Request additional permissions immediately on clicking 'Post from URL' and only then. #2230

src/Posting/QR.coffee

@@ -430,6 +430,7 @@ QR =
   handleUrl: (urlDefault) ->
     QR.open()
     QR.selected.preventAutoPost()
+    CrossOrigin.permission ->
       url = prompt 'Enter a URL:', urlDefault
       return if url is null
       QR.nodes.fileButton.focus()

src/meta/eventPage.coffee

@@ -8,25 +8,19 @@ chrome.runtime.onMessage.addListener (request, sender, sendResponse) ->
     chrome.tabs.sendMessage sender.tab.id, {id, data: response}
 
 handlers =
-  ajax: (request, cb) ->
+  permission: (request, cb) ->
-    if request.responseType is 'arraybuffer'
-      # Cross-origin image fetching. Need permission.
     chrome.permissions.contains
       origins: ['*://*/']
     , (result) ->
       if result
-          ajax request, cb
+        cb()
       else
         chrome.permissions.request
           origins: ['*://*/']
         , ->
-            ajax request, cb
+          cb()
-      return true
-    else
-      # JSON fetching from non-HTTPS archive.
-      ajax request, cb
 
-ajax = (request, cb) ->
+  ajax: (request, cb) ->
     xhr = new XMLHttpRequest()
     xhr.open 'GET', request.url, true
     xhr.responseType = request.responseType

src/platform/CrossOrigin.coffee

@@ -131,3 +131,11 @@ CrossOrigin =
         else
           failure url
       <% } %>
+
+  permission: (cb) ->
+    <% if (type === 'crx') { %>
+    eventPageRequest {type: 'permission'}, -> cb()
+    <% } %>
+    <% if (type === 'userscript') { %>
+    cb()
+    <% } %>