You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When building a web extension, it seems that the hosts specified in the content scripts are copied to the web_accessible_resources field, even if unnecessary, breaking the manifest altogether in some cases.
We'd have to parse out the matches key for content scripts to make this work properly. It's probably better just to not use the matches field at all (though marginally less secure). We could also have the packager skip injecting a file into web_accessible_resources if it's already there.
I think the main issue is that the content scripts allow pathnames other than /* while the other key doesn't. You can probably pass the glob to a regular URL constructor and replace the pathname. That might be a quick fix, as well as avoiding adding web accessible resources when the list of resources is empty.
They also allow raw protocols, <all_urls>, and potentially a bunch of other stuff that it's really not worth the effort to handle. The main reason matches exists is to try to combat fingerprinting AFAIK, you can check for the presence of popular extensions for very accurate browser fingerprinting. But I'd think the injected sites are the ones most likely to want to detect the extension's presence in the first place, so I'm not sure if there's really a good way to avoid this anyway.
For now I'm going to submit a PR that just removes the matches field, maybe it can be worked on more later.
馃悰 bug report
When building a web extension, it seems that the hosts specified in the content scripts are copied to the
web_accessible_resources
field, even if unnecessary, breaking the manifest altogether in some cases.馃帥 Configuration (.babelrc, package.json, cli command)
No custom configuration. It happens on both build and watch.
馃 Expected Behavior
No
web_accessible_resources
unless required:or at least use a supported origin glob:
馃槸 Current Behavior
馃捇 Code Sample
Input manifest:
馃實 Your Environment
The text was updated successfully, but these errors were encountered: