fix: Restrict host permissions and content script matches to HTTPS only

jnton · jnton · commit daab951422cd · 2025-05-31T01:26:04.000+02:00
diff --git a/background.js b/background.js
@@ -159,7 +159,7 @@ chrome.webNavigation.onCompleted.addListener(
       // injectModules(details.tabId, "webNavigation.onCompleted"); // Commented out
     }
   },
-  { url: [{ schemes: ['http','https'] }] }
+  { url: [{ schemes: ['https'] }] }
 );
 
 // 3) Message listener for updates, popup requests, AND scroll requests
diff --git a/manifest.json b/manifest.json
@@ -9,7 +9,6 @@
     "webNavigation"
   ],
   "host_permissions": [
-    "http://*/*",
     "https://*/*"
   ],
   "content_security_policy": {
@@ -37,7 +36,6 @@
   "content_scripts": [
     {
       "matches": [
-        "http://*/*",
         "https://*/*"
       ],
       "js": [

Original file line number	Diff line number	Diff line change
`@@ -159,7 +159,7 @@ chrome.webNavigation.onCompleted.addListener(`
`159`	`159`	`// injectModules(details.tabId, "webNavigation.onCompleted"); // Commented out`
`160`	`160`	`}`
`161`	`161`	`},`
`162`		`- { url: [{ schemes: ['http','https'] }] }`
	`162`	`+ { url: [{ schemes: ['https'] }] }`
`163`	`163`	`);`
`164`	`164`
`165`	`165`	`// 3) Message listener for updates, popup requests, AND scroll requests`