fix: include host_permissions in default permission origins

samuelmaddock · samuelmaddock · commit 1798b2adc7f7 · 2025-02-21T17:42:08.000-05:00
diff --git a/packages/electron-chrome-extensions/src/browser/api/permissions.ts b/packages/electron-chrome-extensions/src/browser/api/permissions.ts
@@ -36,7 +36,7 @@ export class PermissionsAPI {
     const manifest: chrome.runtime.Manifest = extension.manifest
     this.permissionMap.set(extension.id, {
       permissions: (manifest.permissions || []) as chrome.runtime.ManifestPermissions[],
-      origins: [],
+      origins: manifest.host_permissions || [],
     })
   }
 
@@ -69,6 +69,15 @@ export class PermissionsAPI {
     { extension }: ExtensionEvent,
     request: chrome.permissions.Permissions,
   ) => {
+    const declaredPermissions = new Set([
+      ...(extension.manifest.permissions || []),
+      ...(extension.manifest.optional_permissions || []),
+    ])
+
+    if (request.permissions && !request.permissions.every((p) => declaredPermissions.has(p))) {
+      throw new Error('Permissions request includes undeclared permission')
+    }
+
     const granted = await this.ctx.store.requestPermissions(extension, request)
     if (!granted) return false
 
diff --git a/packages/electron-chrome-extensions/src/browser/router.ts b/packages/electron-chrome-extensions/src/browser/router.ts
@@ -1,4 +1,4 @@
-import { app, Extension, ipcMain, session, Session, WebContents } from 'electron'
+import { app, ipcMain, session, Session, WebContents } from 'electron'
 
 const createDebug = require('debug')
 
@@ -169,9 +169,13 @@ export type ExtensionSender = Electron.WebContents | Electron.ServiceWorkerMain
 //   send: Electron.WebFrameMain['send']
 // }
 
+type ExtendedExtension = Omit<Electron.Extension, 'manifest'> & {
+  manifest: chrome.runtime.Manifest
+}
+
 export type ExtensionEvent =
-  | { type: 'frame'; sender: Electron.WebContents; extension: Extension }
-  | { type: 'service-worker'; sender: Electron.ServiceWorkerMain; extension: Extension }
+  | { type: 'frame'; sender: Electron.WebContents; extension: ExtendedExtension }
+  | { type: 'service-worker'; sender: Electron.ServiceWorkerMain; extension: ExtendedExtension }
 
 export type HandlerCallback = (event: ExtensionEvent, ...args: any[]) => any
 
