Update README with safety information

Added safety section to clarify extension usage and privacy.

.eslintrc.js

@@ -7,7 +7,7 @@ module.exports = {
   parser: '@typescript-eslint/parser',
   parserOptions: {
     project: './tsconfig.json',
-    tsconfigRootDir: './',
+    tsconfigRootDir: __dirname,
   },
   settings: {
     'import/resolver': {

.github/CODE_OF_CONDUCT.md

@@ -1 +1 @@
-Please visit the [main document at primary repository](https://github.com/movie-web/movie-web/blob/dev/.github/CODE_OF_CONDUCT.md).
+Please visit the [main document at primary repository](https://github.com/sussy-code/smov/blob/dev/.github/CODE_OF_CONDUCT.md).

.github/CONTRIBUTING.md

@@ -1 +1 @@
-Please visit the [main document at primary repository](https://github.com/movie-web/movie-web/blob/dev/.github/CONTRIBUTING.md).
+Please visit the [main document at primary repository](https://github.com/sussy-code/smov/blob/dev/.github/CONTRIBUTING.md).

.github/SECURITY.md

@@ -2,9 +2,9 @@
 
 ## Supported Versions
 
-The latest version of movie-web is the only version that is supported, as it is the only version that is being actively developed.
+The latest version of P-Stream is the only version that is supported, as it is the only version that is being actively developed.
 
 ## Reporting a Vulnerability
 
-You can contact the movie-web maintainers to report a vulnerability:
- - Report the vulnerability in the [movie-web Discord server](https://movie-web.github.io/links/discord)
+You can contact the P-Stream maintainers to report a vulnerability:
+ - Report the vulnerability in the [Discord server](https://discord.gg/g742e7Mu2W)

.github/pull_request_template.md

@@ -1,6 +1,6 @@
 This pull request resolves #XXX
 
- - [ ] I have read and agreed to the [code of conduct](https://github.com/movie-web/movie-web/blob/dev/.github/CODE_OF_CONDUCT.md).
- - [ ] I have read and complied with the [contributing guidelines](https://github.com/movie-web/movie-web/blob/dev/.github/CONTRIBUTING.md).
- - [ ] What I'm implementing was assigned to me and is an [approved issue](https://github.com/movie-web/movie-web/issues?q=is%3Aopen+is%3Aissue+label%3Aapproved). For reference, please take a look at our [GitHub projects](https://github.com/movie-web/movie-web/projects).
+ - [ ] I have read and agreed to the [code of conduct](https://github.com/sussy-code/smov/blob/dev/.github/CODE_OF_CONDUCT.md).
+ - [ ] I have read and complied with the [contributing guidelines](https://github.com/sussy-code/smov/blob/dev/.github/CONTRIBUTING.md).
+ - [ ] What I'm implementing was assigned to me and is an [approved issue](https://github.com/sussy-code/smov/issues?q=is%3Aopen+is%3Aissue+label%3Aapproved). For reference, please take a look at our [GitHub projects](https://github.com/sussy-code/smov/projects).
  - [ ] I have tested all of my changes.

