-
Notifications
You must be signed in to change notification settings - Fork 7
Why request permissions for ALL websites?
Linkding-injector requests general permission for accessing data of all webpages here.
This is an unfortunate consequence of the permissions system for extensions. This extension uses the Fetch API to request search results from the configured linkding instance. Browser Extensions only allow requests to webpages it has permissions to according to the manifest.json. These permissions can't be set or changed dynamically but must be set when creating the extension. Since the URL of the linkding instance can be any URL the extension needs to request permissions for all websites.
The content script (which is the only part of the extension that can directly access website content) is only injected into the relevant search engine pages and thus can't and doesn't access any other websites or their contents. This can be verified here.
For technical details of the extension permissions system read here.
If you dislike this, you can create your own fork and change the match patterns in the permissions key here at the bottom of the file
to only include the needed search engine pages as well as your linkding instance. Then the extension would be explicitly blocked from accessing anything else.