Closed Rjevski closed 2 years ago
FIGBERT
commented
3 years ago What has additional testing produced? Not sure how this could happen, as the manifest.json file does not request access to https://meet.google.com/*:
See: Match pattern docs
Rjevski
commented
3 years ago I believe Safari doesn't implement the permissions property as per the spec you listed - it seems like a permission for a top-level domain immediately gives it permissions for any and all subdomains, which is worrying but not necessarily critical. However, what seems like a proper and serious bug is that in the dev console it looks like the scripts for Google Translate, Google Maps and Search are all invoked too - here's a screenshot of the developer console when attempting to open Google Meet:
This seems to only happen when the google.com domain permission (in Safari Preferences -> Websites -> Extensions -> Privacy Redirect) is set to "allow" while maps.google.com, search.google.com and translate.google.com are set to Ask. This happens automatically if you set google.com to "deny" (and then doesn't change back if you change it back to allow).
I am running Safari 14.1.2.
FIGBERT
commented
3 years ago I see two options (which are not mutually exclusive):
permissions stuff so that it only works on intended domainsI've got to look more into replicating this, first of all – I've been quite busy as of late. I'm going to look into both options for now.
jacobneplokh
commented
2 years ago @Rjevski I seem to be unable to replicate this (even after setting the "allow" and "ask" settings described). Does it still occur?
Thanks!
FIGBERT
commented
2 years ago As there's been no update on the matter, and we have not been able to replicate this, I'm going to close this issue for now.
https://meet.google.com/*was for some reason redirected to OpenStreetMaps - I will do more testing later on but I've had to temporarily disable the add-on so I could join a meeting.