aboutsummaryrefslogtreecommitdiff
path: root/common
diff options
context:
space:
mode:
authorWojtek Kosior <koszko@koszko.org>2021-09-06 16:45:36 +0200
committerWojtek Kosior <koszko@koszko.org>2021-09-06 16:45:36 +0200
commited08ef1a6df1713a0e00ccd656f4bb4ed44647a4 (patch)
tree46c363aedbac6f93af972caafb17ec94fcbfb011 /common
parent51d43685c667567516cfbda8dfeb75e98c00619f (diff)
downloadbrowser-extension-ed08ef1a6df1713a0e00ccd656f4bb4ed44647a4.tar.gz
browser-extension-ed08ef1a6df1713a0e00ccd656f4bb4ed44647a4.zip
generate Chromium unique key automatically in `build.sh'
Diffstat (limited to 'common')
-rw-r--r--common/signing.js16
1 files changed, 8 insertions, 8 deletions
diff --git a/common/signing.js b/common/signing.js
index 2171714..1904bcd 100644
--- a/common/signing.js
+++ b/common/signing.js
@@ -10,7 +10,7 @@
* IMPORTS_START
* IMPORT sha256
* IMPORT browser
- * IMPORT is_chrome
+ * IMPORT is_mozilla
* IMPORTS_END
*/
@@ -30,18 +30,18 @@
*
* The secret shared between execution contexts has to be available
* synchronously. Under Mozilla, this is the extension's per-session id. Under
- * Chromium, this is the key that resides in the manifest.
- *
- * An idea to (under Chromium) instead store the secret in a file fetched
- * synchronously using XMLHttpRequest is being considered.
+ * Chromium, this is a dummy web-accessible-resource name that resides in the
+ * manifest and is supposed to be constructed by each user using a unique value
+ * (this is done automatically by `build.sh').
*/
function get_secret()
{
- if (is_chrome)
- return browser.runtime.getManifest().key.substring(0, 50);
- else
+ if (is_mozilla)
return browser.runtime.getURL("dummy");
+
+ return chrome.runtime.getManifest().web_accessible_resources
+ .map(r => /^chromium-key-dummy-file-(.*)/.exec(r)).filter(r => r)[0][1];
}
function extract_signed(signature, signed_data)