Make 'all websites' permission optional. #793

2016-07-01 01:44:16 -07:00 · 2016-07-01 01:44:16 -07:00 · 6f8e0a3bbd
commit 6f8e0a3bbd
parent e827b63336
3 changed files with 25 additions and 5 deletions
--- a/src/meta/eventPage.coffee
+++ b/src/meta/eventPage.coffee
@ -1,6 +1,24 @@
 requestID = 0

 chrome.runtime.onMessage.addListener (request, sender, sendResponse) ->
+  if request.responseType is 'arraybuffer'
+    # Cross-origin image fetching. Need permission.
+    chrome.permissions.contains
+      origins: ['*://*/']
+    , (result) ->
+      if result
+        ajax request, sender, sendResponse
+      else
+        chrome.permissions.request
+          origins: ['*://*/']
+        , ->
+          ajax request, sender, sendResponse
+    return true
+  else
+    # JSON fetching from non-HTTPS archive.
+    ajax request, sender, sendResponse
+
+ajax = (request, sender, sendResponse) ->
  id = requestID
  requestID++
  sendResponse id
@ -10,11 +28,11 @@ chrome.runtime.onMessage.addListener (request, sender, sendResponse) ->
  xhr.responseType = request.responseType
  xhr.addEventListener 'load', ->
    if @readyState is @DONE && xhr.status is 200
-      contentType = @getResponseHeader 'Content-Type'
-      contentDisposition = @getResponseHeader 'Content-Disposition'
      {response} = @
      if request.responseType is 'arraybuffer'
        response = [new Uint8Array(response)...]
+        contentType = @getResponseHeader 'Content-Type'
+        contentDisposition = @getResponseHeader 'Content-Disposition'
      chrome.tabs.sendMessage sender.tab.id, {id, response, contentType, contentDisposition}
    else
      chrome.tabs.sendMessage sender.tab.id, {id, error: true}
--- a/src/meta/manifest.json
+++ b/src/meta/manifest.json
@ -25,7 +25,9 @@
 <% } %>  "minimum_chrome_version": "<%= meta.min.chrome %>",
  "permissions": [
    "storage",
-    "http://*/",
-    "https://*/"
+    "*://a.4cdn.org/"
+  ],
+  "optional_permissions": [
+    "*://*/"
  ]
 }
--- a/src/platform/CrossOrigin.coffee
+++ b/src/platform/CrossOrigin.coffee
@ -14,7 +14,7 @@ CrossOrigin =
    # XXX https://forums.lanik.us/viewtopic.php?f=64&t=24173&p=78310
    url = url.replace /^((?:https?:)?\/\/(?:\w+\.)?4c(?:ha|d)n\.org)\/adv\//, '$1//adv/'
    <% if (type === 'crx') { %>
-    if /^https:\/\//.test(url) or location.protocol is 'http:'
+    if url.split('/')[...3].join('/') is "#{location.protocol}//i.4cdn.org"
      xhr = new XMLHttpRequest()
      xhr.open 'GET', url, true
      xhr.setRequestHeader key, value for key, value of headers