Merge pull request #22 from movie-web/feature/update-default-domains

update default domain whitelist, remove movie-web references
Merge pull request #21 from movie-web/fix/#952
2025-09-13 15:03:25 +00:00 · 2024-03-04 20:49:24 +00:00 · 2024-03-04 20:48:19 +00:00 · 2024-03-03 20:20:34 +01:00 · 2024-03-03 20:14:56 +01:00 · 2024-03-03 13:45:24 +01:00
6 changed files with 35 additions and 18 deletions
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -2,13 +2,9 @@

 ## Supported Versions

-The movie-web maintainers only support the latest version of movie-web published at https://movie-web.app.
-This published version is equivalent to the master branch.
-
-Support is not provided for any forks or mirrors of movie-web.
+The latest version of movie-web is the only version that is supported, as it is the only version that is being actively developed.

 ## Reporting a Vulnerability

-There are two ways you can contact the movie-web maintainers to report a vulnerability:
- - Email [security@movie-web.app](mailto:security@movie-web.app)
- - Report the vulnerability in the [movie-web Discord server](https://discord.movie-web.app)
+You can contact the movie-web maintainers to report a vulnerability:
+ - Report the vulnerability in the [movie-web Discord server](https://movie-web.github.io/links/discord)
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@movie-web/extension",
  "displayName": "movie-web extension",
-  "version": "1.1.0",
+  "version": "1.1.1",
  "description": "Enhance your movie-web experience with just one click",
  "author": "movie-web",
  "scripts": {
--- a/src/background/messages/makeRequest.ts
+++ b/src/background/messages/makeRequest.ts
@@ -3,6 +3,7 @@ import type { PlasmoMessaging } from '@plasmohq/messaging';
 import type { BaseRequest } from '~types/request';
 import type { BaseResponse } from '~types/response';
 import { removeDynamicRules, setDynamicRules } from '~utils/declarativeNetRequest';
+import { isFirefox } from '~utils/extension';
 import { makeFullUrl } from '~utils/fetcher';
 import { assertDomainWhitelist } from '~utils/storage';

@@ -52,13 +53,11 @@ const handler: PlasmoMessaging.MessageHandler<Request, Response<any>> = async (r
    const url = makeFullUrl(req.body.url, req.body);
    await assertDomainWhitelist(req.sender.tab.url);

-    if (Object.keys(req.body.headers).length > 0) {
    await setDynamicRules({
      ruleId: MAKE_REQUEST_DYNAMIC_RULE,
      targetDomains: [new URL(url).hostname],
      requestHeaders: req.body.headers,
    });
-    }

    const response = await fetch(url, {
      method: req.body.method,
@@ -71,6 +70,9 @@ const handler: PlasmoMessaging.MessageHandler<Request, Response<any>> = async (r

    const cookies = await (chrome || browser).cookies.getAll({
      url: response.url,
+      ...(isFirefox() && {
+        firstPartyDomain: new URL(response.url).hostname,
+      }),
    });

    res.send({
--- a/src/tabs/PermissionGrant.tsx
+++ b/src/tabs/PermissionGrant.tsx
@@ -8,7 +8,7 @@ export default function PermissionGrant() {
  const { grantPermission } = usePermission();

  const queryParams = new URLSearchParams(window.location.search);
-  const redirectUrl = queryParams.get('redirectUrl') ?? 'https://movie-web.app';
+  const redirectUrl = queryParams.get('redirectUrl') ?? 'https://mw.lonelil.ru';
  const domain = makeUrlIntoDomain(redirectUrl);

  const redirectBack = () => {
--- a/src/utils/extension.ts
+++ b/src/utils/extension.ts
@@ -1,3 +1,11 @@
 export const isChrome = () => {
  return chrome.runtime.getURL('').startsWith('chrome-extension://');
 };
+
+export const isFirefox = () => {
+  try {
+    return browser.runtime.getURL('').startsWith('moz-extension://');
+  } catch {
+    return false;
+  }
+};
--- a/src/utils/storage.ts
+++ b/src/utils/storage.ts
@@ -3,7 +3,14 @@ import { useStorage } from '@plasmohq/storage/hook';

 import { makeUrlIntoDomain } from '~utils/domains';

-export const DEFAULT_DOMAIN_WHITELIST = ['movie-web.app', 'dev.movie-web.app'];
+export const DEFAULT_DOMAIN_WHITELIST = [
+  'mw.lonelil.ru',
+  'watch.qtchaos.de',
+  'bmov.vercel.app',
+  'stream.thehairy.me',
+  'scootydooter.vercel.app',
+  'movie-web-me.vercel.app',
+];

 export const storage = new Storage();

@@ -31,5 +38,9 @@ export const isDomainWhitelisted = async (url: string | undefined) => {

 export const assertDomainWhitelist = async (url: string) => {
  const isWhiteListed = await isDomainWhitelisted(url);
-  if (!isWhiteListed) throw new Error('Domain is not whitelisted');
+  const currentDomain = makeUrlIntoDomain(url);
+  if (!isWhiteListed)
+    throw new Error(
+      `${currentDomain} is not whitelisted. Open the extension and click on the power button to whitelist the site.`,
+    );
 };
Author	SHA1	Message	Date
William Oldham	434b2475cb	Merge pull request #22 from movie-web/feature/update-default-domains update default domain whitelist, remove movie-web references	2024-03-04 20:49:24 +00:00
William Oldham	50166457b8	Merge pull request #21 from movie-web/fix/#952 add firstPartyDomain for first-party isolation	2024-03-04 20:48:19 +00:00
Jorrin	755bba3e1e	update default domain whitelist, remove movie-web references	2024-03-03 20:20:34 +01:00
Jorrin	e7ca90b75f	add firstPartyDomain for first-party isolation	2024-03-03 20:14:56 +01:00
Jorrin	d74f0abbf6	Merge pull request #20 from movie-web/fix/improve-error-message Improve "Domain is not whitelisted" error message	2024-03-03 13:45:24 +01:00
Jorrin	cade0b50ab	Add more details to the error message	2024-03-01 21:59:38 +01:00
Jorrin	1ac8147cdd	add instruction to domain whitelist error message	2024-03-01 21:57:18 +01:00
William Oldham	6d1fa16553	Bump version	2024-02-21 18:53:08 +00:00
William Oldham	a8417c75a3	Merge pull request #18 from movie-web/fix/#904 always create dynamic rule for fetch request	2024-02-21 18:50:40 +00:00
Jorrin	abf26103e1	always create dynamic rule for fetch request	2024-02-15 14:17:08 +01:00