Remove support for INJECT_JS_PLUGIN and INJECT_JS_MODULE_PLUGIN

Content Security Policy for extensions does not allow injecting
arbitrary JS.

We have considered passing a list of URLs from the extension to the
web app instead, but that is non-trivial to do, because they also
cannot access the `window` object of each other. The extension could
add an element to the DOM and set an attribute on that. The web app
would then read the attribute and load those plugins instead of the
ones listed in the server config. Apart from adding complexity the
disadvantage is that the web app would have to be changed, and thus
you could not use the concept for existing open source servers.

There is a trivial workaround though: You can just redirect an exsiting
plugin to your new plugin. Every Gerrit server typically has a plugin
that can be replaced during development, so this is not much of a
limitation.

Google-Bug-Id: b/317481553
Release-Notes: Remove INJECT_JS_PLUGIN and INJECT_JS_MODULE_PLUGIN
Change-Id: If954960ad56aba5595c6ec029ce8211fcb6ec5b0
diff --git a/README.md b/README.md
index 6d89456..073b06c 100644
--- a/README.md
+++ b/README.md
@@ -55,31 +55,24 @@
 The extension comes with a set of [default rules](./data/rules.json),
 but you can change the rules by clicking the extension icon again.
 
-The extension supports six different type of rules:
+The extension supports different type of rules:
 
 1. block: block a certain request
 2. redirect: redirect a url to another url
 3. injectHtmlCode: inject a piece of html code to the page
-4. injectJsPlugin: inject a js plugin(url) to the site
-5. injectJsModule: inject a js module file to the site (type="module" will be added when load script)
-6. addReqHeader: to add arbitrary header when you send a request
-7. addRespHeader: to add arbitrary header when you receive a request
-8. rRespHeader: to remove arbitrary header on any response
-
-The option to inject any plugins (`injectJsPlugin`) is meant to help you develop your plugins for your Gerrit sites. As they are served from your local HTTP server, you do not need to deploy them on the target Gerrit server.
+4. addReqHeader: to add arbitrary header when you send a request
+5. addRespHeader: to add arbitrary header when you receive a request
+6. rRespHeader: to remove arbitrary header on any response
 
 #### How to use dev helper with js plugins
 
-For single-file js plugins, use `injectJsPlugin` rule or use `redirect` if it is an exising js plugin.
+For existing plugins just `redirect` from the where the plugin is normally loaded from to
+`http://localhost:8081/plugins/my-plugin.js` and put your local plugin file into the
+`polygerrit-ui/app/plugins` folder.
 
-For multi-file modularized js plugins (you have import / export in source code), you have two options:
-
-1. compile them and then treat it as single-file js plugin
-2. or if you want to load source code as it is
-
-- use `injectJsModule`, this will load the js with `type="module"`, and due to restriction of `type="module"`, Gerrit won't be able to recognize the plugin without a proper url set when calling `Gerrit.install`, so you also need to tweak your code to call `Gerrit.install(callback, undefined, 'http://localhost:8081/plugins_/checks/gr-checks/gr-checks.js')` to let Gerrit treat it as a legit plugin.
-
-Either way, you need to `block` the existing plugin if its already on the page.
+For new plugins you also have to use a `redirect` rule, because the Chrome extension is not allowed
+to inject JavaScript from arbitrary source by Content Security Policy. The easiest option is to
+pick the most simple or irrelevant plugin that your Gerrit server has, and redirect from that.
 
 ### Testing a new version
 
diff --git a/data/rules.json b/data/rules.json
index 3f95919..5b9a279 100644
--- a/data/rules.json
+++ b/data/rules.json
@@ -12,16 +12,10 @@
     "destination": "http://localhost:8081/styles/"
   },
   {
-    "destination": "http://localhost:8081/existing-plugin.js",
+    "destination": "http://localhost:8081/my-plugin.js",
     "disabled": true,
     "operator": "redirect",
-    "target": "https://cdn.googlesource.com/polygerrit_assets/.*/plugins/.*/existing-plugin.js"
-  },
-  {
-    "destination": "http://localhost:8081/my-new-plugin.js",
-    "disabled": true,
-    "operator": "injectJSPlugin",
-    "target": ""
+    "target": "https://cdn.googlesource.com/polygerrit_assets/.*/plugins/.*/my-plugin.js"
   },
   {
     "disabled": false,
diff --git a/package.json b/package.json
index 44752f1..9a3ef46 100644
--- a/package.json
+++ b/package.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.0.2",
+  "version": "1.1.0",
   "name": "gerrit-fe-dev-helper",
   "license": "MIT",
   "dependencies": {
diff --git a/release-notes.md b/release-notes.md
index 61e6852..8f3d3d2 100644
--- a/release-notes.md
+++ b/release-notes.md
@@ -1,5 +1,10 @@
 ## v1
 