README.md

@@ -1,6 +1,42 @@
-# extension
+# P-Stream Extension
 
-Enhance your movie-web experience with just one click
+Enhance your experience with just one click!
+
+## About
+
+The extension is an optional "plugin" for P-Stream (and all movie-web forks) that adds a more sources that usually yield a better-quality stream!
+
+In simple terms: it acts as a local proxy. Imagine it opens an invisible tab to extract (scrape) the stream from the desired website. The only difference is that the extension can send specific headers, cookies, and is locally based. Some sources have restrictions that block scrapers; the extension helps us bypass that, such as IP restrictions, where the stream needs to be loaded on the same IP that it was originally scraped from.
+
+In more complex terms: It uses the declarativeNetRequest API to connect to third party sites and fetch their html content. Because browsers have Cross Origin Resource Security (CORS) that protects sites from fetching content from other sites, a proxy is needed. This extension acts as a local proxy to bypass CORS and fetch the content.
+
+During the onboarding process (/onboarding) the user can select between 3 options:
+- Extension - This gives the user the most sources —sometimes with the best quality. (This extension)
+- Custom Proxy - The user can host their own remote proxy on a service like Netlify to bypass restrictions, however, it can't do everything the extension can.
+- Default Setup - This is the default and requires no user action, just pick it and watch. The site comes with default proxies already configured. The downsides are you are sharing bandwidth with other users and there are fewer sources.
+
+### Why does the extension ask to "Access Data on All Sites"?
+- This project (movie-web) is designed to be 100% self-hostable and is completely open-source. Hard coding a set list of sites that it asks for permission would prevent the extension from working on self-hosted sites. The user would need to edit the code to manually add their site to the permission list.
+- Because we scrape from many sites, it would be tedious to allow every site.
+
+## Safety
+- It's **not required** to use P-Stream, it's entirely optional. 
+- It doesn't track the user in any way or send data to any site besides the site you intend to use it with.
+- **All of the code is open-source and anyone can inspect it.** 
+- The extension **must** be enabled on a per site basis, otherwise the connecting site cannot talk to the extension (using runtime.sendMessage). 
+> Previously offical sites were hardcoded to automatically be enabled on, but due to concerns about how this could be abused, that has been removed. **We do not believe this was ever exploited.**
+
+### Will this ever work with Safari?
+TL:DR: No, Apple's restrictions make it impossible currently.
+
+1. Problem's with WebKit’s declarativeNetRequest API:
+The extension is a local CORS proxy used to change request headers so we can scrape content. However, WebKit’s implementation is “incomplete”… Half of the headers that we need to change, simply don’t work because Apple has blacklisted many, and some are simply half-baked. https://bugs.webkit.org/show_bug.cgi?id=290922
+
+2. Orion (A Webkit browser with extension support) had 2 issues: 
+Firstly, Orion is using WebKit’s DNR API, which is the main problem. Technically it’s possible for them to use Firefox’s for example, but it hasn’t been done yet. Secondly, the runtime.sendMessage API is currently broken in Orion. So the extension literally cannot talk to the website and vice verca. 
+https://orionfeedback.org/d/8053-extensions-support-for-declarativenetrequest-redirects/11
+
+These can both be fixed, and I’m surprised WebKit’s APIs are so under-baked but it is what it is. 
 
