From 6f8e0a3bbda0773a46fa40347d46fc84c8b7c6bb Mon Sep 17 00:00:00 2001
From: ccd0 <admin@containerchan.org>
Date: Fri, 1 Jul 2016 01:44:16 -0700
Subject: [PATCH] Make 'all websites' permission optional. #793

---
 src/meta/eventPage.coffee       | 22 ++++++++++++++++++++--
 src/meta/manifest.json          |  6 ++++--
 src/platform/CrossOrigin.coffee |  2 +-
 3 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/src/meta/eventPage.coffee b/src/meta/eventPage.coffee
index e5a107dc0..de87915e4 100644
--- a/src/meta/eventPage.coffee
+++ b/src/meta/eventPage.coffee
@@ -1,6 +1,24 @@
 requestID = 0
 
 chrome.runtime.onMessage.addListener (request, sender, sendResponse) ->
+  if request.responseType is 'arraybuffer'
+    # Cross-origin image fetching. Need permission.
+    chrome.permissions.contains
+      origins: ['*://*/']
+    , (result) ->
+      if result
+        ajax request, sender, sendResponse
+      else
+        chrome.permissions.request
+          origins: ['*://*/']
+        , ->
+          ajax request, sender, sendResponse
+    return true
+  else
+    # JSON fetching from non-HTTPS archive.
+    ajax request, sender, sendResponse
+
+ajax = (request, sender, sendResponse) ->
   id = requestID
   requestID++
   sendResponse id
@@ -10,11 +28,11 @@ chrome.runtime.onMessage.addListener (request, sender, sendResponse) ->
   xhr.responseType = request.responseType
   xhr.addEventListener 'load', ->
     if @readyState is @DONE && xhr.status is 200
-      contentType = @getResponseHeader 'Content-Type'
-      contentDisposition = @getResponseHeader 'Content-Disposition'
       {response} = @
       if request.responseType is 'arraybuffer'
         response = [new Uint8Array(response)...]
+        contentType = @getResponseHeader 'Content-Type'
+        contentDisposition = @getResponseHeader 'Content-Disposition'
       chrome.tabs.sendMessage sender.tab.id, {id, response, contentType, contentDisposition}
     else
       chrome.tabs.sendMessage sender.tab.id, {id, error: true}
diff --git a/src/meta/manifest.json b/src/meta/manifest.json
index 6685c4011..d21925bb9 100644
--- a/src/meta/manifest.json
+++ b/src/meta/manifest.json
@@ -25,7 +25,9 @@
 <% } %>  "minimum_chrome_version": "<%= meta.min.chrome %>",
   "permissions": [
     "storage",
-    "http://*/",
-    "https://*/"
+    "*://a.4cdn.org/"
+  ],
+  "optional_permissions": [
+    "*://*/"
   ]
 }
diff --git a/src/platform/CrossOrigin.coffee b/src/platform/CrossOrigin.coffee
index d4e9bcd06..de99e7083 100644
--- a/src/platform/CrossOrigin.coffee
+++ b/src/platform/CrossOrigin.coffee
@@ -14,7 +14,7 @@ CrossOrigin =
     # XXX https://forums.lanik.us/viewtopic.php?f=64&t=24173&p=78310
     url = url.replace /^((?:https?:)?\/\/(?:\w+\.)?4c(?:ha|d)n\.org)\/adv\//, '$1//adv/'
     <% if (type === 'crx') { %>
-    if /^https:\/\//.test(url) or location.protocol is 'http:'
+    if url.split('/')[...3].join('/') is "#{location.protocol}//i.4cdn.org"
       xhr = new XMLHttpRequest()
       xhr.open 'GET', url, true
       xhr.setRequestHeader key, value for key, value of headers