Webextension permissions UI should respect an existing content script all-websites match pattern over new specific-site match patterns

RESOLVED DUPLICATE of bug 1350277

Status

()

Toolkit
WebExtensions: General
RESOLVED DUPLICATE of bug 1350277
3 months ago
3 months ago

People

(Reporter: Matt Powers, Unassigned)

Tracking

55 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [design-decision-needed])

(Reporter)

Description

3 months ago
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36

Steps to reproduce:

1. create a webextension with declarative content script with all-website match pattern in manifest like: 

"content_scripts": 
[
  {"matches": [""], "all_frames": true, "run_at":"document_end", "js": ["somescript.js"]
  }
]

2. install the webextension in FF

3. create an update to this webextension with a new declarative content script with specific-site match pattern in manifest like:

"content_scripts": 
[
  {"matches": [""], "all_frames": true, "run_at":"document_end", "js": ["somescript.js"]
  },
  {"matches": ["https://bugzilla.mozilla.org"], "all_frames": true, "run_at":"document_end", "js": ["somescript2.js"]
  }
]

4. Install the updated extension in FF, causing it to evaluate if extension update has new permissions.


Actual results:

2. Firefox shows a install permissions confirmation UI saying:

"Add extension XYZ?

It requires your permission to:

* Access your data for all websites
"

4. Firefox shows a new permissions confirmation UI saying:

"Extension XYZ has been updated....

It requires your permission to:

* Access your data for bugzilla.mozilla.org
"


Expected results:

2. same as actual result - that's OK behavior

4. no permission UI shown

Reasoning: the existing permission consent given for "access your data for all websites" at time of install should supersede the new specific-site permission.

As an extension developer, we know the initial consideration is the major one - the decision to trust the extension to access data across all websites.

We would prefer to not spook users with new specific site warnings and risk them uninstalling the extension by not understanding the permission dialog despite the new permission being no greater than what was already granted to the extension.
(Reporter)

Updated

3 months ago
Version: 53 Branch → 55 Branch

Updated

3 months ago
Component: Untriaged → Add-ons Manager
Product: Firefox → Toolkit

Updated

3 months ago
Component: Add-ons Manager → WebExtensions: General
Whiteboard: [design-decision-needed]
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 months ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1350277
You need to log in before you can comment on or make changes to this bug.