Skip to content

Commit

Permalink
Fix extension permissions
Browse files Browse the repository at this point in the history
1. Add permission for (api.)wakatime.com on Firefox.
2. Request permission for the API URL set by the user.
3. Restrict content script to run on meet.google.com only.
   This involves some strange logic about the host permissions:
   - If an origin is listed in `content_scripts.matches`, then the
     browser shows that the extension has permission to access data on
     that website. However, the background service worker cannot send
     cross-site requests to that URL.
   - If an origin is listed in both `content_scripts.matches` and
     `optional_host_permissions`, then the background service worker can
     send cross-site requests to that URL.
   So it's not possible to inject content scripts on all websites but
   conditionally ask for cross-site request permissions for specific
   websites only.
   Now it seems that the content script only works for meet.google.com.
   More websites may be added if needed later.
   An alternative solution is to use `scripting.registerContentScripts()`
   to dynamically register content script for websites, so that users
   can reject permissions on some websites and continue to use the
   extension. This could be implemented later.

This should fix wakatime#291
  • Loading branch information
ouuan committed Nov 9, 2024
1 parent 2aa0780 commit be5b9dd
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 5 deletions.
3 changes: 2 additions & 1 deletion src/manifests/chrome.json
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
},
"content_scripts": [
{
"matches": ["<all_urls>"],
"matches": ["https://meet.google.com/*"],
"js": ["wakatimeScript.js"],
"run_at": "document_end"
}
Expand All @@ -22,6 +22,7 @@
"devtools_page": "devtools.html",
"homepage_url": "https://wakatime.com",
"host_permissions": ["https://api.wakatime.com/*", "https://wakatime.com/*"],
"optional_host_permissions": ["http://*/*", "https://*/*"],
"icons": {
"16": "graphics/wakatime-logo-16.png",
"48": "graphics/wakatime-logo-48.png",
Expand Down
3 changes: 2 additions & 1 deletion src/manifests/edge.json
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
},
"content_scripts": [
{
"matches": ["<all_urls>"],
"matches": ["https://meet.google.com/*"],
"js": ["wakatimeScript.js"],
"run_at": "document_end"
}
Expand All @@ -22,6 +22,7 @@
"devtools_page": "devtools.html",
"homepage_url": "https://wakatime.com",
"host_permissions": ["https://api.wakatime.com/*", "https://wakatime.com/*"],
"optional_host_permissions": ["http://*/*", "https://*/*"],
"icons": {
"16": "graphics/wakatime-logo-16.png",
"48": "graphics/wakatime-logo-48.png",
Expand Down
5 changes: 3 additions & 2 deletions src/manifests/firefox.json
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
},
"content_scripts": [
{
"matches": ["<all_urls>"],
"matches": ["https://meet.google.com/*"],
"js": ["wakatimeScript.js"],
"run_at": "document_end"
}
Expand All @@ -38,6 +38,7 @@
"chrome_style": false,
"page": "options.html"
},
"permissions": ["alarms", "tabs", "storage", "activeTab"],
"permissions": ["alarms", "tabs", "storage", "activeTab", "https://api.wakatime.com/*", "https://wakatime.com/*"],
"optional_permissions": ["http://*/*", "https://*/*"],
"version": "4.0.9"
}
7 changes: 6 additions & 1 deletion src/utils/settings.ts
Original file line number Diff line number Diff line change
Expand Up @@ -81,5 +81,10 @@ export const getSettings = async (): Promise<Settings> => {
};

export const saveSettings = async (settings: Settings): Promise<void> => {
return browser.storage.sync.set(settings);
// permissions.request must be the first await, not after the browser.storage.sync.set
// See https://stackoverflow.com/a/47729896/12601364
await browser.permissions.request({
origins: [`${settings.apiUrl}/*`],
});
await browser.storage.sync.set(settings);
};

0 comments on commit be5b9dd

Please sign in to comment.