Fix #12345 - Inject provider for MV3 via app-init

app/manifest/v3/_base.json

@@ -47,6 +47,7 @@
   ],
   "default_locale": "en",
   "description": "__MSG_appDescription__",
+  "host_permissions": ["file://*/*", "http://*/*", "https://*/*"],
   "icons": {
     "16": "images/icon-16.png",
     "19": "images/icon-19.png",
@@ -61,6 +62,7 @@
   "name": "__MSG_appName__",
   "permissions": [
     "storage",
+    "scripting",
     "unlimitedStorage",
     "clipboardWrite",
     "http://localhost:8545/",

app/scripts/app-init.js

@@ -126,3 +126,18 @@ chrome.runtime.onMessage.addListener(() => {
   importAllScripts();
   return false;
 });
+
+/*
+ * This content script is injected programmatically because
+ * MAIN world injection does not work properly via manifest
+ * https://bugs.chromium.org/p/chromium/issues/detail?id=634381
+ */
+chrome.scripting.registerContentScripts([
+  {
+    id: 'inpage',
+    matches: ['file://*/*', 'http://*/*', 'https://*/*'],
+    js: ['inpage.js'],
+    runAt: 'document_start',
+    world: 'MAIN',
+  },
+]);

app/scripts/contentscript.js

@@ -41,7 +41,9 @@ if (
 ) {
   setupPhishingStream();
 } else if (shouldInjectProvider()) {
-  injectScript(inpageBundle);
+  if (!isManifestV3()) {
+    injectScript(inpageBundle);
+  }
   setupStreams();
 }
 
@@ -55,12 +57,7 @@ function injectScript(content) {
     const container = document.head || document.documentElement;
     const scriptTag = document.createElement('script');
     scriptTag.setAttribute('async', 'false');
-    // Inline scripts do not work in MV3 due to more strict security policy
-    if (isManifestV3()) {
-      scriptTag.setAttribute('src', browser.runtime.getURL('inpage.js'));
-    } else {
-      scriptTag.textContent = content;
-    }
+    scriptTag.textContent = content;
     container.insertBefore(scriptTag, container.children[0]);
     container.removeChild(scriptTag);
   } catch (error) {