Handle <all_urls> used as an API permissions in MV3 properly
Categories
(WebExtensions :: General, enhancement, P2)
Tracking
(Not tracked)
People
(Reporter: zombie, Assigned: zombie)
References
(Blocks 1 open bug)
Details
(Whiteboard: [addons-jira])
Unfortunately, we treat <all_urls> as an API permission as well, and those cases will need special handling for bug 1745818.
|
||
Updated•2 years ago
|
|
Assignee | |
Updated•2 years ago
|
|
||
Updated•2 years ago
|
|
|
Assignee | |
Comment 1•2 years ago
|
||
It seems we only have a few uses of <all_urls> as an API permission left:
https://searchfox.org/mozilla-central/search?q=all_urlsPermission
https://searchfox.org/mozilla-central/search?q=all_urls&path=components%2Fextensions%2Fschemas
I plan to stop adding it to the api permissions, and instead change the existing checks to origin permissions checks.
|
||
Comment 2•2 years ago
|
||
Other uses:
drawWindowmethod - https://searchfox.org/mozilla-central/rev/0ffae75b690219858e5a45a39f8759a8aee7b9a2/dom/canvas/CanvasUtils.cpp#290- Reading from canvases - https://searchfox.org/mozilla-central/rev/0ffae75b690219858e5a45a39f8759a8aee7b9a2/dom/html/HTMLCanvasElement.cpp#1166-1167
- Cross-origin info in PerformanceObserver - https://searchfox.org/mozilla-central/rev/0ffae75b690219858e5a45a39f8759a8aee7b9a2/dom/performance/PerformanceResourceTiming.cpp#131-133
I think that it's fine to drop the first and third use of <all_urls>, and at most keep the second for extension documents (not content scripts given the efforts at bug 1578405).
|
|
||
Comment 4•2 years ago
|
||
drawWindow is deprecated (bug 1696976) - https://searchfox.org/mozilla-central/rev/dc09246dfbfd8dafeb6d55ebee18a6294d525443/dom/canvas/CanvasRenderingContext2D.cpp#5147-5150
Description
•