Skip to content

fix: update Chrome host permissions to allow all URLs #183

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ErikBjare merged 2 commits into from
Apr 28, 2025
Merged

fix: update Chrome host permissions to allow all URLs #183

ErikBjare merged 2 commits into from
Apr 28, 2025

Conversation

@BelKed
Copy link
Contributor

@BelKed BelKed commented Apr 24, 2025
edited by ellipsis-dev bot
Loading

Important

Updates Chrome host permissions in manifest.json to allow all URLs, fixing issue #182.

This description was created by Ellipsis for ce00279. You can customize this summary. It will automatically update as commits are pushed.

ellipsis-dev[bot]
ellipsis-dev bot reviewed Apr 24, 2025
View reviewed changes
Copy link
Contributor

@ellipsis-dev ellipsis-dev bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Important

Looks good to me! 👍

Reviewed everything up to ce00279 in 32 seconds. Click for details.
  • Reviewed 14 lines of code in 1 files
  • Skipped 0 files when reviewing.
  • Skipped posting 3 draft comments. View those below.
  • Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.
1. src/manifest.json:47
  • Draft comment:
    Using <all_urls> is correct to resolve issue 182, but increases risk by granting all-site access. Ensure this is documented and conforms with Chrome guidelines.
  • Reason this comment was not posted:
    Confidence changes required: 33% <= threshold 50% None
2. src/manifest.json:47
  • Draft comment:
    Verify that Firefox permissions remain intentionally restricted to specific endpoints, and consider if consistency is needed.
  • Reason this comment was not posted:
    Confidence changes required: 33% <= threshold 50% None
3. src/manifest.json:47
  • Draft comment:
    Using '<all_urls>' now grants full access on Chrome, which resolves issue 182. Confirm that this broad permission is acceptable from a security standpoint.
  • Reason this comment was not posted:
    Confidence changes required: 0% <= threshold 50% None

Workflow ID: wflow_gSMzZMnS5kbLJ85b

You can customize Ellipsis by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.

@ErikBjare
Copy link
Member

ErikBjare commented Apr 28, 2025

I wanted to find where this was documented before merging, and I found:

Host permissions allow extensions to interact with the URL's matching patterns. Some Chrome APIs require host permissions in addition to their own API permissions, which are documented on each reference page. Here are some examples:

  • Make fetch() requests from the extension service worker and extension pages.
  • Read and query the sensitive tab properties (url, title, and favIconUrl) using the chrome.tabs API.

https://developer.chrome.com/docs/extensions/develop/concepts/declare-permissions

Merging!

@ErikBjare ErikBjare merged commit 01973cd into ActivityWatch:master Apr 28, 2025
5 checks passed
@ErikBjare
Copy link
Member

ErikBjare commented Apr 28, 2025

They are saying this on submission:

image

Not sure if we can get around with more narrowly scoped permissions, but still submitting it now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ellipsis-dev ellipsis-dev[bot] ellipsis-dev[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Can't grant access to all sites on Chrome

2 participants

@BelKed @ErikBjare