|
|
|
|
|
|
by seanwilson
2322 days ago
|
|
|
The solution should surely involve more granular permissions? I'm assuming this permission has no need to read the body of network responses, inject anything into the responses, read cookies etc. However, it probably has no option than to request the "read and change all network data" permission because there is nothing weaker that will let it do what it needs to do. Making sources available isn't a scalable option to help with this in my opinion. Who is going to be doing thorough security audits of every extension + every update? |
|
|