From ed08ef1a6df1713a0e00ccd656f4bb4ed44647a4 Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Mon, 6 Sep 2021 16:45:36 +0200
Subject: generate Chromium unique key automatically in `build.sh'

---
 common/signing.js | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'common')

diff --git a/common/signing.js b/common/signing.js
index 2171714..1904bcd 100644
--- a/common/signing.js
+++ b/common/signing.js
@@ -10,7 +10,7 @@
  * IMPORTS_START
  * IMPORT sha256
  * IMPORT browser
- * IMPORT is_chrome
+ * IMPORT is_mozilla
  * IMPORTS_END
  */
 
@@ -30,18 +30,18 @@
  *
  * The secret shared between execution contexts has to be available
  * synchronously. Under Mozilla, this is the extension's per-session id. Under
- * Chromium, this is the key that resides in the manifest.
- *
- * An idea to (under Chromium) instead store the secret in a file fetched
- * synchronously using XMLHttpRequest is being considered.
+ * Chromium, this is a dummy web-accessible-resource name that resides in the
+ * manifest and is supposed to be constructed by each user using a unique value
+ * (this is done automatically by `build.sh').
  */
 
 function get_secret()
 {
-    if (is_chrome)
-	return browser.runtime.getManifest().key.substring(0, 50);
-    else
+    if (is_mozilla)
 	return browser.runtime.getURL("dummy");
+
+    return chrome.runtime.getManifest().web_accessible_resources
+	.map(r => /^chromium-key-dummy-file-(.*)/.exec(r)).filter(r => r)[0][1];
 }
 
 function extract_signed(signature, signed_data)
-- 
cgit v1.2.3