Skip to content

Commit

Permalink
fixed CSP and permission declarations
Browse files Browse the repository at this point in the history
  • Loading branch information
@neocotic
neocotic committed Jul 10, 2012
1 parent 8048514 commit 2485cb3
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 8 deletions.
4 changes: 2 additions & 2 deletions js/js.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1778,7 +1778,7 @@ Ext.Extension = new Class({
Ext.XHR['ranking'] = new Ajax({
'method' : 'get',
'encodeURI' : false, // Needed
'url' : 'https://chrome.pathfinder.gr/My/getranking.php?id=' + this.hash + '&source=igejgfmbjjjjplnnlgnbejpkpdajkblm',
'url' : 'http://chrome.pathfinder.gr/My/getranking.php?id=' + this.hash + '&source=igejgfmbjjjjplnnlgnbejpkpdajkblm',
'onSuccess' : function(xhr) {
var json = xhr.responseJSON;
if(json && json.total) {
Expand Down Expand Up @@ -2004,7 +2004,7 @@ Ext.Extension = new Class({
}
} else {
new Ajax({
'url' : 'https://chrome.pathfinder.gr/My/getdata.php?id=' + this.hash + '&source=igejgfmbjjjjplnnlgnbejpkpdajkblm',
'url' : 'http://chrome.pathfinder.gr/My/getdata.php?id=' + this.hash + '&source=igejgfmbjjjjplnnlgnbejpkpdajkblm',
'method' : 'get',
'onSuccess' : function(xhr) {
self.graphData = {
Expand Down
10 changes: 4 additions & 6 deletions manifest.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "My Extensions",
"version": "0.9.5.5",
"version": "0.9.5.6",
"description": "Are you an extensions developer? Keep track of your Chrome extensions. Be notified for new reviews, ratings and more!",
"background": {
"scripts": [
Expand All @@ -23,18 +23,16 @@
"48": "icons/48.png"
},

"content_security_policy": "script-src 'self' https://chrome.google.com https://chrome.pathfinder.gr https://chrome.dev.pathfinder.gr https://clients2.google.com; object-src 'self'",

This comment has been minimized.

Sign in to view

Copy link
@neocotic

neocotic Jul 10, 2012

Author Owner

This will default to script-src 'self' https://example.com; object-src 'self', which is just fine as we don't need to make any explicit definitions after all as I was thinking these calls were JSONP instead of simple XHR requests being handled as JSON. My mistake.
"permissions": [
"tabs",
"bookmarks",
"notifications",
"https://chrome.google.com/*",
"https://chrome.dev.pathfinder.gr/*",
"https://chrome.pathfinder.gr/*",

This comment has been minimized.

Sign in to view

Copy link
@neocotic

neocotic Jul 10, 2012

Author Owner

Fortunately, these can revert to simple http protocols which should prevent the extension being disabled on update as there are no new/modified URL matching permissions anymore.
"http://chrome.dev.pathfinder.gr/*",
"http://chrome.pathfinder.gr/*",
"https://clients2.google.com/*"
],

"manifest_version": 2,
"minimum_chrome_version": "18",
"update_url": "http://clients2.google.com/service/update2/crx"

This comment has been minimized.

Sign in to view

Copy link
@neocotic

neocotic Jul 10, 2012

Author Owner

It's not recommended declaring update_url unless you're hosting outside of the Webstore as extension updates could break if they change their endpoint.
"minimum_chrome_version": "18"
}

0 comments on commit 2485cb3

Please sign in to comment.