Closed Rjevski closed 2 years ago
What has additional testing produced? Not sure how this could happen, as the manifest.json
file does not request access to https://meet.google.com/*
:
See: Match pattern docs
I believe Safari doesn't implement the permissions
property as per the spec you listed - it seems like a permission for a top-level domain immediately gives it permissions for any and all subdomains, which is worrying but not necessarily critical. However, what seems like a proper and serious bug is that in the dev console it looks like the scripts for Google Translate, Google Maps and Search are all invoked too - here's a screenshot of the developer console when attempting to open Google Meet:
This seems to only happen when the google.com
domain permission (in Safari Preferences -> Websites -> Extensions -> Privacy Redirect) is set to "allow" while maps.google.com
, search.google.com
and translate.google.com
are set to Ask. This happens automatically if you set google.com
to "deny" (and then doesn't change back if you change it back to allow).
I am running Safari 14.1.2.
I see two options (which are not mutually exclusive):
permissions
stuff so that it only works on intended domainsI've got to look more into replicating this, first of all – I've been quite busy as of late. I'm going to look into both options for now.
@Rjevski I seem to be unable to replicate this (even after setting the "allow" and "ask" settings described). Does it still occur?
Thanks!
As there's been no update on the matter, and we have not been able to replicate this, I'm going to close this issue for now.
https://meet.google.com/*
was for some reason redirected to OpenStreetMaps - I will do more testing later on but I've had to temporarily disable the add-on so I could join a meeting.