 ## Running for development
 
@@ -10,3 +46,13 @@ We use pnpm with the latest version of NodeJS.
 pnpm i
 pnpm dev
 ```
+
+## Building for production
+
+```sh
+pnpm i
+pnpm build
+or
+pnpm build:firefox
+```
+

manifest.json

@@ -1,12 +1,14 @@
 {
-   "manifest_version": 3,
-   "name": "sudo-flix extension",
-   "optional_host_permissions": [ "\u003Call_urls>" ],
-   "permissions": [ "storage", "declarativeNetRequest", "activeTab", "cookies" ],
-   "update_url": "https://clients2.google.com/service/update2/crx",
-   "version": "1.1.4",
-   "web_accessible_resources": [ {
-      "matches": [ "\u003Call_urls>" ],
-      "resources": [ "assets/active.png", "assets/inactive.png" ]
-   } ]
+  "manifest_version": 3,
+  "name": "P-Stream extension",
+  "optional_host_permissions": ["\u003Call_urls>"],
+  "permissions": ["storage", "declarativeNetRequest", "activeTab", "cookies"],
+  "update_url": "https://clients2.google.com/service/update2/crx",
+  "version": "${version}",
+  "web_accessible_resources": [
+    {
+      "matches": ["\u003Call_urls>"],
+      "resources": ["assets/active.png", "assets/inactive.png"]
+    }
+  ]
 }

package.json

@@ -1,45 +1,46 @@
 {
-  "name": "@movie-web/extension",
-  "displayName": "movie-web extension",
-  "version": "1.1.4",
-  "description": "Enhance your movie-web experience with just one click",
-  "author": "movie-web",
+  "name": "@p-stream/extension",
+  "displayName": "P-Stream extension",
+  "version": "1.3.7",
+  "description": "Enhance your streaming experience with just one click",
+  "author": "P-Stream",
   "scripts": {
     "dev": "plasmo dev",
     "build": "plasmo build",
     "build:firefox": "plasmo build --target=firefox-mv3",
     "package": "plasmo package",
-    "package:firefox": "plasmo package --target=firefox-mv3",
+    "package:firefox": "npm run build:firefox && plasmo package --target=firefox-mv3 && mv build/firefox-mv3-prod.zip build/firefox-mv3-prod.xpi",
     "lint": "eslint --ext .tsx,.ts src",
     "lint:fix": "eslint --fix --ext .tsx,.ts src",
     "lint:report": "eslint --ext .tsx,.ts --output-file eslint_report.json --format json src",
     "preinstall": "npx -y only-allow pnpm"
   },
   "dependencies": {
-    "@plasmohq/messaging": "^0.6.1",
-    "@plasmohq/storage": "^1.9.0",
-    "plasmo": "0.84.0",
-    "react": "18.2.0",
-    "react-dom": "18.2.0"
+    "@plasmohq/messaging": "^0.7.2",
+    "@plasmohq/storage": "^1.15.0",
+    "react": "19.2.0",
+    "react-dom": "19.2.0",
+    "sharp": "^0.34.5"
   },
   "devDependencies": {
-    "@types/chrome": "0.0.251",
-    "@types/firefox-webext-browser": "^120.0.0",
-    "@types/node": "20.9.0",
-    "@types/react": "18.2.37",
-    "@types/react-dom": "18.2.15",
-    "@typescript-eslint/eslint-plugin": "^6.15.0",
-    "@typescript-eslint/parser": "^6.15.0",
-    "eslint": "^8.56.0",
+    "@types/chrome": "0.1.27",
+    "@types/firefox-webext-browser": "^120.0.5",
+    "@types/node": "24.10.0",
+    "@types/react": "19.2.2",
+    "@types/react-dom": "19.2.2",
+    "@typescript-eslint/eslint-plugin": "^8.46.3",
+    "@typescript-eslint/parser": "^8.46.3",
+    "eslint": "^8.57.1",
     "eslint-config-airbnb": "^19.0.4",
-    "eslint-config-prettier": "^9.1.0",
-    "eslint-import-resolver-typescript": "^3.6.1",
-    "eslint-plugin-import": "^2.29.1",
-    "eslint-plugin-prettier": "^5.1.1",
-    "eslint-plugin-react": "^7.33.2",
-    "eslint-plugin-react-hooks": "^4.6.0",
-    "prettier": "3.0.3",
-    "typescript": "5.2.2"
+    "eslint-config-prettier": "^10.1.8",
+    "eslint-import-resolver-typescript": "^3.10.1",
+    "eslint-plugin-import": "^2.32.0",
