Closed
Bug 1396032
Opened 7 years ago
Closed 7 years ago
Webextension permissions UI should respect an existing content script all-websites match pattern over new specific-site match patterns
Categories
(WebExtensions :: General, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1350277
People
(Reporter: matthew_powers, Unassigned)
Details
(Whiteboard: [design-decision-needed])
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 Steps to reproduce: 1. create a webextension with declarative content script with all-website match pattern in manifest like: "content_scripts": [ {"matches": [""], "all_frames": true, "run_at":"document_end", "js": ["somescript.js"] } ] 2. install the webextension in FF 3. create an update to this webextension with a new declarative content script with specific-site match pattern in manifest like: "content_scripts": [ {"matches": [""], "all_frames": true, "run_at":"document_end", "js": ["somescript.js"] }, {"matches": ["https://bugzilla.mozilla.org"], "all_frames": true, "run_at":"document_end", "js": ["somescript2.js"] } ] 4. Install the updated extension in FF, causing it to evaluate if extension update has new permissions. Actual results: 2. Firefox shows a install permissions confirmation UI saying: "Add extension XYZ? It requires your permission to: * Access your data for all websites " 4. Firefox shows a new permissions confirmation UI saying: "Extension XYZ has been updated.... It requires your permission to: * Access your data for bugzilla.mozilla.org " Expected results: 2. same as actual result - that's OK behavior 4. no permission UI shown Reasoning: the existing permission consent given for "access your data for all websites" at time of install should supersede the new specific-site permission. As an extension developer, we know the initial consideration is the major one - the decision to trust the extension to access data across all websites. We would prefer to not spook users with new specific site warnings and risk them uninstalling the extension by not understanding the permission dialog despite the new permission being no greater than what was already granted to the extension.
Reporter | ||
Updated•7 years ago
|
Version: 53 Branch → 55 Branch
Updated•7 years ago
|
Component: Add-ons Manager → WebExtensions: General
Whiteboard: [design-decision-needed]
Updated•7 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Updated•6 years ago
|
Product: Toolkit → WebExtensions
You need to log in
before you can comment on or make changes to this bug.
Description
•