Closed Bug 1473013 Opened 7 years ago Closed 7 years ago

WebRequest API intercept XHR needs host permission of page's domain

Categories

(WebExtensions :: Request Handling, defect)

Product:
WebExtensions
Component:
Request Handling
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: jackyzy823, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36 Steps to reproduce: I want to intercept a XMLHttpRequest to b.com in the page which domain is a.com. I added host permission for "*://*.b.com/*" to manifest.json and created a listener like this: chrome.webRequest.onBeforeRequest.addListener(function(req){ console.log("capture!"); },{urls:["*://*.b.com/blabla*]},["blocking"]); Actual results: It should print "Capture" Expected results: Do nothing.But previous code works correctly in Chrome. After i put host permission for *://*.a.com/* to the manifest.json ,the listener works. So i wonder whether this is a bug or a feature that grants permission strictly?
Sorry that write Actual results and Expected results in wrong place. Actual results: Do nothing and previous code works correctly in Chrome. Expected results: It should print "Capture"
This is intentional. It is documenated at https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/webRequest To intercept resources loaded by a page (such as images, scripts, or stylesheets), the extension must have the host permission for the resource as well as for the main page requesting the resource. For example, if a page at "https://developer.mozilla.org" loads an image from "https://mdn.mozillademos.org", then an extension must have both host permissions if it is to intercept the image request.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.