PD
🧩 Plasmo Developers•17mo ago
Joshua Perk

Plasmo requesting more permissions than requested?

I've noticed bugs(?) that I think are related - and might have to do with me using Vue? For my CSUI, I have the following script: 
<script>
import cssText from "data-text:~style.scss"

export default {
  plasmo: {
    config: {
      matches: ["https://*.linkedin.com/*"]
    },
    // Tailwind CSS must be injected into the parent component
    getStyle: () => {
      const style = document.createElement("style")
      style.textContent = cssText
      return style
    }
    // getOverlayAnchorList: async () => document.querySelectorAll("a")
  }
}
</script>
<script>
import cssText from "data-text:~style.scss"

export default {
  plasmo: {
    config: {
      matches: ["https://*.linkedin.com/*"]
    },
    // Tailwind CSS must be injected into the parent component
    getStyle: () => {
      const style = document.createElement("style")
      style.textContent = cssText
      return style
    }
    // getOverlayAnchorList: async () => document.querySelectorAll("a")
  }
}
</script>
Note the matches config. However, my CSUI is still visible on every page that I go to. Also, when I uploaded my Plasmo-bundled extension to Chrome, I got an alert that I am requesting host permissions. My package.json file looks like this: 
...
  "manifest": {
    "externally_connectable": {
      "matches": [
        "*://localhost/*",
        "*://app.vector.co/*",
        "*://*.vector.co/*",
        "*://vector.co/*"
      ]
    }
  }
...
...
  "manifest": {
    "externally_connectable": {
      "matches": [
        "*://localhost/*",
        "*://app.vector.co/*",
        "*://*.vector.co/*",
        "*://vector.co/*"
      ]
    }
  }
...
So I'm not sure where host permissions are being requested. I believe externally_connectable does not request host permissions and only allows those sites to send messages to my extension? Also not sure why the CSUI is showing up everywhere.
No description
5 Replies
lab
lab•17mo ago
The vue CSUI config doesn't work ATM. We need that to be fixed somehow in here: either via a vue parser or something similar. Right now the config parser only work with top-level export: https://github.com/PlasmoHQ/plasmo/blob/main/cli/plasmo/src/features/manifest-factory/base.ts#L358
GitHub
plasmo/cli/plasmo/src/features/manifest-factory/base.ts at main · P...
🧩 The Browser Extension Framework. Contribute to PlasmoHQ/plasmo development by creating an account on GitHub.
lab
lab•17mo ago
I suspect if you look at the final bundle, you will see the injected contentscript to have broad url permission (<all_url>) by default Try export the config like this instead: 
export const config = {
   matches: ["https://*.linkedin.com/*"]
    }
}
export const config = {
   matches: ["https://*.linkedin.com/*"]
    }
}
And hopefully the tsconfig can parse that, otherwise it needs to be fixed
Joshua Perk
Joshua PerkOP•17mo ago
Dang you're right - okay this helps. Thank you (as always). Unfortauntely exporting the config directly didn't work. Oddly the getStyle function is properly parsed out which gives me faith it might be possible to figure out how to do the same for config. Until then, I'll edits the compiled files directly 😆
lab
lab•17mo ago
Yeah, atm we use typescript lib directly to shallowly parse the AST of the CSUI source file for the CS config (we do this at the pre-compile layer and leave the actualy source compile to the vue plugin, which doesn't do much beside standard compilation). This result in static readout of the source and only compatible with .ts file likely... (or in cases where the AST is luckily aligned...) For the other stuff such as getStyle, those runtime function which is invoked by the framework's injected code, thus it works with that vue export
Joshua Perk
Joshua PerkOP•17mo ago
Ahh that makes sense. I'll see if I can get around to trying to work on it and if so, a PR Thanks as always man
Want results from more Discord servers?
Add your server