I understand your concern. I think "access to much information" means this extension require <all_url> host_permission, which I don't want to either but it must.
Because custom AI provider's API base url is submit by user. If I want to call the API on background script, this base url must be listed on host_permissions. Otherwise it will cause a CORS problem.
optional_host_permissions may fix this problem, but since the base url is set by user, it's not possible to use this workaround.
djyde|11 months ago
Because custom AI provider's API base url is submit by user. If I want to call the API on background script, this base url must be listed on host_permissions. Otherwise it will cause a CORS problem.
optional_host_permissions may fix this problem, but since the base url is set by user, it's not possible to use this workaround.
Any suggestion?
tough|11 months ago
if that works for you/your privacy-aware customer they can inspect the code/build it/ run their own version