Open Bug 1362809 Opened 8 years ago Updated 1 year ago

URLs with ports should either be rejected as "matches" patterns, or be matched properly

Categories

(WebExtensions :: Compatibility, enhancement, P5)

Product:
WebExtensions
Component:
Compatibility
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: mstange, Unassigned)

References

Details

(Keywords: dev-doc-complete, Whiteboard: triaged)

Attachments

(1 file)

matchport.xpi
938 bytes, application/x-xpinstall
Details
I had this piece of code in my manifest.json: "content_scripts": [ { "all_frames": false, "js": ["content.js"], "matches": ["http://localhost:4242/*"], "run_at": "document_start" } ], But the content script was not loaded in my http://localhost:4242/ tabs. It only started being loaded after I removed the ":4242" part from the match pattern. If ports are not supported in the match pattern syntax, then they should be rejected with an error message.
For reference: just tested this in Chrome. The behavior there is that the port is allowed and works correctly. A permission of "http://localhost:4242/*" will not work at "http://localhost4241".
Priority: -- → P5
Whiteboard: triaged
This also affect APIs that use match patterns, such as the webRequest API. Ports in URLs are not uncommon, so the expectations with regards to ports in match patterns should be documented at [1]. It is quite surprising that with an explicit port present, the match pattern stops matching anything in Firefox. Note that Chrome has not documented anything about ports in [2], but as stated in comment 1, "the port is allowed and works correctly". [1] https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns [2] https://developer.chrome.com/extensions/match_patterns
Component: WebExtensions: General → WebExtensions: Compatibility
Keywords: dev-doc-needed
Attached file matchport.xpi
I care about this, for making Greasemonkey work as users expect ( https://github.com/greasemonkey/greasemonkey/issues/2673 ). And having a reason for it would be useful. And I cant guarantee I understand exactly what the words posted above mean. So: Install attached extension. Run e.g. `python -m SimpleHTTPServer 1234`, and anything (even an equivalent) to listen on port 80. In Firefox, when navigating to http://localhost/ I get in my console: portfree ran at: Location http://localhost/ portfree.js:1:1 all ran at: Location http://localhost/ all.js:1:1 And when navigating to http://localhost:1234/ I get: portfree ran at: Location http://localhost:1234/ portfree.js:1:1 all ran at: Location http://localhost:1234/ all.js:1:1 The match pattern with a port is ignored. Meanwhile in Chrome, the match pattern which specifies a port is rejected and the extension doesn't load. So remove it, and I get: portfree ran at: Location {href: "http://localhost/", ancestorOrigins: DOMStringList, origin: "http://localhost", replace: ƒ, assign: ƒ, …} all.js:1 all ran at: Location {href: "http://localhost/", ancestorOrigins: DOMStringList, origin: "http://localhost", replace: ƒ, assign: ƒ, …} And again, the same at http://localhost:1234/ (with the right details logged). So match should match regardless of port in the URL. Users should not specify a port in a match pattern.
Product: Toolkit → WebExtensions

Added the following note in the path section of Match patterns in extension manifests:

Note: The path pattern string should not include a port number. Adding a port, as in: "http://localhost:1234/" causes the match pattern to be ignored. However, "http://localhost:1234" will match with "http://localhost/"

Please let me know if I misinterpreted the comments above. Thanks!

Keywords: dev-doc-neededdev-doc-complete
See Also: → 1468162
See Also: → 1350523
Severity: normal → S3
See Also: → 1907619
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: