I just took a quick look at how this is doing its thing, and if I'm not mistaken -- and please correct me if I am -- isn't this sending sensitive information to your server?
When you activate this via the contextual menu item, it POSTs a query to app.native-video.com with just the video page's URL to get a list of header modification rules and a new URL to use them on. (Security concern there too.) The rules are temporarily injected using `declarativeNetRequest.updateDynamicRules` and then the browser is instructed to make a request to the new URL. It then sends the response (headers, body, and URL) it gets back to app.native-video.com. Rinse and repeat until it gets a direct URL to the video.
If I have that correct, the response data would contain boat loads of private information.
Fails hard to explain WTF it actually does. Would be cool if it would use AI to filter out sponsor segments or YouTube video that are actually part of the video. I doubt that is so at least explain what it does.
7 comments
[ 0.19 ms ] story [ 21.3 ms ] threadTop right menu button doesn’t work on iPhone SE 2020.
When you activate this via the contextual menu item, it POSTs a query to app.native-video.com with just the video page's URL to get a list of header modification rules and a new URL to use them on. (Security concern there too.) The rules are temporarily injected using `declarativeNetRequest.updateDynamicRules` and then the browser is instructed to make a request to the new URL. It then sends the response (headers, body, and URL) it gets back to app.native-video.com. Rinse and repeat until it gets a direct URL to the video.
If I have that correct, the response data would contain boat loads of private information.