| ▲ | pyrophane 2 hours ago | |||||||
Here's the most relevant section I could find from the original source: "Chrome extensions can expose internal files to web pages through the web_accessible_resources field in their manifest.json. When an extension is installed and has exposed a resource, a fetch() request to chrome-extension://{id}/{file} will succeed. When the extension is not installed, Chrome blocks the request and the promise rejects. LinkedIn tests every extension in the list this way." | ||||||||
| ▲ | thayne an hour ago | parent [-] | |||||||
It seems like it shouldn't let code originating from the site (as opposed to from the extension) to access that. | ||||||||
| ||||||||