Open Bug 1758306 Opened 11 months ago Updated 2 months ago

Handle <all_urls> used as an API permissions in MV3 properly


(WebExtensions :: General, enhancement, P2)



(Not tracked)


(Reporter: zombie, Assigned: zombie)


(Blocks 1 open bug)


(Whiteboard: [addons-jira])

Unfortunately, we treat <all_urls> as an API permission as well, and those cases will need special handling for bug 1745818.

No longer blocks: 1745818
Depends on: 1745818
Assignee: nobody → tomica
Severity: -- → N/A
Priority: -- → P2
Whiteboard: [addons-jira]
Blocks: 1711787

It seems we only have a few uses of <all_urls> as an API permission left:

I plan to stop adding it to the api permissions, and instead change the existing checks to origin permissions checks.

Other uses:

I think that it's fine to drop the first and third use of <all_urls>, and at most keep the second for extension documents (not content scripts given the efforts at bug 1578405).

Why is it fine to drop canvas support?

Flags: needinfo?(rob)
You need to log in before you can comment on or make changes to this bug.