr.com/search/gif+2
http://www.tumblr.com/search/gif+3
http://www.tumblr.com/search/gif+4
http://www.tumblr.com/search/gif+5
http://www.tumblr.com/search/gif+6
http://www.tumblr.com/search/gif+7
http://www.tumblr.com/search/gif+8

Results

After loading hundreds of files, the cache size was 334128469 bytes (about 318.65 MiB). The trim counter was set to 0x15c, meaning over 300 of the oldest entries were discarded to make room for new ones.

Cache type: Blockfile Cache
Create error: 0x0
Create hit: 0xa8
Create miss: 0x0
Current size: 334128469
Doom cache: 0x0
Doom entry: 0x3c
Doom recent entries: 0x0
Entries: 833
Fatal error: 0x0
Get rankings: 0x0
Invalid entry: 0x0
Last report: 0x2e5b3bec502446
Last report timer: 0x0
Max entries: 0x1a
Max size: 335544320
Open entries: 0x9
Open hit: 0x34
Open miss: 0xad
Open rankings: 0x39c68
Pending IO: 0
Read data: 0x4db
Resurrect hit: 0x2
Size00: 0x0000052f
Size01: 0x00000005
Size02: 0x00000017
Size03: 0x00000014
Size04: 0x00000002
Size05: 0x00000001
Size06: 0x00000004
Size07: 0x00000005
Size08: 0x00000002
Size09: 0x00000003
Size10: 0x00000004
Size11: 0x00000009
Size12: 0x0000001a
Size13: 0x00000019
Size14: 0x00000012
Size15: 0x00000006
Size16: 0x00000020
Size17: 0x00000013
Size18: 0x00000012
Size19: 0x00000032
Size20: 0x00000074
Size21: 0x00000083
Size22: 0x00000000
Size23: 0x00000000
Size24: 0x00000000
Size25: 0x00000000
Size26: 0x00000000
Size27: 0x00000000
Timer: 0xe
Trim entry: 0x15c
Write data: 0x4c171
unused: 0x0

Test A2

Just like test A1, with a twist: the cache gets limited to 32 MiB.

Flags

--disk-cache-size=33554432

Samples

Same as test A1.

Results

The cache reached a total size of about 31.74 MiB. Compared to test A1, a tighter limit generated definitely less cached entries, and more discarded ones.

Cache type: Blockfile Cache
Create error: 0x0
Create hit: 0xb6
Create miss: 0x0
Current size: 33280014
Doom cache: 0x0
Doom entry: 0x2f5
Doom recent entries: 0x0
Entries: 139
Fatal error: 0x0
Get rankings: 0x0
Invalid entry: 0x0
Last report: 0x2e5b3c19894813
Last report timer: 0x0
Max entries: 0x18
Max size: 33554432
Open entries: 0x9
Open hit: 0x4f
Open miss: 0xb9
Open rankings: 0x34e76
Pending IO: 0
Read data: 0x4d6
Resurrect hit: 0x1
Size00: 0x000000e5
Size01: 0x00000005
Size02: 0x00000010
Size03: 0x00000006
Size04: 0x00000000
Size05: 0x00000001
Size06: 0x00000003
Size07: 0x00000003
Size08: 0x00000001
Size09: 0x00000002
Size10: 0x00000002
Size11: 0x00000000
Size12: 0x00000002
Size13: 0x00000003
Size14: 0x00000001
Size15: 0x00000002
Size16: 0x00000006
Size17: 0x00000008
Size18: 0x00000002
Size19: 0x00000006
Size20: 0x00000010
Size21: 0x0000000a
Size22: 0x00000000
Size23: 0x00000000
Size24: 0x00000000
Size25: 0x00000000
Size26: 0x00000000
Size27: 0x00000000
Timer: 0xe
Trim entry: 0x2fc
Write data: 0x4239f
unused: 0x0

Test B1

While shrinking the cache to 32 MiB, five image samples are loaded. Their size range from 16 MiB to 1 MiB halving each time, minus 0.5% to account rounding errors. For example, to search a 15.92 MiB image I used the following search query:

jpeg "file size 15.92 mb" site:wikimedia.org

As the cache is set to 32 MiB, each entry is limited to 4 MiB.

