fix case that site uses meta tags instead of headers for content-security-policy

Author: binary-person

nginx.conf

@@ -270,25 +270,30 @@ http {
                 # 5. rewrite 'integrity="' to 'nointegrity=' to disable script integrity checking
                 sub_filter 'integrity="' 'nointegrity="';
 
+                # 6. disable meta tag's Content-Security-Policy
+                sub_filter 'http-equiv="Content-Security-Policy"' 'http-equiv="No-U-Content-Security-Policy"';
+
                 # do the same thing but instead of ", do '
-                # # 1.
+                # 1.
                 sub_filter "<script src='//" "<script $processed_flag_attribute src='/main/js_/$relativescheme://";
                 sub_filter "<script type='text/javascript' src='//" "<script type='text/javascript' $processed_flag_attribute src='/main/js_/$relativescheme://";
                 sub_filter "src='//" "$processed_flag_attribute src='/main/$relativescheme://";
-                # # 2.
+                # 2.
                 sub_filter "<script src='/" "<script $processed_flag_attribute src='/main/js_/$dest_hostwithscheme/";
                 sub_filter "<script type='text/javascript' src='/" "<script type='text/javascript' $processed_flag_attribute src='/main/js_/$dest_hostwithscheme/";
                 sub_filter "src='/" "$processed_flag_attribute src='/main/$dest_hostwithscheme/";
-                # # 3.
+                # 3.
                 sub_filter "<script src='https://" "<script $processed_flag_attribute src='/main/js_/https://";
                 sub_filter "<script type='text/javascript' src='https://" "<script type='text/javascript' $processed_flag_attribute src='/main/js_/https://";
                 sub_filter "src='https://" "$processed_flag_attribute src='/main/https://";
-                # # 4.
+                # 4.
                 sub_filter "<script src='http://" "<script $processed_flag_attribute src='/main/js_/http://";
                 sub_filter "<script type='text/javascript' src='http://" "<script type='text/javascript' $processed_flag_attribute src='/main/js_/http://";
                 sub_filter "src='http://" "$processed_flag_attribute src='/main/http://";
-                # # 5.
+                # 5.
                 sub_filter "integrity='" "nointegrity='";
+                # 6. disable meta tag's Content-Security-Policy
+                sub_filter "http-equiv='Content-Security-Policy'" "http-equiv='No-U-Content-Security-Policy'";
 
 
                 # insert wombat.js and wombat-handler.js scripts