|
|
|
|
|
|
by kiallmacinnes
2725 days ago
|
|
|
I guess this comes down to extensions that inject code / modify the page. Extensions can choose if their assets are public or private, and if they reference the asset from injected code - it needs to be public. It sounds like a better solution might be to track the injected / modified code, and only allow it to read the assets. But I'll bet there is some tradeoff i've no clue about preventing that from happening. |
|
|