Right now, the only practical way to achieve this (say for bug 1637329) is to manually manage the string prefs in about:config (
urlclassifier.features.socialtracking.skipURLs). This is of course very fragile, and also requires "taking over" the content-blocking of the urls if they are only meant to be whitelisted in some circumstances.
Ideally, a web-extension API along these lines would be preferable:
browser.trackingProtection.whitelist(urls, hosts, duration)
urls would be a set/array of standard web extension match-patterns
hosts (optional) would key the whitelisting only for a certain set of hosts
- this keys against the hostname of the top-level frame, not of the frame making the request (consider third-party login popups)
- support for wildcards like
www.google.* would be very helpful
- an ability to specify hosts as not being whitelisted would also be very helpful (
duration could be one of:
- for the current browsing session only (the default).
- only on one tab until the user navigates away (perhaps by passing in a
- permanently (on the user's profile, in case users wish a specific whtielisting to be permanent)
Another useful parameter to consider would be which features to whitelist for (social tracking, regular tracking, fingerprinting, etc). This could allow us to manage quick exceptions for specific sites (for the sake of webcompat) more easily.
Initially it would suffice to have such an API accessible to JS chrome, and only with the
urls parameter. But since the addon in bug 1637329 would need to manage the
duration parameters itself in that case, a matching API to
dewhitelist(urls) would be required as well.
Additionally, if several addons/features wish to use this API, they may clash when trying to
dewhitelist a URL, so it would be good to key the call on a GUID or feature name if it's a chrome-only API (or the addon's ID, if it's an addon calling the API).