Open
Bug 1392004
Opened 7 years ago
Updated 2 years ago
system connections should be shown in onCompleted
Categories
(WebExtensions :: Request Handling, defect, P5)
Tracking
(Not tracked)
REOPENED
People
(Reporter: pubkeypin, Unassigned)
Details
Attachments
(1 file)
|
1.40 KB,
text/plain
|
Details |
With the help of webextensions firefox users should be able to see, what network traffic is handled by their browser. Currenty system connections (ocsp requests, updates, safebrowsing, telemetry, home phoning pings, favicons, ...) are hidden from webextensions. This is often justified with "security concerns": Extensions with user privileges shouldn't fiddle with browser internal network connections. But this doesn't apply to the "onCompleted" event: Everything is already transmitted, blocking or altering the request is not possible at this stage. Hiding what is going on "behind-the-scene" (a term from uMatrix) is security by obscurity. Some users will feel safer, knowing what the browser is doing on its own, others will take this data to further dig in how to disable some of these features, the majority won't care. But the users should have an easy way to get the information, learn and to base their decisions on facts. Therefore I propose something similar as the attached patch, based on this file and version: https://hg.mozilla.org/mozilla-central/file/a149344cbbf6/toolkit/components/extensions/ext-webRequest.js
|
||
Updated•7 years ago
|
Flags: needinfo?(amckay)
|
|
||
Comment 1•7 years ago
|
||
There is no hiding of those things, Firefox is all open source. But its not our intention to allow WebExtensions to interact with them either. The point of WebExtensions are to interact with web content as outlined: https://wiki.mozilla.org/WebExtensions/Vision This has been discussed in multiple bugs, but see also bug 1384204 and bug 1273138 comment 25.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Flags: needinfo?(amckay)
Resolution: --- → DUPLICATE
(In reply to Andy McKay [:andym] from comment #1) > There is no hiding of those things, Firefox is all open source. The average user, the audience of webextension, most likely doesn't know what (open) source code is, where to find it, how to read and completely understand it in order to extract all sections, where system connections might be created. From their perspective these connections are hidden. A firefox supported webextension can do this work for the user and present the results in a (graphical) way, easier to grasp. > But its not > our intention to allow WebExtensions to interact with them either. This bug doesn't ask for interaction in the sense of blocking, redirecting or editing the request. Only a passive listener, to show the results after everything has happend behind-the-scenes, is the topic in this thread. [...] > This has been discussed in multiple bugs, but see also bug 1384204 I can't recognize bug 1384204 as duplicate. That bug is mainly about firing for events, when action is still possible. The reporter wants to interact with system connections by redirecting them to a vpn. > and bug 1273138 comment 25. bug 1273138 comment 25 exactly says, that such a passive listener might be considered, but in "a different bug". Here is a/the "different bug". Please reopen the bug if appropriate.
Flags: needinfo?(amckay)
|
|
||
Comment 3•7 years ago
|
||
(In reply to pubkeypin from comment #2) > bug 1273138 comment 25 exactly says, that such a passive listener might be > considered, but in "a different bug". Fair enough. You can see these requests in dev tools, being to see them but not block or alter with them in a WebExtension doesn't seem too bad.
Status: RESOLVED → REOPENED
Ever confirmed: true
Flags: needinfo?(amckay)
Resolution: DUPLICATE → ---
|
||
Updated•7 years ago
|
Priority: -- → P5
|
||
Updated•6 years ago
|
Product: Toolkit → WebExtensions
|
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•