|
|
|
|
|
|
by lostinroutine
2233 days ago
|
|
|
Thanks for the explanation! I guess I was looking at it more from the perspective of merely making requests (without creds). My understanding is that if an extension has a wildcard 'https://*' origin listed in its manifest, then it can make cookie-populated requests to any domain that matches the wildcard. That's actually pretty scary from privacy and security perspectives. But I suppose that's part of the reason CWS has moderation in the first place. |
|
|