+    "eslint-plugin-prettier": "^5.5.4",
+    "eslint-plugin-react": "^7.37.5",
+    "eslint-plugin-react-hooks": "^7.0.1",
+    "plasmo": "0.90.5",
+    "prettier": "3.6.2",
+    "typescript": "5.9.3"
   },
   "manifest": {
     "permissions": [
@@ -52,10 +53,24 @@
     ],
     "browser_specific_settings": {
       "gecko": {
-        "id": "{3fd86354-c73f-4395-9e26-2c5c984579bf}"
+        "id": "{e613be14-63c3-4bd9-8a4a-502c12bcf201}",
+        "data_collection_permissions": {
+          "required": [
+            "browsingActivity",
+            "authenticationInfo",
+            "websiteContent"
+          ]
+        }
       },
       "gecko_android": {
-        "id": "{3fd86354-c73f-4395-9e26-2c5c984579bf}"
+        "id": "{e613be14-63c3-4bd9-8a4a-502c12bcf201}",
+        "data_collection_permissions": {
+          "required": [
+            "browsingActivity",
+            "authenticationInfo",
+            "websiteContent"
+          ]
+        }
       }
     },
     "web_accessible_resources": [

pnpm-workspace.yaml

@@ -0,0 +1,8 @@
+onlyBuiltDependencies:
+  - '@parcel/watcher'
+  - '@swc/core'
+  - esbuild
+  - lmdb
+  - msgpackr-extract
+  - sharp
+  - unrs-resolver

src/Popup.css

@@ -1,9 +1,8 @@
 @import url("./font.css");
 
 html {
-  min-height: 300px;
-  min-width: 300px;
-  height: 100%;
+  height: 300px;
+  width: 300px;
 }
 
 body {
@@ -18,11 +17,14 @@ body {
   height: 100%;
   width: 100%;
   display: flex;
+  flex-direction: column;
   justify-content: center;
   align-items: center;
+  padding: 20px;
+  box-sizing: border-box;
 }
 
 #__plasmo {
   height: 100%;
-  background-color: #0a0a10;
+  background-color: #0a0a0a;
 }

src/background/messages/makeRequest.ts

@@ -5,7 +5,7 @@ import type { BaseResponse } from '~types/response';
 import { removeDynamicRules, setDynamicRules } from '~utils/declarativeNetRequest';
 import { isFirefox } from '~utils/extension';
 import { makeFullUrl } from '~utils/fetcher';
-import { assertDomainWhitelist } from '~utils/storage';
+import { assertDomainWhitelist, canAccessCookies } from '~utils/storage';
 
 const MAKE_REQUEST_DYNAMIC_RULE = 23498;
 
@@ -60,6 +60,12 @@ const handler: PlasmoMessaging.MessageHandler<Request, Response<any>> = async (r
       ruleId: MAKE_REQUEST_DYNAMIC_RULE,
       targetDomains: [new URL(url).hostname],
       requestHeaders: req.body.headers,
+      // set Access-Control-Allow-Credentials if the reqested host has access to cookies
+      responseHeaders: {
+        ...(canAccessCookies(new URL(url).hostname) && {
+          'Access-Control-Allow-Credentials': 'true',
+        }),
+      },
     });
 
     const response = await fetch(url, {
@@ -84,7 +90,10 @@ const handler: PlasmoMessaging.MessageHandler<Request, Response<any>> = async (r
         statusCode: response.status,
         headers: {
           ...Object.fromEntries(response.headers.entries()),
-          'Set-Cookie': cookies.map((cookie) => `${cookie.name}=${cookie.value}`).join(', '),
+          // include cookies if allowed for the reqested host
+          ...(canAccessCookies(new URL(url).hostname) && {
+            'Set-Cookie': cookies.map((cookie) => `${cookie.name}=${cookie.value}`).join(', '),
+          }),
         },
         body,
         finalUrl: response.url,

src/background/messages/prepareStream.ts

@@ -3,7 +3,7 @@ import type { PlasmoMessaging } from '@plasmohq/messaging';
 import type { BaseRequest } from '~types/request';
 import type { BaseResponse } from '~types/response';
 import { setDynamicRules } from '~utils/declarativeNetRequest';
-import { assertDomainWhitelist } from '~utils/storage';
