Closed Bug 1373434 Opened 7 years ago Closed 7 years ago

Web extensions on update prompt for permissions even if they have <all_urls>

Categories

(WebExtensions :: General, enhancement, P2)

Product:
WebExtensions
Component:
General
Version:
55 Branch
Platform:
x86_64
Linux
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1331769

People

(Reporter: jkt, Unassigned)

References

Details

(Whiteboard: triaged)

Attachments

(1 file)

Selection_691.png
50.78 KB, image/png
Details
Attached image Selection_691.png 
I was just prompted by Privacy Badger on update of their extension for access to twitter.com despite them already having content scripts for <all_url>.

It looks like on update we are not checking if the extension already has a superset of the URLs already being increased in the update.

Attached is the prompt I saw. As mentioned on IRC Bug 1350277 is the reason the request is listed twice so ignore that.


Aswan mentioned:

    if you have something (eg a regular permission) that uses <all_urls> and something else more specific (eg a content script on a specific host or domain), we suppress the individual host/domain since it is covered by all_urls
    but in the case of an update, we don't check host permissions against the existing host permissions.

https://dpaste.de/y0Pn is a copy of the current Privacy Badger manifest.
Priority: -- → P2
Whiteboard: triaged
I just had a user complaining about Google Search link fix extension requesting access to 200 domains on update - the update replaced http://* and https://* by a list of all Google domains. Luckily, this change was implemented while the permission prompt wasn't in the stable Firefox release yet...
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Product: Toolkit → WebExtensions
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: