movie-web/extension
1
0
Fork 0
mirror of https://github.com/movie-web/extension.git synced 2025-09-13 15:03:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: movie-web:1.1.1
Branches Tags
movie-web:dev movie-web:master movie-web:fix-android movie-web:finalize-extension movie-web:perms movie-web:less-permissions movie-web:fix-firefox-and-brave
movie-web:1.1.4 movie-web:1.1.3 movie-web:1.1.2 movie-web:1.1.1 movie-web:1.1.0 movie-web:1.0.3 movie-web:1.0.2 movie-web:1.0.1
...
compare: movie-web:434b2475cb9c3935b2d709e84ef36a312e1816d1
Branches Tags
movie-web:dev movie-web:master movie-web:fix-android movie-web:finalize-extension movie-web:perms movie-web:less-permissions movie-web:fix-firefox-and-brave
movie-web:1.1.4 movie-web:1.1.3 movie-web:1.1.2 movie-web:1.1.1 movie-web:1.1.0 movie-web:1.0.3 movie-web:1.0.2 movie-web:1.0.1

7 Commits
1.1.1 ... 434b2475cb

Author SHA1 Message Date
William Oldham
434b2475cb Merge pull request #22 from movie-web/feature/update-default-domains 
update default domain whitelist, remove movie-web references
 2024-03-04 20:49:24 +00:00
William Oldham
50166457b8 Merge pull request #21 from movie-web/fix/#952 
add firstPartyDomain for first-party isolation
 2024-03-04 20:48:19 +00:00
Jorrin
755bba3e1e update default domain whitelist, remove movie-web references 2024-03-03 20:20:34 +01:00
Jorrin
e7ca90b75f add firstPartyDomain for first-party isolation 2024-03-03 20:14:56 +01:00
Jorrin
d74f0abbf6 Merge pull request #20 from movie-web/fix/improve-error-message 
Improve "Domain is not whitelisted" error message
 2024-03-03 13:45:24 +01:00
Jorrin
cade0b50ab Add more details to the error message 2024-03-01 21:59:38 +01:00
Jorrin
1ac8147cdd add instruction to domain whitelist error message 2024-03-01 21:57:18 +01:00
5 changed files with 29 additions and 10 deletions
Expand all files Collapse all files

10
.github/SECURITY.md vendored
View File

@@ -2,13 +2,9 @@
## Supported Versions ## Supported Versions
The movie-web maintainers only support the latest version of movie-web published at https://movie-web.app. The latest version of movie-web is the only version that is supported, as it is the only version that is being actively developed.
This published version is equivalent to the master branch.
Support is not provided for any forks or mirrors of movie-web.
## Reporting a Vulnerability ## Reporting a Vulnerability
There are two ways you can contact the movie-web maintainers to report a vulnerability: You can contact the movie-web maintainers to report a vulnerability:
- Email [security@movie-web.app](mailto:security@movie-web.app) - Report the vulnerability in the [movie-web Discord server](https://movie-web.github.io/links/discord)
- Report the vulnerability in the [movie-web Discord server](https://discord.movie-web.app)

4
src/background/messages/makeRequest.ts
View File

@@ -3,6 +3,7 @@ import type { PlasmoMessaging } from '@plasmohq/messaging';
import type { BaseRequest } from '~types/request'; import type { BaseRequest } from '~types/request';
import type { BaseResponse } from '~types/response'; import type { BaseResponse } from '~types/response';
import { removeDynamicRules, setDynamicRules } from '~utils/declarativeNetRequest'; import { removeDynamicRules, setDynamicRules } from '~utils/declarativeNetRequest';
import { isFirefox } from '~utils/extension';
import { makeFullUrl } from '~utils/fetcher'; import { makeFullUrl } from '~utils/fetcher';
import { assertDomainWhitelist } from '~utils/storage'; import { assertDomainWhitelist } from '~utils/storage';
@@ -69,6 +70,9 @@ const handler: PlasmoMessaging.MessageHandler<Request, Response<any>> = async (r
const cookies = await (chrome || browser).cookies.getAll({ const cookies = await (chrome || browser).cookies.getAll({
url: response.url, url: response.url,
...(isFirefox() && {
firstPartyDomain: new URL(response.url).hostname,
}),
}); });
res.send({ res.send({

2
src/tabs/PermissionGrant.tsx
View File

@@ -8,7 +8,7 @@ export default function PermissionGrant() {
const { grantPermission } = usePermission(); const { grantPermission } = usePermission();
const queryParams = new URLSearchParams(window.location.search); const queryParams = new URLSearchParams(window.location.search);
const redirectUrl = queryParams.get('redirectUrl') ?? 'https://movie-web.app'; const redirectUrl = queryParams.get('redirectUrl') ?? 'https://mw.lonelil.ru';
const domain = makeUrlIntoDomain(redirectUrl); const domain = makeUrlIntoDomain(redirectUrl);
const redirectBack = () => { const redirectBack = () => {

8
src/utils/extension.ts
View File

@@ -1,3 +1,11 @@
export const isChrome = () => { export const isChrome = () => {
return chrome.runtime.getURL('').startsWith('chrome-extension://'); return chrome.runtime.getURL('').startsWith('chrome-extension://');
}; };
export const isFirefox = () => {
try {
return browser.runtime.getURL('').startsWith('moz-extension://');
} catch {
return false;
}
};

15
src/utils/storage.ts
View File

@@ -3,7 +3,14 @@ import { useStorage } from '@plasmohq/storage/hook';
import { makeUrlIntoDomain } from '~utils/domains'; import { makeUrlIntoDomain } from '~utils/domains';
export const DEFAULT_DOMAIN_WHITELIST = ['movie-web.app', 'dev.movie-web.app']; export const DEFAULT_DOMAIN_WHITELIST = [
'mw.lonelil.ru',
'watch.qtchaos.de',
'bmov.vercel.app',
'stream.thehairy.me',
'scootydooter.vercel.app',
'movie-web-me.vercel.app',
];
export const storage = new Storage(); export const storage = new Storage();
@@ -31,5 +38,9 @@ export const isDomainWhitelisted = async (url: string | undefined) => {
export const assertDomainWhitelist = async (url: string) => { export const assertDomainWhitelist = async (url: string) => {
const isWhiteListed = await isDomainWhitelisted(url); const isWhiteListed = await isDomainWhitelisted(url);
if (!isWhiteListed) throw new Error('Domain is not whitelisted'); const currentDomain = makeUrlIntoDomain(url);
if (!isWhiteListed)
throw new Error(
`${currentDomain} is not whitelisted. Open the extension and click on the power button to whitelist the site.`,
);
}; };