Closed Bug 1345474 Opened 8 years ago Closed 6 years ago

Support incognito permission "not_allowed"

Categories

(WebExtensions :: General, enhancement, P1)

enhancement

Tracking

(firefox66 fixed)

RESOLVED FIXED
mozilla66
Tracking Status
firefox66 --- fixed

People

(Reporter: erikvvold, Assigned: mixedpuppy)

References

(Blocks 2 open bugs)

Details

(Keywords: dev-doc-complete, Whiteboard: triaged)

Attachments

(10 files, 2 obsolete files)

46 bytes, text/x-phabricator-request
Details | Review
46 bytes, text/x-phabricator-request
Details | Review
46 bytes, text/x-phabricator-request
Details | Review
46 bytes, text/x-phabricator-request
Details | Review
46 bytes, text/x-phabricator-request
Details | Review
46 bytes, text/x-phabricator-request
Details | Review
47 bytes, text/x-phabricator-request
Details | Review
47 bytes, text/x-phabricator-request
Details | Review
47 bytes, text/x-phabricator-request
Details | Review
47 bytes, text/x-phabricator-request
Details | Review
So far it appears that the only mode supported is "spanning" as described here: https://developer.chrome.com/extensions/manifest/incognito#spanning

"not_allowed" is not supported..
Priority: -- → P3
Whiteboard: triaged
webextensions: --- → ?
webextensions: ? → ---
Andym, Screenshots would like to be able to use 'spanning eventually. Should i file a separate bug or simply update the title here?
Flags: needinfo?(amckay)
I don't think we have a bigger private browsing bug yet. I would file another bug make it a tracker and block this particular part of the API on that bug... and then file a request for spanning as well :)
Flags: needinfo?(amckay)
Blocks: 1380812
No longer blocks: 1380812
Blocks: 1460738
Product: Toolkit → WebExtensions
No longer blocks: webext-incognito
Bug 1345474 - Check incognito access for content scripts

Bug 1345474 - protect access to base window and tab classes

Bug 1345474 - Check incognito access for tabs api

Bug 1345474 - Check incognito access for windows api
Attachment #9003486 - Attachment is obsolete: true
Depends on D3702
Looking for feedback on direction before proceeding further, not looking for code review.

Patches add:

- not_allowed
- ability to run tests in in one mode (PB or not) 
  - currently background script runs as in spanning mode
- policy checking for
  - content scripts
  - tabs api
  - windows api

Notes:

"incognitoMode" in the first patch may be removed later in favor of policy-only values.
event handling is potentially onerous, may look at moving to eventmanager
APIs need to be individually checked
Each API needs review and updated with access checks
May add pref-off and land interim work so others can help 

Would like to know:

Anyone see a better way to implement the access checks in the apis/events?
Kris, how does the policy changes look to you?
Assignee: nobody → mixedpuppy
Attachment #9003507 - Attachment is obsolete: true
Priority: P3 → P1
Depends on: 1486274
No longer depends on: 1486274
See Also: → 1513220
See Also: → 1512353
Pushed by mixedpuppy@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/ae6af51f926f
Add policy flags to support incognito settings r=rpl,kmag
https://hg.mozilla.org/integration/autoland/rev/4dd4dc96ab00
Check incognito access for content scripts r=rpl
https://hg.mozilla.org/integration/autoland/rev/692f949c68ee
protect access to base window and tab classes r=rpl
https://hg.mozilla.org/integration/autoland/rev/192488fbd1a8
Check incognito access for tabs api r=rpl
https://hg.mozilla.org/integration/autoland/rev/971e9c783d75
Check incognito access for windows api r=rpl
https://hg.mozilla.org/integration/autoland/rev/2dec84de93b8
Check incognito access for webRequest api r=kmag
https://hg.mozilla.org/integration/autoland/rev/43b66faad595
support showInPrivateBrowsing in browserAction, r=rpl
https://hg.mozilla.org/integration/autoland/rev/4d887e5467d0
Check incognito access for cookies api, r=rpl
https://hg.mozilla.org/integration/autoland/rev/acbcbc1e09ad
Check incognito access for theme api, r=rpl
https://hg.mozilla.org/integration/autoland/rev/1f6a5ab63089
Check incognito access for webNavigation api, r=rpl
Flags: qe-verify-
Depends on: 1514673
Depends on: 1513936

Is this hidden behind a pref? If I try to load an extension with "incognito": "not_allowed" on Nightly, it tells me that it's invalid.

(In reply to quasicomputational from comment #28)

Is this hidden behind a pref? If I try to load an extension with "incognito": "not_allowed" on Nightly, it tells me that it's invalid.

You cannot use it yet, not until bug 1511636 lands. Then there is a pref to flip to enable it.

The manifest key is already documented and I added a note that the default behavior is to not allow an extension to work in a private window or tab. I described the changes in more detail in bug 1511636

Flags: needinfo?(mixedpuppy)

(In reply to Irene Smith from comment #30)

The manifest key is already documented and I added a note that the default behavior is to not allow an extension to work in a private window or tab. I described the changes in more detail in bug 1511636

The pref should not be documented (and is documented incorrectly). Also, "split" is not supported and that should be highlighted on the page.

https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/incognito

Flags: needinfo?(mixedpuppy) → needinfo?(ismith)

I removed the note about the preference. The BCD at the bottom of the page says that split is not supported but I also added a comment at the end of the description of split that says it is not supported in Firefox.

Flags: needinfo?(ismith)
Regressions: 1618439
No longer regressions: 1618439
See Also: → 1618439
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: