From 6c1c19984a49b38e4c360a885af0293d207093df Mon Sep 17 00:00:00 2001
From: hackademix <giorgio@maone.net>
Date: Thu, 21 Nov 2024 01:29:29 +0100
Subject: [PATCH] Make "Temporarily set top-level sites to TRUSTED" work on
 Manifest V3 (issue #388).

---
 src/bg/RequestGuard.js |  4 ++--
 src/bg/main.js         | 20 ++++++++++++++------
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js
index d901dc0..964dbf2 100644
--- a/src/bg/RequestGuard.js
+++ b/src/bg/RequestGuard.js
@@ -817,9 +817,9 @@
     }
   };
 
-  function injectPolicyScript(details) {
+  async function injectPolicyScript(details) {
     const {url, tabId, frameId} = details;
-    const domPolicy = ns.computeChildPolicy({url}, {tab: {id: tabId}, frameId});
+    const domPolicy = await ns.computeChildPolicy({url}, {tab: {id: tabId}, frameId});
     domPolicy.navigationURL = url;
     const callback = "ns_setupCallback";
     if (DocStartInjection.mv3Callbacks) {
diff --git a/src/bg/main.js b/src/bg/main.js
index 84511ff..1f5e766 100644
--- a/src/bg/main.js
+++ b/src/bg/main.js
@@ -200,7 +200,7 @@
 
     async fetchChildPolicy({url, contextUrl}, sender) {
       await ns.initializing;
-      return ns.computeChildPolicy(...arguments);
+      return await ns.computeChildPolicy(...arguments);
     },
 
     async openStandalonePopup(tab) {
@@ -305,7 +305,7 @@
       return !this.isEnforced(request.tabId) || this.policy.can(request.url, capability, this.policyContext(request));
     },
 
-    computeChildPolicy({url, contextUrl}, sender) {
+    async computeChildPolicy({url, contextUrl}, sender) {
       let {tab} = sender;
       let policy = ns.policy;
       const {isTorBrowser} = ns.local;
@@ -322,7 +322,8 @@
 
       const tabId = tab ? tab.id : -1;
       let topUrl;
-      if (sender.frameId === 0) {
+      const isTop = sender.frameId === 0;
+      if (isTop) {
         topUrl = url;
       } else if (tab) {
         if (!tab.url) tab = TabCache.get(tabId);
@@ -338,9 +339,16 @@
       let permissions, unrestricted, cascaded;
       if (policy) {
         let perms = policy.get(url, contextUrl).perms;
-        cascaded = topUrl && ns.sync.cascadeRestrictions;
-        if (cascaded) {
-          perms = policy.cascadeRestrictions(perms, topUrl);
+        if (isTop) {
+          if (policy.autoAllowTop && perms === policy.DEFAULT) {
+            policy.set(Sites.optimalKey(url), perms = policy.TRUSTED.tempTwin);
+            await RequestGuard.DNRPolicy?.update();
+          }
+        } else {
+          cascaded = topUrl && ns.sync.cascadeRestrictions;
+          if (cascaded) {
+            perms = policy.cascadeRestrictions(perms, topUrl);
+          }
         }
         permissions = perms.dry();
       } else {