Flags

--disk-cache-size=33554432

Samples

http://upload.wikimedia.org/wikipedia/commons/b/ba/Langesund_og_Lang%C3%B8ya_01.jpg
http://upload.wikimedia.org/wikipedia/commons/9/9d/Balloons_of_Happiness.jpg
http://upload.wikimedia.org/wikipedia/commons/1/1e/Kannonzaki_01.jpg
http://upload.wikimedia.org/wikipedia/commons/5/51/Fraser_Ship_Yard_tug_boat%3B_Superior_WI_-b.jpg
http://upload.wikimedia.org/wikipedia/commons/4/46/Val%C3%A8ncia_micalet.jpg

Results

Out of the five samples, just three of them were actually cached.

Cache type: Blockfile Cache
Create error: 0x0
Create hit: 0x5
Create miss: 0x0
Current size: 7305845
Doom cache: 0x0
Doom entry: 0x2
Doom recent entries: 0x0
Entries: 3
Fatal error: 0x0
Get rankings: 0x0
Invalid entry: 0x0
Last report: 0x2e5b3c78282e93
Last report timer: 0x0
Max entries: 0x0
Max size: 33554432
Open entries: 0x0
Open hit: 0x0
Open miss: 0x5
Open rankings: 0xa
Pending IO: 0
Read data: 0x0
Resurrect hit: 0x0
Size00: 0x00000006
Size01: 0x00000000
Size02: 0x00000000
Size03: 0x00000000
Size04: 0x00000000
Size05: 0x00000000
Size06: 0x00000000
Size07: 0x00000000
Size08: 0x00000000
Size09: 0x00000000
Size10: 0x00000000
Size11: 0x00000000
Size12: 0x00000000
Size13: 0x00000000
Size14: 0x00000000
Size15: 0x00000000
Size16: 0x00000000
Size17: 0x00000000
Size18: 0x00000000
Size19: 0x00000000
Size20: 0x00000001
Size21: 0x00000001
Size22: 0x00000001
Size23: 0x00000002
Size24: 0x00000000
Size25: 0x00000000
Size26: 0x00000000
Size27: 0x00000000
Timer: 0x1
Trim entry: 0x0
Write data: 0x1e74
unused: 0x0

Test B2

Similar to test B1 without cache-tweaking flags.

Flags

None

Samples

Same as test B1.

Results

Unlike test B1, all five samples were cached. The cache size reached about 30.84 MiB, which was the expected amount.

Cache type: Blockfile Cache
Create error: 0x0
Create hit: 0x5
Create miss: 0x0
Current size: 32341906
Doom cache: 0x0
Doom entry: 0x0
Doom recent entries: 0x0
Entries: 5
Fatal error: 0x0
Get rankings: 0x0
Invalid entry: 0x0
Last report: 0x2e5b3c6aae7b97
Last report timer: 0x0
Max entries: 0x0
Max size: 335544320
Open entries: 0x0
Open hit: 0x0
Open miss: 0x5
Open rankings: 0x4
Pending IO: 0
Read data: 0x0
Resurrect hit: 0x0
Size00: 0x0000000a
Size01: 0x00000000
Size02: 0x00000000
Size03: 0x00000000
Size04: 0x00000000
Size05: 0x00000000
Size06: 0x00000000
Size07: 0x00000000
Size08: 0x00000000
Size09: 0x00000000
Size10: 0x00000000
Size11: 0x00000000
Size12: 0x00000000
Size13: 0x00000000
Size14: 0x00000000
Size15: 0x00000000
Size16: 0x00000000
Size17: 0x00000000
Size18: 0x00000000
Size19: 0x00000000
Size20: 0x00000001
Size21: 0x00000001
Size22: 0x00000001
Size23: 0x00000001
Size24: 0x00000001
Size25: 0x00000000
Size26: 0x00000000
Size27: 0x00000000
Timer: 0x1
Trim entry: 0x0
Write data: 0x2c6a
unused: 0x0

Google-chrome – Chrome Policy List on Fedora

Yes, I just noticed this too (and I'm pretty miffed)!

Delete

    /etc/opt/chrome/policies/managed/00_gssapi.json

Best Answer

Methods Endorsed by Chrome Apps

Use templating libraries

Sandbox local content

Access remote resources

Manifest requirement

Cross-origin XMLHttpRequest

Hacks

UnsafeWindow

Content Script Injection

Related Solutions

Google-chrome – Why doesn’t Chrome respect the DiskCacheSize policy

Change the Chrome cache size

Using a command-line switch

Through the Group Policy Editor

Additional information

Further reading

Testing the cache limit

Batch script

Test A1

Flags

Samples

Results

Test A2

Flags

Samples

Results

Test B1

Flags

Samples

Results

Test B2

Flags

Samples

Results

Google-chrome – Chrome Policy List on Fedora

Related Question

Cross-origin `XMLHttpRequest`