undefined | Better HN

0 pointsrichin131y ago0 comments

Fair enough. I asked because an extension like this has access to too much information which I don't like from a privacy stand point.

Thanks for sharing though!

0 comments

djyde1y ago

I understand your concern. I think "access to much information" means this extension require <all_url> host_permission, which I don't want to either but it must.

Because custom AI provider's API base url is submit by user. If I want to call the API on background script, this base url must be listed on host_permissions. Otherwise it will cause a CORS problem.

optional_host_permissions may fix this problem, but since the base url is set by user, it's not possible to use this workaround.

Any suggestion?

tough1y ago

you could give paying customers access to the code to run themselves (not open source)

if that works for you/your privacy-aware customer they can inspect the code/build it/ run their own version

djyde1y ago

Actually, the nice thing about chrome extensions is that users can view all requests made by content_script and background script through devtool. This is much more intuitive than checking the code.

j / k navigate · click thread line to collapse

0 comments

djyde1y ago

I understand your concern. I think "access to much information" means this extension require <all_url> host_permission, which I don't want to either but it must.

Because custom AI provider's API base url is submit by user. If I want to call the API on background script, this base url must be listed on host_permissions. Otherwise it will cause a CORS problem.

optional_host_permissions may fix this problem, but since the base url is set by user, it's not possible to use this workaround.

Any suggestion?

tough1y ago

you could give paying customers access to the code to run themselves (not open source)

if that works for you/your privacy-aware customer they can inspect the code/build it/ run their own version

djyde1y ago

Actually, the nice thing about chrome extensions is that users can view all requests made by content_script and background script through devtool. This is much more intuitive than checking the code.

j / k navigate · click thread line to collapse