Support for on premise github instances

[hanny24]

It would be nice to support on premise instances of Github as well. Perhaps some sort of configuration option that allows users to list all URL patterns?

Thanks!

[hediet]

I fear that this will be difficult, as browser extensions need to list every site they want to access for security reasons. I could publish a second browser extension with access to * though. This would mean that it potentially could read online banking credentials...

I'm very concerned about security and I'm open for suggestions! I don't want to get an heart attack if I accidentally install a malicious npm package that somehow manages to read my Google dev account credentials.

[jzabroski]

@hediet No to *.

There is a known vulnerability in Google Chrome plug-ins around that, which allows for a Confused Deputy Attack. Paper was published in 2018. Google has no solution for it really

[hediet]

@jzabroski thanks! Do you have a link to the paper?

[hanny24]

OK, I did not know that. I guess I'll modify & build the extension locally. Thank you anyway. Feel free to close the issue.

[outadoc]

For the Firefox extension, I know of other extensions (for example Refined Github) that manage to request the right permissions at runtime, so this should be achievable.

This seems to be relevant: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/permissions/request

[outadoc]

Hi! I've opened a PR to add support for this: https://github.com/hediet/browser-ext-github-monaco/pull/26

I'm no web developer (and unfamiliar with the tooling), so feedback is welcome 👍