Restrict website access for extension

[dantman]

This extension has a fixed list of sites it supports listed in the handlers, instead of requesting permission to inject scripts into every site on the internet. How about limiting the content_scripts.matches to just the sites the handlers use.

If you don't want to have to manually add things when adding a new handler, one idea would be to move the accepts portion of handlers into a json file defining url patterns. Then the media handlers would use the json file and do matching the same way as Chrome. And a build script could copy the url patterns into the manifest files automatically.

[dantman]

Bonus idea, Chrome supports optional permissions. So it's possible to instead require just the base permissions, and only ask for permissions for specific websites when the user actually visits a page on that site. We could even avoid the need to ask for complete access to amazon shopping when all we want is prime video (and avoid popping up the permissions request when shopping).

[dantman]

Actually, I don't know if it works on Firefox, but on Chrome we don't actually have to go that far.

https://developer.chrome.com/apps/permissions

If you want to request hosts that you only discover at runtime, include "http://*/" and/or "https://*/" as an optional_permission. This lets you specify any origin in Permissions.origins as long as it has a matching scheme.

That means we don't have to list all sites up front. We can call all urls as optional, and if a user actually uses a anime site we can request permission for just that site.

[TSedlar]

I've restricted it with the latest commit ace72e0, and renamed it to anitrack, while adding support for kitsu.io