lolamtisch
commented
4 months ago @AliceDTRH Permissions wise there is no difference to the version prior, it is just called different in manifest v3: Old Version: https://github.com/MALSync/MALSync/blob/0.9.8/webpackConfig/webextension.assets.js#L152-L153 and is not statically defined like in the new version. old version: https://github.com/MALSync/MALSync/blob/0.9.8/src/background.ts#L208C1-L224C3
Permissions are always frased for the worsed case which in 99% is not true. The declarativeNetRequest api is just to edit webrequests. We do not use the api dynamically, only the static defined version you linked.
Explanation:
"action": {
"type": "modifyHeaders",
"requestHeaders": [{
"header": "user-agent",
"operation": "set",
"value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"
}]
},This only overrides the user-agent to apear like it is a desktop. This is necessary because on mobile (android firefox), mal always returns the mobile version of the website, but we need the desktop version to get the necessary infos from it.
"condition": {
"urlFilter": "https://myanimelist.net/*",
"resourceTypes": ["xmlhttprequest"]
}This makes sure that it only hits mal and only when doing requests in the background. So the any page in the permission text is wrong in this case, as it only hits mal and only to change the user-agent.
I hope this somehow makes sense to you, if not ask and I will clarify it more.
Pinefone
Suggestion
First, thank you for all the hard work on this project—it's greatly appreciated!
I noticed that commit https://github.com/MALSync/MALSync/commit/5cf78948969a5d700fdcc546303a9577628e3520 adds
declarativeNetRequest. Firefox indicates that this permission allows the extension to "block content on any page". Is there any way to use a more specific permission instead? It sounds like a pretty broad permission.Thank you for your time and consideration. Apologies if this is a silly concern.