Right now the only required host permission is https://*.dandanplay.net/*. Other host permissions are requested when user creates mount configs for their websites, and removed when the configs are deleted.
This creates a problem where required permission might be inadvertently removed by the user:
User creates a mount config with pattern *//*/*
The permission for *//*/* is requested and added
When the mount config is removed, the pattern *//*/* is removed, but it will also remove all other host permissions because *//*/* matches everything else.
The extension stops working because the required permission https://*.dandanplay.net/* is also removed.
We should not allow user to modify host permission in the UI and instead request for *://*/* permission at install time. We can still dynamically inject the content script only into websites specified in mount configs.
Mr-Quin
commented
6 months ago
Continued from #17
Right now the only required host permission is
https://*.dandanplay.net/*. Other host permissions are requested when user creates mount configs for their websites, and removed when the configs are deleted. This creates a problem where required permission might be inadvertently removed by the user:*//*/**//*/*is requested and added*//*/*is removed, but it will also remove all other host permissions because*//*/*matches everything else.https://*.dandanplay.net/*is also removed.We should not allow user to modify host permission in the UI and instead request for
*://*/*permission at install time. We can still dynamically inject the content script only into websites specified in mount configs.