+import { assertDomainWhitelist, modifiableResponseHeaders } from '~utils/storage';
 
 interface Request extends BaseRequest {
   ruleId: number;
@@ -18,6 +18,17 @@ const handler: PlasmoMessaging.MessageHandler<Request, BaseResponse> = async (re
     if (!req.sender?.tab?.url) throw new Error('No tab URL found in the request.');
     if (!req.body) throw new Error('No request body found in the request.');
 
+    // restrict what response headers can be modified
+    req.body.responseHeaders = Object.keys(req.body.responseHeaders ?? {})
+      .filter((key) => modifiableResponseHeaders.includes(key.toLowerCase()))
+      .reduce(
+        (obj, key) => {
+          obj[key] = (req.body?.responseHeaders ?? {})[key];
+          return obj;
+        },
+        {} as Record<string, string>,
+      );
+
     await assertDomainWhitelist(req.sender.tab.url);
     await setDynamicRules(req.body);
     res.send({

src/components/BottomLabel.css

@@ -18,6 +18,16 @@
   font-size: 14px;
 }
 
+.github-link {
+  color: #4A4863;
+  text-decoration: none;
+  transition: opacity 0.2s ease;
+}
+
+.github-link:hover {
+  text-decoration: underline;
+}
+
 .dot {
   width: 3px;
   height: 3px;

src/components/BottomLabel.tsx

@@ -8,7 +8,11 @@ export function BottomLabel() {
     <h3 className="bottom-label">
       {version}
       <div className="dot" />
-      movie-web
+      P-Stream
+      <div className="dot" />
+      <a href="https://github.com/p-stream/extension" target="_blank" rel="noopener noreferrer" className="github-link">
+        Github ↗
+      </a>
     </h3>
   );
 }

src/components/Button.css

@@ -21,21 +21,21 @@
 }
 
 .button.button-secondary {
-  background-color: #222033;
-  color: white;
+  background-color: hsl(240 3.7% 15.9%);
+  color: hsl(0 0% 98%);
 }
 
 .button.button-secondary:hover {
-  background-color: #2c2941;
-  color: white;
+  background-color: hsl(240 3.7% 15.9%/.8);
+  color: hsl(0 0% 98%);
 }
 
 .button.button-primary {
-  background-color: #4F328A;
-  color: white;
+  background-color: hsl(0 0% 98%);
+  color: hsl(240 5.9% 10%);
 }
 
 .button.button-primary:hover {
-  background-color: #5E3F9D;
-  color: white;
-}
+  background-color: hsl(0 0% 98%/.9);
+  color: hsl(240 5.9% 10%);
+}

src/components/DisabledScreen.tsx

@@ -8,7 +8,7 @@ export function DisabledScreen() {
         <Icon name="warningCircle" />
       </div>
       <p>
-        The <strong>movie-web extension</strong> can not be used on this page
+        The <strong>P-Stream extension</strong> can not be used on this page
       </p>
     </div>
   );

src/components/Frame.css

@@ -1,6 +1,6 @@
 .frame {
   height: 100%;
   width: 100%;
-  background-color: #0a080e;
-  background-image: radial-gradient(271.48% 132.05% at 136.13% 65.62%, #271945b3 0%, #1c1c2c00 100%), radial-gradient(671.15% 123.02% at 76.68% -34.38%, #272753 0%, #17172000 100%);
+  background-color: #0a0a0a;
+  /* background-image: radial-gradient(271.48% 132.05% at 136.13% 65.62%, #271945b3 0%, #1c1c2c00 100%), radial-gradient(671.15% 123.02% at 76.68% -34.38%, #272753 0%, #17172000 100%); */
 }

src/components/Icon.tsx

@@ -5,7 +5,7 @@ const icons = {
   cookie: `<svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" fill="currentColor" viewBox="0 0 512 512"><!--!Font Awesome Free 6.5.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free Copyright 2024 Fonticons, Inc.--><path d="M247.2 17c-22.1-3.1-44.6 .9-64.4 11.4l-74 39.5C89.1 78.4 73.2 94.9 63.4 115L26.7 190.6c-9.8 20.1-13 42.9-9.1 64.9l14.5 82.8c3.9 22.1 14.6 42.3 30.7 57.9l60.3 58.4c16.1 15.6 36.6 25.6 58.7 28.7l83 11.7c22.1 3.1 44.6-.9 64.4-11.4l74-39.5c19.7-10.5 35.6-27 45.4-47.2l36.7-75.5c9.8-20.1 13-42.9 9.1-64.9l-14.6-82.8c-3.9-22.1-14.6-42.3-30.7-57.9L388.9 57.5c-16.1-15.6-36.6-25.6-58.7-28.7L247.2 17zM208 144a32 32 0 1 1 0 64 32 32 0 1 1 0-64zM144 336a32 32 0 1 1 64 0 32 32 0 1 1 -64 0zm224-64a32 32 0 1 1 0 64 32 32 0 1 1 0-64z"/></svg>`,
