search

4as / ChatGPT-DeMod

Tampermonkey/Greasemonkey script that hides the moderation results when communicating with ChatGPT.
GNU General Public License v2.0
420 stars 59 forks source link

Flagged and blocked on Kiwi Browser #55

Closed maromalo closed 1 month ago

maromalo commented 5 months ago

Using 4.6 on android, the DeMod tab shows up as normal but messages are still flagged or hidden.

On Brave for Windows it works as intended so I'm assuming it's isolated to Kiwi Browser.

One error on console, although it shows up on Brave as well:

userscript.html?name=ChatGPT-DeMod.user.js&id=1f76e0e5-0147-43aa-8d19-35fd63abbfb2:721 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src-elem 'self' 'nonce-X' 'sha256-RvbVrdDS11FSnQaULCOgXPA5u0nMP2Im1d2pGiRBGC4=' 'sha256-eMuh8xiwcX72rRYNAGENurQBAcH7kLlAUQcoOri3BIo=' auth0.openai.com [...] wss://*.chatgpt.com/". Either the 'unsafe-inline' keyword, a hash ('sha256-IEu8xlZ9UcuqsJDkEtdNA6fzRuwrJjyZH9AmJxWJcxk='), or a nonce ('nonce-...') is required to enable inline execution.

Logs "DeMod interceptor is ready" on console but nothing else when messages are received and/or blocked.

4as commented 5 months ago

Browsers are moving to Manifest V3 and one of the things it changes is the improved security, which means better script injection prevention. This is why Safari is no longer supported, as with the latest version the Userscripts extension no longer works on ChatGPT. I suspect this is what might be happening here as well, especially since the error you included is the same exact error that shows up on Safari.

gunbuilderguy commented 2 months ago

seems to be happening on yandex too, hours ago it seemed to work but now it's a no-go Refused to execute inline script because it violates the following Content Security Policy directive: "script-src-elem 'self' 'nonce-c50dcbea-df62-47a8-9481-f379b0cef59f' 'sha256-eMuh8xiwcX72rRYNAGENurQBAcH7kLlAUQcoOri3BIo=' auth0.openai.com challenges.cloudflare.com chatgpt.com/ces https://*.chatgpt.com https://*.chatgpt.com/ https://*.oaistatic.com https://apis.google.com https://chat.openai.com https://chatgpt.com https://chatgpt.com/ https://chatgpt.com/backend-anon https://chatgpt.com/backend-api https://chatgpt.com/backend/se https://chatgpt.com/graphql https://chatgpt.com/public-api https://chatgpt.com/voice https://docs.google.com https://js.live.net/v7.2/OneDrive.js https://oaistatic.com https://snc.apps.openai.com https://tcr9i.chat.openai.com https://tcr9i.chatgpt.com/ https://www-onepick-opensocial.googleusercontent.com wss://*.chatgpt.com wss://*.chatgpt.com/". Either the 'unsafe-inline' keyword, a hash ('sha256-IEu8xlZ9UcuqsJDkEtdNA6fzRuwrJjyZH9AmJxWJcxk='), or a nonce ('nonce-...') is required to enable inline execution.