[Feature] Allow CSP to be bypassed in webkit/browser context

[tddebart]

Before Requesting

• [X] I found no existing issue matching my feature request
• [X] This request is related to Millennium, and not a request for a specific theme/addon

Describe the feature you'd like!

Currently if you want to do a fetch in the store/community hub window context you can't because of Steam's CSP blocking it. SFP fixes this by running Page.setBypassCSP on the webkit pages. So my request is if this can also be done in millennium or maybe some other way to communicate to the plugin from the store window context. This would help a lot with my store enhancement plugins I'm trying to make.

This error can be easily triggered by calling fetch with any url that steam doesn't allow(see error image) and if you fetch from a plugin browser js you get the more detailed error as seen in the error image.

Anything else?

Image of error:

[shdwmtr]

Millennium used to use that method, but has since been removed due to limitations in the browser space in Steam. Millennium uses a technique to intercept sources in the browser to load CSS/JS incredibly quick, which you would have probably noticed if your switching from SFP. Essentially, the CSS/JS would load before Page.setBypassCSP loads, so it wouldn't work.

I've thought about a Millennium object in the JS, to communicate with the python backend, but this doesn't fix the issues with CSS not being able to make cross origin requests.

I'm still brainstorming on a solution as of right now.