The extension YouTube Downloader v1.2 updated 2 days ago and users are reporting new security software detections. The main change in the background script is the addition of the following. It seems to remove various protective headers in the response. There doesn’t seem to be a change log entry explaining why this is necessary for video downloading. Does it seem sketchy to anyone else?
chrome.webRequest.onHeadersReceived.addListener(
function (t) {
return {
responseHeaders: t.responseHeaders.filter(function (t) {
return "content-security-policy" !== t.name.toLowerCase() && "frame-options" !== t.name.toLowerCase() && "x-frame-options" !== t.name.toLowerCase()
})
};
}, {
urls: ["<all_urls>"],
types: ["main_frame", "sub_frame"]
}, ["blocking", "responseHeaders"]
);
The other notable change was adding a sizzle.js file with this header:
/*!
* Sizzle CSS Selector Engine v1.1.2
* https://sizzlejs.com/
This doesn’t appear to be a standard version?
Could be related to this one discussed a year ago: https://www.reddit.com/r/firefox/comments/8jcubq/is_it_ok_for_addon_with_47k_users_to_inject/dyyox4v/