   windows: `<svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" fill="currentColor" viewBox="0 0 512 512"><!--!Font Awesome Free 6.5.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free Copyright 2024 Fonticons, Inc.--><path d="M432 64H208c-8.8 0-16 7.2-16 16V96H128V80c0-44.2 35.8-80 80-80H432c44.2 0 80 35.8 80 80V304c0 44.2-35.8 80-80 80H416V320h16c8.8 0 16-7.2 16-16V80c0-8.8-7.2-16-16-16zM0 192c0-35.3 28.7-64 64-64H320c35.3 0 64 28.7 64 64V448c0 35.3-28.7 64-64 64H64c-35.3 0-64-28.7-64-64V192zm64 32c0 17.7 14.3 32 32 32H288c17.7 0 32-14.3 32-32s-14.3-32-32-32H96c-17.7 0-32 14.3-32 32z"/></svg>`,
   shield: `<svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" fill="currentColor" viewBox="0 0 512 512"><!--!Font Awesome Free 6.5.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free Copyright 2024 Fonticons, Inc.--><path d="M269.4 2.9C265.2 1 260.7 0 256 0s-9.2 1-13.4 2.9L54.3 82.8c-22 9.3-38.4 31-38.3 57.2c.5 99.2 41.3 280.7 213.6 363.2c16.7 8 36.1 8 52.8 0C454.7 420.7 495.5 239.2 496 140c.1-26.2-16.3-47.9-38.3-57.2L269.4 2.9zM160 154.4c0-5.8 4.7-10.4 10.4-10.4h.2c3.4 0 6.5 1.6 8.5 4.3l40 53.3c3 4 7.8 6.4 12.8 6.4h48c5 0 9.8-2.4 12.8-6.4l40-53.3c2-2.7 5.2-4.3 8.5-4.3h.2c5.8 0 10.4 4.7 10.4 10.4V272c0 53-43 96-96 96s-96-43-96-96V154.4zM216 288a16 16 0 1 0 0-32 16 16 0 1 0 0 32zm96-16a16 16 0 1 0 -32 0 16 16 0 1 0 32 0z"/></svg>`,
-  logo: `<svg width="1em" height="1em" viewBox="0 0 12 12" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M11.2254 4.95486L10.5285 5.65174L9.83162 4.95486L10.5285 4.25799L7.7414 1.4709L7.04453 2.16777L6.34766 1.4709L7.04453 0.774022L6.34766 0.0771484L0.0761918 6.34861L0.773066 7.04549L1.46994 6.34861L2.16681 7.04549L1.46994 7.74236L4.25743 10.5299L4.95431 9.83298L5.65118 10.5299L4.95431 11.2267L5.65118 11.9236L11.9226 5.65214L11.2254 4.95486ZM2.86529 6.35021L2.16681 5.65174L2.86369 4.95487L3.56056 5.65174L2.86529 6.35021ZM4.25904 4.95647L3.56056 4.25799L4.25703 3.56152L4.95391 4.25839L4.25904 4.95647ZM5.65278 3.56272L4.95431 2.86424L5.65078 2.16777L6.34766 2.86464L5.65278 3.56272ZM6.34766 9.83258L5.65078 9.13571L6.34766 8.43883L7.04453 9.13571L6.34766 9.83258ZM7.7414 8.43883L7.04453 7.74196L7.741 7.04549L8.43788 7.74236L7.7414 8.43883ZM9.13515 7.04509L8.43828 6.34821L9.13475 5.65174L9.83162 6.34861L9.13515 7.04509Z" fill="currentColor"/></svg>`,
+  logo: `<svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 20.927 20.927" preserveAspectRatio="xMidYMid meet"><g transform="translate(0,20.927) scale(0.003333,-0.003333)" fill="currentColor" stroke="none"><path d="M3910 5527 c-33 -4 -145 -17 -250 -28 -645 -73 -900 -187 -900 -405 l0 -89 154 -2 c209 -2 225 -17 381 -354 186 -399 337 -491 557 -341 103 70 176 67 252 -9 143 -142 -15 -342 -320 -404 l-123 -25 185 -393 c101 -217 189 -396 194 -398 6 -3 87 6 182 20 499 71 1160 -296 972 -541 -77 -101 -183 -100 -307 2 -186 154 -407 223 -610 188 -123 -21 -119 -9 -80 -274 40 -273 18 -701 -48 -916 -25 -82 252 -99 463 -28 655 220 1146 748 1330 1430 44 165 46 201 53 1206 l8 1035 -67 66 c-185 183 -1376 336 -2026 260z m1078 -1219 c118 -81 204 -84 312 -10 239 163 453 -73 240 -265 -241 -218 -703 -178 -832 71 -93 179 105 323 280 204z"/><path d="M2410 4591 c-950 -201 -2404 -1015 -2409 -1348 -1 -69 771 -1707 885 -1878 422 -633 1185 -984 1924 -886 221 29 293 68 482 264 575 594 727 1466 390 2232 -231 525 -749 1600 -785 1630 -57 48 -214 44 -487 -14z m579 -1122 c114 -54 145 -188 64 -281 -48 -56 -60 -58 -265 -47 -102 6 -177 -42 -229 -143 -95 -187 -339 -145 -339 57 0 291 482 550 769 414z m-1319 -630 c215 -106 85 -350 -173 -326 -144 13 -209 -21 -270 -140 -102 -197 -381 -119 -339 94 59 295 506 508 782 372z m1472 -577 c216 -217 -287 -789 -786 -895 -473 -100 -909 127 -654 341 71 60 93 62 226 22 348 -106 739 77 903 423 83 177 201 218 311 109z"/></g></svg>`,
