Lichess. org problem
So doing this
Lichess also has a response header cross-origin-opener-policy on some of their pages (Analysis board for example), which blocks the opened window from working due to CORS. This can be bypassed by removing the header with a browser extension (e.g. Simple Modify Headers for Chrome or Firefox).
was not a problem, but then again there's this:
To be able connect to a websocket, a site must not have restricted content security policy (CSP), specifically connect-src. Fortunately this can be bypassed by opening a new window, which does not have CSP, and communicating through window objects in javascript.
and I have no idea whatsoever how to execute this, so can sb please give me a step by step instruction with images?