+#### v1.1.0
+
+- Remove support for INJECT_JS_PLUGIN and INJECT_JS_MODULE_PLUGIN.
+  Content Security Policy for extensions does not allow injecting arbitrary JS.
+
 #### v1.0.2
 
 - Fix injecting JS plugins, remove webcomponents-lite.js
diff --git a/src/content_script.ts b/src/content_script.ts
index 60e6c85..66c3bba 100644
--- a/src/content_script.ts
+++ b/src/content_script.ts
@@ -73,21 +73,6 @@
         link.setAttribute('href', rule.destination);
         document.head.appendChild(link);
       });
-    } else if (rule.operator === Operator.INJECT_JS_PLUGIN) {
-      onGerritReady().then(() => {
-        const link = document.createElement('script');
-        link.setAttribute('src', rule.destination);
-        link.setAttribute('crossorigin', 'anonymous');
-        document.head.appendChild(link);
-      });
-    } else if (rule.operator === Operator.INJECT_JS_MODULE_PLUGIN) {
-      onGerritReady().then(() => {
-        const link = document.createElement('script');
-        link.setAttribute('type', 'module');
-        link.setAttribute('src', rule.destination);
-        link.setAttribute('crossorigin', 'anonymous');
-        document.head.appendChild(link);
-      });
     } else if (rule.operator === Operator.INJECT_EXP) {
       const exps = getUrlParameter('experiment');
       const hasSearchString = !!window.location.search;
diff --git a/src/manifest.json b/src/manifest.json
index 7c4f816..d19c663 100644
--- a/src/manifest.json
+++ b/src/manifest.json
@@ -2,7 +2,7 @@
   "manifest_version": 3,
   "name": "Gerrit FE Dev Helper",
   "description": "This extension can help you development on Gerrit sites, frontend specifically",
-  "version": "1.0.2",
+  "version": "1.1.0",
   "action": {
     "default_icon": "gray-32.png",
     "default_title": "Gerrit FE Dev Helper"
diff --git a/src/popup.ts b/src/popup.ts
index 2d737d0..c832a9b 100644
--- a/src/popup.ts
+++ b/src/popup.ts
@@ -315,8 +315,6 @@
     Operator.REDIRECT,
     Operator.INJECT_CSS,
     Operator.INJECT_HTML_CODE,
-    Operator.INJECT_JS_PLUGIN,
-    Operator.INJECT_JS_MODULE_PLUGIN,
     Operator.INJECT_EXP,
     Operator.ADD_REQUEST_HEADER,
     Operator.ADD_RESPONSE_HEADER,
diff --git a/src/utils.ts b/src/utils.ts
index 50d739f..0616565 100644
--- a/src/utils.ts
+++ b/src/utils.ts
@@ -21,8 +21,6 @@
 export function isInjectRule(rule: Rule) {
   return [
     Operator.INJECT_CSS,
-    Operator.INJECT_JS_MODULE_PLUGIN,
-    Operator.INJECT_JS_PLUGIN,
     Operator.INJECT_HTML_CODE,
     Operator.INJECT_EXP,
   ].some(op => op === rule.operator);
@@ -134,8 +132,6 @@
   REDIRECT = 'redirect',
   INJECT_CSS = 'injectCss',
   INJECT_HTML_CODE = 'injectHtmlCode',
-  INJECT_JS_PLUGIN = 'injectJSPlugin',
-  INJECT_JS_MODULE_PLUGIN = 'injectJSModule',
   REMOVE_RESPONSE_HEADER = 'rRespHeader',
   ADD_RESPONSE_HEADER = 'addRespHeader',
   ADD_REQUEST_HEADER = 'addReqHeader',