From b1c4dbb33b6f8a0b1a3ff8f3886ac8de9b80e239 Mon Sep 17 00:00:00 2001 From: iTrooz Date: Thu, 16 Nov 2023 20:24:14 +0100 Subject: [PATCH] Check for secure context before installing web app --- extension/src/background.js | 6 +++--- extension/src/content.js | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/extension/src/background.js b/extension/src/background.js index 4ee11cb3..93473b9a 100644 --- a/extension/src/background.js +++ b/extension/src/background.js @@ -44,7 +44,7 @@ browser.notifications.onClicked.addListener(async notification => { // == CONTENT SCRIPT HANDLING // Detect manifest sent from content script -browser.runtime.onMessage.addListener(async ({ manifestUrl, documentUrl }, { tab }) => { +browser.runtime.onMessage.addListener(async ({ manifestUrl, documentUrl, isSecureContext }, { tab }) => { manifestUrl = manifestUrl ? new URL(manifestUrl) : undefined documentUrl = documentUrl ? new URL(documentUrl) : undefined @@ -56,8 +56,8 @@ browser.runtime.onMessage.addListener(async ({ manifestUrl, documentUrl }, { tab return } - // If both manifest and the page are loaded over HTTPS, site is a valid web app - let isValidPwa = manifestUrl && manifestUrl.protocol === 'https:' && documentUrl.protocol === 'https:' + // If both manifest and the page are loaded over HTTPS, and we are in a secure context, site is a valid web app + let isValidPwa = manifestUrl && manifestUrl.protocol === 'https:' && documentUrl.protocol === 'https:' && isSecureContext // Force show or hide the page action depending on user preference const settingsDisplayPageAction = (await browser.storage.local.get(PREF_DISPLAY_PAGE_ACTION))[PREF_DISPLAY_PAGE_ACTION] diff --git a/extension/src/content.js b/extension/src/content.js index 82a876f4..a3571385 100644 --- a/extension/src/content.js +++ b/extension/src/content.js @@ -4,8 +4,8 @@ const isAppleMaskIcon = link => link.getAttribute('rel').toLowerCase().includes( const manifestElement = document.querySelector('link[rel=manifest]') const manifestUrl = manifestElement ? new URL(manifestElement.getAttribute('href'), document.baseURI) : null -// Send the initial manifest and document URLs on the page load -browser.runtime.sendMessage({ manifestUrl: manifestUrl?.href, documentUrl: document.location.href }) +// Send the secure context state, initial manifest and document URLs on the page load +browser.runtime.sendMessage({ manifestUrl: manifestUrl?.href, documentUrl: document.location.href, isSecureContext }) // Send the current manifest and document URLs on request browser.runtime.onMessage.addListener((message, _, sendResponse) => {