tildes-extended icon indicating copy to clipboard operation
tildes-extended copied to clipboard

Published 20 hours ago verified publisher icon theCrius

[External CSS] Use optional_permissions to being able to reach external URL instead of dealing with CORS

Open theCrius opened this issue 6 years ago • 0 comments

Currently we use cors-anywhere to allow users to insert any url to a CSS.

That's kind of an overkill as external CSS will be quite always hosted from major git repositories.

Instead we could add the following:

"optional_permissions": [
  "*://gitlab.com/*",
  "*://github.com/*",
  "*://bitbucket.org/*",
  "*://pastebin.com/*"
]

To the manifest.json and only allow using URL whitelisted. Also with the permission on those URL being optional, the user don't need to give permission on installation but only if they actually want to bring in code from any of those source.

Sources:

  • https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/optional_permissions
  • https://developer.chrome.com/extensions/permissions

theCrius avatar Jun 24 '18 14:06 theCrius