Closed Bug 1396032 Opened 7 years ago Closed 7 years ago

Webextension permissions UI should respect an existing content script all-websites match pattern over new specific-site match patterns

Categories

(WebExtensions :: General, defect)

Product:
WebExtensions
Component:
General
Version:
55 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1350277

People

(Reporter: matthew_powers, Unassigned)

Details

(Whiteboard: [design-decision-needed]) 

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36

Steps to reproduce:

1. create a webextension with declarative content script with all-website match pattern in manifest like: 

"content_scripts": 
[
  {"matches": [""], "all_frames": true, "run_at":"document_end", "js": ["somescript.js"]
  }
]

2. install the webextension in FF

3. create an update to this webextension with a new declarative content script with specific-site match pattern in manifest like:

"content_scripts": 
[
  {"matches": [""], "all_frames": true, "run_at":"document_end", "js": ["somescript.js"]
  },
  {"matches": ["https://bugzilla.mozilla.org"], "all_frames": true, "run_at":"document_end", "js": ["somescript2.js"]
  }
]

4. Install the updated extension in FF, causing it to evaluate if extension update has new permissions.


Actual results:

2. Firefox shows a install permissions confirmation UI saying:

"Add extension XYZ?

It requires your permission to:

* Access your data for all websites
"

4. Firefox shows a new permissions confirmation UI saying:

"Extension XYZ has been updated....

It requires your permission to:

* Access your data for bugzilla.mozilla.org
"


Expected results:

2. same as actual result - that's OK behavior

4. no permission UI shown

Reasoning: the existing permission consent given for "access your data for all websites" at time of install should supersede the new specific-site permission.

As an extension developer, we know the initial consideration is the major one - the decision to trust the extension to access data across all websites.

We would prefer to not spook users with new specific site warnings and risk them uninstalling the extension by not understanding the permission dialog despite the new permission being no greater than what was already granted to the extension.
Version: 53 Branch → 55 Branch
Component: Untriaged → Add-ons Manager
Product: Firefox → Toolkit
Component: Add-ons Manager → WebExtensions: General
Whiteboard: [design-decision-needed]
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Product: Toolkit → WebExtensions
You need to log in before you can comment on or make changes to this bug.