🚀 YTPro v3.95 – CSP Patch & Major Fixes
YouTube recently rolled out an updated Content Security Policy (CSP). While it enhances protection against XSS attacks, it unfortunately blocked the external CDNs used by YTPro, causing unexpected malfunctions. Since such changes take time to fully propagate on YouTube’s side, reproducing the issue initially was difficult—but once identified, a patch was deployed.
Because CSP blocks all external script requests that aren’t whitelisted in YouTube’s headers, the only feasible workaround was using shouldInterceptRequest(). With this approach, YTPro fetches requests that appear to originate from youtube.com (allowed by the browser) and injects/manipulates them inside shouldInterceptRequest().
Fully disabling CSP wasn’t possible, so this solution has been implemented. If you find a better or cleaner method, feel free to open a PR.
🔧 Bug Fixes & Improvements
- Fixed the settings icon bug
- Resolved the CSP-related script blocking issue
- Repaired the download function and used the same CSP-bypass method to fetch deciphering modules for downloadable URLs
- Fixed volume & brightness gestures in the Shorts tab (they overlapped with UI buttons) by removing gesture overlays entirely in that tab
- Added an option to enable/disable the Miniplayer gesture
📌 Full Changelog
Tip
For the latest updates and patches, download the nightly builds—they're often more stable than the official releases.
Enjoy the update 😴