Closed Bug 1373434 Opened 4 years ago Closed 4 years ago
Web extensions on update prompt for permissions even if they have <all
I was just prompted by Privacy Badger on update of their extension for access to twitter.com despite them already having content scripts for <all_url>. It looks like on update we are not checking if the extension already has a superset of the URLs already being increased in the update. Attached is the prompt I saw. As mentioned on IRC Bug 1350277 is the reason the request is listed twice so ignore that. Aswan mentioned: if you have something (eg a regular permission) that uses <all_urls> and something else more specific (eg a content script on a specific host or domain), we suppress the individual host/domain since it is covered by all_urls but in the case of an update, we don't check host permissions against the existing host permissions. https://dpaste.de/y0Pn is a copy of the current Privacy Badger manifest.
I just had a user complaining about Google Search link fix extension requesting access to 200 domains on update - the update replaced http://* and https://* by a list of all Google domains. Luckily, this change was implemented while the permission prompt wasn't in the stable Firefox release yet...
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1331769
You need to log in before you can comment on or make changes to this bug.