Fix content type for extension deployment

add inactive icon if the domain is not whitelisted

.github/SECURITY.md

@@ -2,13 +2,9 @@
 
 ## Supported Versions
 
-The movie-web maintainers only support the latest version of movie-web published at https://movie-web.app.
+The latest version of movie-web is the only version that is supported, as it is the only version that is being actively developed.
-This published version is equivalent to the master branch.
-
-Support is not provided for any forks or mirrors of movie-web.
 
 ## Reporting a Vulnerability
 
-There are two ways you can contact the movie-web maintainers to report a vulnerability:
+You can contact the movie-web maintainers to report a vulnerability:
- - Email [security@movie-web.app](mailto:security@movie-web.app)
+ - Report the vulnerability in the [movie-web Discord server](https://movie-web.github.io/links/discord)
- - Report the vulnerability in the [movie-web Discord server](https://discord.movie-web.app)

.github/workflows/deploying.yml

@@ -94,8 +94,8 @@ jobs:
       with:
         upload_url: ${{ steps.create_release.outputs.upload_url }}
         asset_path: ./chrome/chrome-mv3-prod.zip
-        asset_name: extension-mw.chrome.crx
+        asset_name: extension-mw.chrome.zip
-        asset_content_type: application/x-chrome-extension
+        asset_content_type: application/zip
 
     - name: Upload Firefox release
       uses: actions/upload-release-asset@v1

package.json

@@ -1,7 +1,7 @@
 {
   "name": "@movie-web/extension",
   "displayName": "movie-web extension",
-  "version": "1.1.0",
+  "version": "1.1.2",
   "description": "Enhance your movie-web experience with just one click",
   "author": "movie-web",
   "scripts": {
@@ -54,6 +54,17 @@
       "gecko": {
         "id": "{3fd86354-c73f-4395-9e26-2c5c984579bf}"
       }
+    },
+    "web_accessible_resources": [
+      {
+        "resources": [
+          "assets/active.png",
+          "assets/inactive.png"
+        ],
+        "matches": [
+          "<all_urls>"
+        ]
       }
+    ]
   }
 }

src/background/messages/makeRequest.ts

@@ -3,6 +3,7 @@ import type { PlasmoMessaging } from '@plasmohq/messaging';
 import type { BaseRequest } from '~types/request';
 import type { BaseResponse } from '~types/response';
 import { removeDynamicRules, setDynamicRules } from '~utils/declarativeNetRequest';
+import { isFirefox } from '~utils/extension';
 import { makeFullUrl } from '~utils/fetcher';
 import { assertDomainWhitelist } from '~utils/storage';
 
@@ -52,13 +53,11 @@ const handler: PlasmoMessaging.MessageHandler<Request, Response<any>> = async (r
     const url = makeFullUrl(req.body.url, req.body);
     await assertDomainWhitelist(req.sender.tab.url);
 
-    if (Object.keys(req.body.headers).length > 0) {
     await setDynamicRules({
       ruleId: MAKE_REQUEST_DYNAMIC_RULE,
       targetDomains: [new URL(url).hostname],
       requestHeaders: req.body.headers,
     });
-    }
 
     const response = await fetch(url, {
       method: req.body.method,
@@ -71,6 +70,9 @@ const handler: PlasmoMessaging.MessageHandler<Request, Response<any>> = async (r
 
     const cookies = await (chrome || browser).cookies.getAll({
       url: response.url,
+      ...(isFirefox() && {
+        firstPartyDomain: new URL(response.url).hostname,
+      }),
     });
 
     res.send({

src/components/ToggleButton.tsx

@@ -36,7 +36,7 @@ export function ToggleButton(props: ToggleButtonProps) {
         </button>
       </div>
       <p>
-        Extension {props.active ? 'enabled' : 'disabled'} <br /> on <strong>{props.domain}</strong>
+        Extension <strong>{props.active ? 'enabled' : 'disabled'}</strong> <br /> on <strong>{props.domain}</strong>
       </p>
     </div>
   );

src/hooks/useDomainWhitelist.ts

@@ -27,6 +27,11 @@ export function useToggleWhitelistDomain(domain: string) {
   const { domainWhitelist, addDomain, removeDomain } = useDomainWhitelist();
   const isWhitelisted = domainWhitelist.includes(domain);
   const { grantPermission } = usePermission();
+  const iconPath = (chrome || browser).runtime.getURL(isWhitelisted ? 'assets/active.png' : 'assets/inactive.png');
+
+  (chrome || browser).action.setIcon({
+    path: iconPath,
+  });
 
   const toggle = useCallback(() => {
     if (!isWhitelisted) {

src/tabs/PermissionGrant.tsx

@@ -8,7 +8,7 @@ export default function PermissionGrant() {
   const { grantPermission } = usePermission();
 
   const queryParams = new URLSearchParams(window.location.search);
-  const redirectUrl = queryParams.get('redirectUrl') ?? 'https://movie-web.app';
+  const redirectUrl = queryParams.get('redirectUrl') ?? 'https://mw.lonelil.ru';
   const domain = makeUrlIntoDomain(redirectUrl);
 
   const redirectBack = () => {

src/utils/extension.ts

@@ -1,3 +1,11 @@
 export const isChrome = () => {
   return chrome.runtime.getURL('').startsWith('chrome-extension://');
 };
+
+export const isFirefox = () => {
+  try {
+    return browser.runtime.getURL('').startsWith('moz-extension://');
+  } catch {
+    return false;
+  }
+};

src/utils/storage.ts

@@ -3,7 +3,14 @@ import { useStorage } from '@plasmohq/storage/hook';
 
 import { makeUrlIntoDomain } from '~utils/domains';
 
-export const DEFAULT_DOMAIN_WHITELIST = ['movie-web.app', 'dev.movie-web.app'];
+export const DEFAULT_DOMAIN_WHITELIST = [
+  'mw.lonelil.ru',
+  'watch.qtchaos.de',
+  'bmov.vercel.app',
+  'stream.thehairy.me',
+  'scootydooter.vercel.app',
+  'movie-web-me.vercel.app',
+];
 
 export const storage = new Storage();
 
@@ -31,5 +38,9 @@ export const isDomainWhitelisted = async (url: string | undefined) => {
 
 export const assertDomainWhitelist = async (url: string) => {
   const isWhiteListed = await isDomainWhitelisted(url);
-  if (!isWhiteListed) throw new Error('Domain is not whitelisted');
+  const currentDomain = makeUrlIntoDomain(url);
+  if (!isWhiteListed)
+    throw new Error(
+      `${currentDomain} is not whitelisted. Open the extension and click on the power button to whitelist the site.`,
+    );
 };