fix: update host_permissions in manifest to match actual backend URLs

[laibulous]

Addressed Issues:

Fixes #636

What changed

Updated host_permissions in extension/public/manifest.json from http://127.0.0.1:8000/* to include http://localhost:5000/* and http://127.0.0.1:5000/*.

Why

The extension's fetch calls across 5 files all target localhost:5000, but the manifest only permitted 127.0.0.1:8000, a different host AND port. Chrome silently blocks requests to unlisted hosts, causing backend calls to fail. Both entries are added because localhost and 127.0.0.1 are treated as distinct hostnames by Chrome, and either may be used depending on the system.

Files verified

• extension/public/manifest.json - fixed here
• extension/public/youtubeContentScript.js - calls localhost:5000
• extension/src/pages/text_input/TextInput.jsx - calls localhost:5000
• extension/src/pages/answer/Answer.jsx - calls localhost:5000
• extension/src/pages/question/Question.jsx - calls localhost:5000
• extension/src/pages/question/SidePanel.jsx - calls localhost:5000

No backend changes required.

Screenshots/Recordings:

No response

Testing

• Verified all 5 fetch call files manually, all target localhost:5000
• Built the extension (npm run build) and loaded unpacked in Chrome
• Confirmed the updated host permissions appear correctly under chrome://extensions → Details → Site access
• Full backend testing not performed locally due to ML model dependencies, but the fix is limited to manifest.json with no logic changes

AI Usage Disclosure:

We encourage contributors to use AI tools responsibly when creating Pull Requests. While AI can be a valuable aid, it is essential to ensure that your contributions meet the task requirements, build successfully, include relevant tests, and pass all linters. Submissions that do not meet these standards may be closed without warning to maintain the quality and integrity of the project. Please take the time to understand the changes you are proposing and their impact. AI slop is strongly discouraged and may lead to banning and blocking. Do not spam our repos with AI slop.

Check one of the checkboxes below:

• This PR does not contain AI-generated code at all.
• This PR contains AI-generated code. I have read the AI Usage Policy and this PR complies with this policy. I have tested the code locally and I am responsible for it.

I have used the following AI models and tools: TODO

Checklist

• My PR addresses a single issue, fixes a single bug or makes a single improvement.
• My code follows the project's code style and conventions
• If applicable, I have made corresponding changes or additions to the documentation
• If applicable, I have made corresponding changes or additions to tests
• My changes generate no new warnings or errors
• I have joined the Discord server and I will share a link to this PR with the project maintainers there
• I have read the Contribution Guidelines
• Once I submit my PR, CodeRabbit AI will automatically review it and I will address CodeRabbit's comments.
• I have filled this PR template completely and carefully, and I understand that my PR may be closed without review otherwise.

Summary by CodeRabbit

• Chores
  • Updated extension host permissions to swap the previous local server origin for the new local addresses (127.0.0.1:5000 and localhost:5000).
  • No other manifest settings were changed.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8c9cbd8c-5025-4af0-aa73-50ae65341f81

📥 Commits

Reviewing files that changed from the base of the PR and between e41059c and e14562f.

📒 Files selected for processing (1)

• extension/public/manifest.json

🚧 Files skipped from review as they are similar to previous changes (1)

• extension/public/manifest.json

---

📝 Walkthrough

Walkthrough

Updated the Chrome extension manifest host_permissions: removed http://127.0.0.1:8000/* and added http://127.0.0.1:5000/* and http://localhost:5000/* to match the backend endpoints the extension calls.

Changes

Cohort / File(s)	Summary
Manifest Configuration extension/public/manifest.json	Replaced http://127.0.0.1:8000/* with http://127.0.0.1:5000/* and added http://localhost:5000/* in host_permissions to align with extension fetch targets.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I hopped through ports, a tiny fix to send,
Swapped eight thousand for five — now requests can mend.
Localhost and 127 join the merry run,
The manifest updated — connectivity won!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: update host_permissions in manifest to match actual backend URLs' accurately and concisely describes the primary change of updating manifest host permissions from port 8000 to port 5000 URLs.
Linked Issues check	✅ Passed	The PR successfully addresses all coding requirements from issue #636: it updates manifest.json host_permissions from http://127.0.0.1:8000/* to http://localhost:5000/* and http://127.0.0.1:5000/*, matching the actual backend URLs called by the extension code.
Out of Scope Changes check	✅ Passed	The PR contains only manifest.json changes directly scoped to fixing the host_permissions mismatch; no unrelated or out-of-scope modifications are present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@extension/public/manifest.json`:
- Around line 14-15: The manifest currently allows "http://127.0.0.1:5000/*" and
"https://localhost:5000/*" but omits "http://localhost:5000/*", causing scheme
mismatch and blocked requests from components like TextInput.jsx, Answer.jsx and
SidePanel.jsx; update extension/public/manifest.json to include
"http://localhost:5000/*" in the host permissions/origins array so the HTTP
scheme for localhost is explicitly allowed and matches the requests from those
components.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e7cbf312-5fc0-475f-a04f-5a5d8d8e860f

📥 Commits

Reviewing files that changed from the base of the PR and between 2038116 and e41059c.

📒 Files selected for processing (1)

• extension/public/manifest.json

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Add http://localhost:5000/* (scheme mismatch currently breaks allowed-origin matching).

Line 15 grants https://localhost:5000/*, but the code calls http://localhost:5000/* (e.g., extension/src/pages/text_input/TextInput.jsx, extension/src/pages/answer/Answer.jsx, extension/src/pages/question/SidePanel.jsx). Because scheme is part of host permission matching, those HTTP requests can still be blocked.

Proposed fix

   "host_permissions": [
     "http://127.0.0.1:5000/*",
-    "https://localhost:5000/*"
+    "http://localhost:5000/*"
   ],

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@extension/public/manifest.json` around lines 14 - 15, The manifest currently
allows "http://127.0.0.1:5000/*" and "https://localhost:5000/*" but omits
"http://localhost:5000/*", causing scheme mismatch and blocked requests from
components like TextInput.jsx, Answer.jsx and SidePanel.jsx; update
extension/public/manifest.json to include "http://localhost:5000/*" in the host
permissions/origins array so the HTTP scheme for localhost is explicitly allowed
and matches the requests from those components.