From b724eb6df8e8e753b066e744f2b381ca81f06654 Mon Sep 17 00:00:00 2001
From: Aaron Kollasch <aaron@kollasch.dev>
Date: Mon, 23 May 2022 14:15:05 -0400
Subject: [PATCH 1/2] Don't force allowlisted URLs into Google Container

---
 background.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/background.js b/background.js
index 420c7b3..1236760 100644
--- a/background.js
+++ b/background.js
@@ -343,7 +343,8 @@ function shouldContainInto (url, tab) {
     return false;
   }
 
-  let handleUrl = isGoogleURL(url) || (extensionSettings.allowlist.length!=0 && isAllowlistedURL(url));
+  let allowlistUrl = (extensionSettings.allowlist.length!=0 && isAllowlistedURL(url));
+  let handleUrl = isGoogleURL(url) || allowlistUrl;
 
   if (handleUrl && extensionSettings.whitelist.length!=0 && isWhitelistedURL(url)) {
     handleUrl = false;
@@ -380,6 +381,11 @@ function shouldContainInto (url, tab) {
         return false;
       }
 
+      if (allowlistUrl) {
+        // Don't force an allowlisted URL to be in the Google Container
+        return false;
+      }
+
       // Google-URL outside of Google Container Tab
       // Should contain into Google Container
       return googleCookieStoreId;

From 8c7044e01adce5a401f11cf60dc1efecd4a44bf5 Mon Sep 17 00:00:00 2001
From: Aaron Kollasch <aaron@kollasch.dev>
Date: Mon, 23 May 2022 15:30:08 -0400
Subject: [PATCH 2/2] Add a soft-allowlist for URLs allowed in or out of GC

---
 background.js | 36 +++++++++++++++++++++++++++++++-----
 options.html  | 12 +++++++++++-
 options.js    |  2 ++
 3 files changed, 44 insertions(+), 6 deletions(-)

diff --git a/background.js b/background.js
index 1236760..64f6f4d 100644
--- a/background.js
+++ b/background.js
@@ -55,6 +55,7 @@ const googleHostREs = [];
 const youtubeHostREs = [];
 const whitelistedHostREs = [];
 const allowlistedHostREs = [];
+const softAllowlistedHostREs = [];
 
 async function isMACAddonEnabled () {
   try {
@@ -181,13 +182,25 @@ function generateAllowlistedHostREs () {
   }
 }
 
+function generateSoftAllowlistedHostREs () {
+ if (softAllowlistedHostREs.length != 0) {return;}
+  const matchOperatorsRegex = /[|\\{}()[\]^$+*?.-]/g;
+  for (let allowlistedDomain of extensionSettings.soft_allowlist) {
+    allowlistedDomain = allowlistedDomain.replace(matchOperatorsRegex, '\\$&');
+    softAllowlistedHostREs.push(new RegExp(`(^|\\.)${allowlistedDomain}$`));
+  }
+}
+
 async function loadExtensionSettings () {
   extensionSettings = await browser.storage.sync.get();
   if (extensionSettings.whitelist === undefined){
- 	extensionSettings.whitelist = "";
+    extensionSettings.whitelist = "";
   }
   if (extensionSettings.allowlist === undefined){
- 	extensionSettings.allowlist = "";
+    extensionSettings.allowlist = "";
+  }
+  if (extensionSettings.soft_allowlist === undefined){
+    extensionSettings.soft_allowlist = "";
   }
 }
 
@@ -312,6 +325,18 @@ function isAllowlistedURL (url) {
   return false;
 }
 
+function isSoftAllowlistedURL (url) {
+  generateSoftAllowlistedHostREs();
+  const parsedUrl = new URL(url);
+  for (let allowlistedHostRE of softAllowlistedHostREs) {
+    if (allowlistedHostRE.test(parsedUrl.hostname)) {
+      return true;
+    }
+  }
+  return false;
+}
+
+
 function isSearchPageURL (url) {
   const parsedUrl = new URL(url);
   return parsedUrl.pathname.startsWith('/search');
@@ -344,7 +369,8 @@ function shouldContainInto (url, tab) {
   }
 
   let allowlistUrl = (extensionSettings.allowlist.length!=0 && isAllowlistedURL(url));
-  let handleUrl = isGoogleURL(url) || allowlistUrl;
+  let softAllowlistUrl = (extensionSettings.soft_allowlist.length!=0 && isSoftAllowlistedURL(url));
+  let handleUrl = isGoogleURL(url) || allowlistUrl || softAllowlistUrl;
 
   if (handleUrl && extensionSettings.whitelist.length!=0 && isWhitelistedURL(url)) {
     handleUrl = false;
@@ -381,8 +407,8 @@ function shouldContainInto (url, tab) {
         return false;
       }
 
-      if (allowlistUrl) {
-        // Don't force an allowlisted URL to be in the Google Container
+      if (softAllowlistUrl) {
+        // Don't force an soft-allowlisted URL to be in the Google Container
         return false;
       }
 
diff --git a/options.html b/options.html
index 877f854..0386cbc 100644
--- a/options.html
+++ b/options.html
@@ -68,7 +68,17 @@ <h1>Settings</h1>
 				</textarea>
 				<br>
 				Include additional urls in Google Container<br>
-				<em>(Means use Google Container on these additional urls, e.g. for third party SSO or "Log in with Google". Use one url per line.)</em>
+				<em>(Means always use Google Container on these additional urls, e.g. for "Log in with Google". Use one url per line.)</em>
+			</label>
+		</p>
+
+		<p>
+			<label>
+				<textarea id="soft_allowlist" value="" cols="80">
+				</textarea>
+				<br>
+				Allow urls in Google Container<br>
+				<em>(Means allow, but do not force, these urls into the Google Container, e.g. for third party SSO. Use one url per line.)</em>
 			</label>
 		</p>
 
diff --git a/options.js b/options.js
index 4eafd37..53d5328 100644
--- a/options.js
+++ b/options.js
@@ -32,6 +32,7 @@ function onOptionsPageSave(e)
 		"ignore_flights": document.querySelector("#ignore_flights").checked,
 		"dont_override_containers": document.querySelector("#dont_override_containers").checked,
 		"whitelist": validate_list("#whitelist"),
+		"soft_allowlist": validate_list("#soft_allowlist"),
 		"allowlist": validate_list("#allowlist")
 	});
 
@@ -51,6 +52,7 @@ function onOptionsPageLoaded()
 		document.querySelector("#ignore_flights").checked = res.ignore_flights || false;
 		document.querySelector("#dont_override_containers").checked = res.dont_override_containers || false;
 	        fill_list_option(res.whitelist, "#whitelist");
+	        fill_list_option(res.soft_allowlist, "#soft_allowlist");
 	        fill_list_option(res.allowlist, "#allowlist");
 	});
 }