Closed
Bug 1373434
Opened 7 years ago
Closed 7 years ago
Web extensions on update prompt for permissions even if they have <all_urls>
Categories
(WebExtensions :: General, enhancement, P2)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1331769
People
(Reporter: jkt, Unassigned)
References
Details
(Whiteboard: triaged)
Attachments
(1 file)
50.78 KB,
image/png
|
Details |
I was just prompted by Privacy Badger on update of their extension for access to twitter.com despite them already having content scripts for <all_url>. It looks like on update we are not checking if the extension already has a superset of the URLs already being increased in the update. Attached is the prompt I saw. As mentioned on IRC Bug 1350277 is the reason the request is listed twice so ignore that. Aswan mentioned: if you have something (eg a regular permission) that uses <all_urls> and something else more specific (eg a content script on a specific host or domain), we suppress the individual host/domain since it is covered by all_urls but in the case of an update, we don't check host permissions against the existing host permissions. https://dpaste.de/y0Pn is a copy of the current Privacy Badger manifest.
Updated•7 years ago
|
Priority: -- → P2
Whiteboard: triaged
Comment 1•7 years ago
|
||
I just had a user complaining about Google Search link fix extension requesting access to 200 domains on update - the update replaced http://* and https://* by a list of all Google domains. Luckily, this change was implemented while the permission prompt wasn't in the stable Firefox release yet...
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Updated•6 years ago
|
Product: Toolkit → WebExtensions
You need to log in
before you can comment on or make changes to this bug.
Description
•