69b5637bd6
CI / lint (push) Successful in 3s
extension / lint (push) Successful in 11s
CI / frontend-build (push) Successful in 21s
CI / backend-lint-and-test (push) Successful in 30s
CI / integration (push) Successful in 3m47s
extension / lint (pull_request) Successful in 9s
Symptom (operator-flagged): the extension injected the Add-as-source button on a Patreon creator you had NOT subscribed to, but it disappeared once you were subscribed — the opposite of when it's useful. Root cause (extension logic, not Patreon security): Patreon serves a creator under three URL shapes — bare patreon.com/Atole, patreon.com/c/Atole, and patreon.com/cw/Atole (the 'creator workspace' URL you land on once subscribed; documented in patreon_resolver._VANITY_RE). The button's artist-page gate (PLATFORM_ARTIST_PATTERNS.patreon in platforms.js) and its byte-mirror probe pattern (_PLATFORM_PATTERNS in extension_service._derive) only matched the bare single-segment form and explicitly excluded c/. So the subscribed-view URL failed the gate → no button. The ingestion resolver already handled all three; only these two gates were too narrow. Fix: both regexes now accept optional cw/ and c/ prefixes and drop the strict single-segment end-anchor, so a creator's inner page (/cw/Atole/posts, /Atole/membership) also matches — robust to whatever exact shape the subscribed view uses. Nav-page exclusions (home/search/messages/notifications/library/ settings/posts + post permalinks) preserved. New unit test covers all three prefixes, sub-paths, and nav-page rejection (both regexes validated identically). Bump extension 1.0.7→1.0.8 so a fresh signed XPI ships the fix (also exercises batch-5 web-ext-10's AMO sign path end-to-end on the main build). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
77 lines
2.1 KiB
JSON
77 lines
2.1 KiB
JSON
{
|
|
"manifest_version": 3,
|
|
"name": "FabledCurator",
|
|
"version": "1.0.8",
|
|
"description": "Export cookies from supported platforms to FabledCurator and add creators as sources in one click.",
|
|
|
|
"browser_specific_settings": {
|
|
"gecko": {
|
|
"id": "fabledcurator@fabledsword.com",
|
|
"strict_min_version": "115.0"
|
|
}
|
|
},
|
|
|
|
"content_security_policy": {
|
|
"_comment": "Override the MV3 default CSP to OMIT upgrade-insecure-requests. FC runs over plain HTTP per the homelab posture (feedback_homelab_http), and the default MV3 CSP would silently upgrade every fetch(http://curator.../...) to https:// and fail with NS_ERROR_GENERATE_FAILURE. Operator-flagged 2026-05-26 after the 'Test connection' button errored despite a working CORS preflight on the backend.",
|
|
"extension_pages": "script-src 'self'; object-src 'self';"
|
|
},
|
|
|
|
"permissions": [
|
|
"cookies",
|
|
"storage",
|
|
"tabs",
|
|
"activeTab",
|
|
"webRequest",
|
|
"webRequestBlocking"
|
|
],
|
|
|
|
"host_permissions": [
|
|
"*://*.patreon.com/*",
|
|
"*://*.subscribestar.com/*",
|
|
"*://*.subscribestar.adult/*",
|
|
"*://*.hentai-foundry.com/*",
|
|
"*://*.discord.com/*",
|
|
"*://*.pixiv.net/*",
|
|
"*://*.deviantart.com/*",
|
|
"*://app-api.pixiv.net/*",
|
|
"*://oauth.secure.pixiv.net/*",
|
|
"*://*/*"
|
|
],
|
|
|
|
"action": {
|
|
"default_popup": "popup/popup.html",
|
|
"default_icon": "icons/icon.svg",
|
|
"default_title": "FabledCurator"
|
|
},
|
|
|
|
"background": {
|
|
"scripts": ["lib/platforms.js", "lib/cookies.js", "lib/api.js", "background/background.js"]
|
|
},
|
|
|
|
"options_ui": {
|
|
"page": "options/options.html",
|
|
"browser_style": true
|
|
},
|
|
|
|
"content_scripts": [
|
|
{
|
|
"matches": [
|
|
"*://*.patreon.com/*",
|
|
"*://*.subscribestar.com/*",
|
|
"*://*.subscribestar.adult/*",
|
|
"*://*.hentai-foundry.com/*",
|
|
"*://*.deviantart.com/*",
|
|
"*://*.pixiv.net/*"
|
|
],
|
|
"js": ["lib/platforms.js", "content/content-script.js"],
|
|
"css": ["content/content-script.css"],
|
|
"run_at": "document_idle"
|
|
}
|
|
],
|
|
|
|
"icons": {
|
|
"48": "icons/icon.svg",
|
|
"96": "icons/icon.svg"
|
|
}
|
|
}
|