Overview
- inject.js injected by content.js gets Widevine PSSH by hooking EME.
- background.js fetches POST URLs/Headers
- PSSHs will passed by this route inject.js-->content.js-->background.js-->popup.js
- PSSHs+URLs+Headers will passed by this route background.js-->popup.js
- popup.js will contols UI(popup.html)
- User input into UI
- popup.js calls pywidevine script using pyodide in browser
Why this extension work without input headers/body?
The process of acquiring a key actually requires not only the URL of the license server, but also the headers of the request, as in WKS-Keys and others.
However, in this background script of this extension, those information are recorded together with the URL and stored in an object so that extension can be passed to the back-end Pywidevine via Pyodide to obtain the key without the user having to enter the information themself.
Why this extension can run Python inside web browser?
This extension uses a technology called Webassembly/Pyodide to allow Python scripts to run securely in a web browser sandbox.
What is corsFetch() for?
https://forum.videohelp.com/threads/414140-[Release]-Widevine-L3-Guesser-Extension-Works-in-2024-Firefox-Chrome-All-OS/page17#post2738932