implements getScope correctly

add-on/src/lib/ipfs-proxy/access-control.js

@@ -110,26 +110,20 @@ class AccessControl extends EventEmitter {
     if (!isBoolean(allow)) throw new TypeError('Invalid allow')
 
     return this._writeQ.add(async () => {
-      const matchingScopes = await this._getMatchingScopes(scope)
-
-      for (let matchingScope of matchingScopes) {
-        const allAccess = await this._getAllAccess(matchingScope)
-
-        // Trying to set access for non-wildcard permission, when wildcard
-        // permission is already granted?
-        if (allAccess.has('*') && permission !== '*') {
-          if (allAccess.get('*') === allow) {
-            // Noop if requested access is the same as access for wildcard grant
-            return { scope: matchingScope, permission, allow }
-          } else {
-            // Fail if requested access is the different to access for wildcard grant
-            throw new Error(`Illegal set access for ${permission} when wildcard exists`)
-          }
+      const allAccess = await this._getAllAccess(scope)
+
+      // Trying to set access for non-wildcard permission, when wildcard
+      // permission is already granted?
+      if (allAccess.has('*') && permission !== '*') {
+        if (allAccess.get('*') === allow) {
+          // Noop if requested access is the same as access for wildcard grant
+          return { scope, permission, allow }
+        } else {
+          // Fail if requested access is the different to access for wildcard grant
+          throw new Error(`Illegal set access for ${permission} when wildcard exists`)
         }
       }
 
-      const allAccess = await this._getAllAccess(scope)
-
       // If setting a wildcard permission, remove existing grants
       if (permission === '*') {
         allAccess.clear()

add-on/src/lib/ipfs-proxy/index.js

@@ -20,15 +20,18 @@ function createIpfsProxy (getIpfs, getState) {
   const onPortConnect = (port) => {
     if (port.name !== 'ipfs-proxy') return
 
-    const { origin, pathname } = new URL(port.sender.url)
-    const scope = origin + pathname
+    const getScope = async () => {
+      const tab = await browser.tabs.get(port.sender.tab.id)
+      const { origin, pathname } = new URL(tab.url)
+      return origin + pathname
+    }
 
     const proxy = createProxyServer(getIpfs, {
       addListener: (_, handler) => port.onMessage.addListener(handler),
       removeListener: (_, handler) => port.onMessage.removeListener(handler),
       postMessage: (data) => port.postMessage(data),
       getMessageData: (d) => d,
-      pre: (fnName) => createPreAcl(getState, accessControl, scope, fnName, requestAccess)
+      pre: (fnName) => createPreAcl(getState, accessControl, getScope, fnName, requestAccess)
     })
 
     const close = () => {

add-on/src/lib/ipfs-proxy/pre-acl.js

@@ -5,19 +5,20 @@ const ACL_WHITELIST = Object.freeze(require('./acl-whitelist.json'))
 // Creates a "pre" function that is called prior to calling a real function
 // on the IPFS instance. It will throw if access is denied, and ask the user if
 // no access decision has been made yet.
-function createPreAcl (getState, accessControl, origin, permission, requestAccess) {
+function createPreAcl (getState, accessControl, getScope, permission, requestAccess) {
   return async (...args) => {
     // Check if all access to the IPFS node is disabled
     if (!getState().ipfsProxy) throw new Error('User disabled access to IPFS')
 
     // No need to verify access if permission is on the whitelist
     if (ACL_WHITELIST.includes(permission)) return args
 
-    let access = await accessControl.getAccess(origin, permission)
+    const scope = await getScope()
+    let access = await accessControl.getAccess(scope, permission)
 
     if (!access) {
-      const { allow, wildcard } = await requestAccess(origin, permission)
-      access = await accessControl.setAccess(origin, wildcard ? '*' : permission, allow)
+      const { allow, wildcard } = await requestAccess(scope, permission)
+      access = await accessControl.setAccess(scope, wildcard ? '*' : permission, allow)
     }
 
     if (!access.allow) throw new Error(`User denied access to ${permission}`)