   network: `<svg width="1em" height="1em" xmlns="http://www.w3.org/2000/svg" fill="currentColor" viewBox="0 0 640 512"><!--!Font Awesome Free 6.5.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free Copyright 2024 Fonticons, Inc.--><path d="M256 64H384v64H256V64zM240 0c-26.5 0-48 21.5-48 48v96c0 26.5 21.5 48 48 48h48v32H32c-17.7 0-32 14.3-32 32s14.3 32 32 32h96v32H80c-26.5 0-48 21.5-48 48v96c0 26.5 21.5 48 48 48H240c26.5 0 48-21.5 48-48V368c0-26.5-21.5-48-48-48H192V288H448v32H400c-26.5 0-48 21.5-48 48v96c0 26.5 21.5 48 48 48H560c26.5 0 48-21.5 48-48V368c0-26.5-21.5-48-48-48H512V288h96c17.7 0 32-14.3 32-32s-14.3-32-32-32H352V192h48c26.5 0 48-21.5 48-48V48c0-26.5-21.5-48-48-48H240zM96 448V384H224v64H96zm320-64H544v64H416V384z"/></svg>`,
 };
 

src/components/SetupScreen.css

@@ -28,12 +28,12 @@
 }
 
 .setup-screen .icon {
-  background-color: #0b0b1b77;
-  color: #945DCC;
+  /* background-color: #0b0b1b77; */
+  color: #8288FE;
   height: 40px;
-  font-size: 20px;
-  width: 40px;
-  border-radius: 9999px;
+  font-size: 40px;
+  /* width: 40px; */
+  /* border-radius: 9999px; */
   display: flex;
   justify-content: center;
   align-items: center;

src/components/SetupScreen.tsx

@@ -18,7 +18,7 @@ export function SetupScreen() {
         <div className="icon">
           <Icon name="logo" />
         </div>
-        <h1 className="title">Let&apos;s get this set up!</h1>
+        <h1 className="title">Let&apos;s get things configured.</h1>
         <p className="paragraph" style={{ paddingBottom: 25, paddingTop: 10 }}>
           To get started, we need to setup some things first. Click the button below to continue.
         </p>

src/font.css

@@ -2,14 +2,14 @@
   font-family: "Inter";
   font-style: normal;
   font-weight: 400;
-  src: url(data-base64:~assets/inter/regular.ttf);
+  src: url(data-base64:../assets/inter/regular.ttf);
 }
 
 @font-face {
   font-family: "Inter";
   font-style: bold;
   font-weight: 700;
-  src: url(data-base64:~assets/inter/bold.ttf);
+  src: url(data-base64:../assets/inter/bold.ttf);
 }
 
 body, html {

src/tabs/PermissionGrant.css

@@ -14,7 +14,7 @@ body {
   display: flex;
   flex-direction: column;
   height: 100%;
-  background-color: #0A0A10;
+  background-color: #0a0a0a;
 }
 
 .container.permission-grant {

src/tabs/PermissionRequest.css

@@ -5,7 +5,7 @@ html {
 }
 
 body {
-  background-color: #0A0A10;
+  background-color: #0a0a0a;
   color: white;
   padding-bottom: 50px;
 }
@@ -85,7 +85,7 @@ body {
 }
 
 .permission-request .card.purple, .permission-request .card.purple .icon-circle {
-  border-color: #49277C;
+  border-color: hsl(0 0% 98%);
 }
 
 .permission-request .card.purple .icon-circle {

src/tabs/PermissionRequest.tsx

@@ -32,7 +32,7 @@ export default function PermissionRequest() {
           We need some <br /> browser permissions
         </h1>
         <p className="text-color paragraph">
-          We don&apos;t like it either, but the movie-web extension needs quite a few permissions to function. Listed
+          We don&apos;t like it either, but the P-Stream extension needs quite a few permissions to function. Listed
