Open
Bug 1387695
Opened 8 years ago
Updated 3 years ago
Permission prompt doesn't recognize related domains
Categories
(WebExtensions :: General, defect, P3)
WebExtensions
General
Tracking
(firefox57 affected)
NEW
| Tracking | Status | |
|---|---|---|
| firefox57 | --- | affected |
People
(Reporter: jwkbugzilla, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [permissions])
Attachments
(1 file)
|
414.20 KB,
image/jpeg
|
Details |
show-permissions-in-a-second-level-menu.jpg
Google Search link fix (https://addons.mozilla.org/addon/google-search-link-fix/) requires access to 200 domains. Chrome will sum up them as "all google.com domains, all yandex.com domains and all duckduckgo.com domains". Firefox permission prompt on the other hand doesn't recognize these domains as related and only list three of them, mentioning that there are 197 more without any way of showing them.
|
Reporter | |
Comment 2•8 years ago
|
||
Note that you should test with Google search link fix 1.6.4. As of version 1.6.5, access to all websites is requested on Firefox again - adding a new Google domain in a future update would be quite a disaster otherwise.
|
||
Comment 3•8 years ago
|
||
Looks like Google has a good solution for that.
Forwarding the needinfo to Emanuela as she worked on that.
Flags: needinfo?(mjaritz) → needinfo?(emanuela)
|
|
Reporter | |
Comment 4•8 years ago
|
||
I've found the logic in the Chromium source code here: https://chromium.googlesource.com/chromium/src/+/304b1a2730a592bd161577ede2cc4a50bb6b006d/extensions/common/permissions/permission_message_util.cc#36
So there isn't a hardcoded list of Google domains. Instead, multiple domains are generally being collapsed into one entry if they only differ in the RCD (Registry Controlled Domain, this is Public Suffix in Mozilla's terminology) part. For example, with foo.com, foo.net and foo.info in the list, only foo.com is displayed. When choosing which entry to display, Chromium prioritizes .com over .net over .org over everything else.
Note that this logic isn't purely cosmetic. Determining whether one set of permissions is a superset of another will also call GetDistinctHosts(). This means that adding one more google.whatever domain to the extension's privileges won't trigger a permission prompt on update like it does on Firefox right now.
|
||
Updated•8 years ago
|
Priority: -- → P3
Whiteboard: [permissions]
|
||
Comment 5•8 years ago
|
||
I can see some security issues in apply Chromium's logic.
I'm wondering if we can doing some slightly different:
- Group together all the related domains
- Show the full list of domains in a second level menu
If a new domain is added, we still prompt the notifications. If too many new domains are added, we handle in the same way :)
Flags: needinfo?(emanuela)
|
||
Updated•7 years ago
|
Product: Toolkit → WebExtensions
|
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•