           below is an explanation for all permissions we need.
         </p>
 
@@ -41,7 +41,7 @@ export default function PermissionRequest() {
             purple
             icon={<Icon name="github" />}
             right={
-              <Button type="secondary" href="https://github.com/movie-web/extension">
+              <Button type="secondary" href="https://github.com/p-stream/extension">
                 Read source code
               </Button>
             }
@@ -66,8 +66,8 @@ export default function PermissionRequest() {
             <h3>Network Requests</h3>
             <p className="text-color paragraph">
               This permission allows the extension to instruct the browser how to request data from sites. In more
-              technical terms, this allows movie-web to modify HTTP headers that it wouldn&apos;t normally be allowed
-              to.
+              technical terms, this allows P-Stream, movie-web, sudo-flix, watch.lonelil.ru, etc to modify HTTP headers
+              that it wouldn&apos;t normally be allowed to.
             </p>
             <p className="text-color paragraph">
               You won&apos;t be prompted for this permission, it&apos;s included in “Read & change data from all sites”.

src/types/request.ts

@@ -1 +1,2 @@
+// eslint-disable-next-line @typescript-eslint/no-empty-object-type
 export interface BaseRequest {}

src/utils/declarativeNetRequest.ts

@@ -56,11 +56,6 @@ export const setDynamicRules = async (body: DynamicRule) => {
                 operation: chrome.declarativeNetRequest.HeaderOperation.SET,
                 value: '*',
               },
-              {
-                header: 'Access-Control-Allow-Credentials',
-                operation: chrome.declarativeNetRequest.HeaderOperation.SET,
-                value: 'true',
-              },
               ...mapHeadersToDeclarativeNetRequestHeaders(
                 body.responseHeaders ?? {},
                 chrome.declarativeNetRequest.HeaderOperation.SET,
@@ -104,11 +99,6 @@ export const setDynamicRules = async (body: DynamicRule) => {
                 operation: 'set',
                 value: '*',
               },
-              {
-                header: 'Access-Control-Allow-Credentials',
-                operation: 'set',
-                value: 'true',
-              },
               ...mapHeadersToDeclarativeNetRequestHeaders(body.responseHeaders ?? {}, 'set'),
             ],
           },

src/utils/storage.ts

@@ -3,16 +3,32 @@ import { useStorage } from '@plasmohq/storage/hook';
 
 import { makeUrlIntoDomain } from '~utils/domains';
 
-export const DEFAULT_DOMAIN_WHITELIST = [
-  'mw.lonelil.ru',
-  'watch.qtchaos.de',
-  'bmov.app',
-  'bmov.vercel.app',
-  'stream.thehairy.me',
-  'scootydooter.vercel.app',
-  'movie-web-me.vercel.app',
+export const DEFAULT_DOMAIN_WHITELIST = [];
+
+export const modifiableResponseHeaders = [
+  'access-control-allow-origin',
+  'access-control-allow-methods',
+  'access-control-allow-headers',
+  'content-security-policy',
+  'content-security-policy-report-only',
+  'content-disposition',
 ];
 
+const hostsWithCookiesAccess: RegExp[] = [
+  /^(?:.*\.)?ee3\.me$/,
+  /^(?:.*\.)?rips\.cc$/,
+  /^(?:.*\.)?m4ufree\.(?:tv|to|pw)$/,
+  /^(?:.*\.)?goojara\.to$/,
+  /^(?:.*\.)?levidia\.ch$/,
+  /^(?:.*\.)?wootly\.ch$/,
+  /^(?:.*\.)?multimovies\.(?:sbs|online|cloud)$/,
+];
+
+export function canAccessCookies(host: string): boolean {
+  if (hostsWithCookiesAccess.some((regex) => regex.test(host))) return true;
+  return false;
+}
+
 export const storage = new Storage();
 
 const getDomainWhiteList = async () => {