Open Bug 1765828 Opened 4 years ago Updated 12 days ago

Fix permission strings for file:// and other non-host origins

Categories

(Toolkit :: Add-ons Manager, defect, P3)

defect

Tracking

()

People

(Reporter: zombie, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [addons-jira])

Currently the file://*/* origin permission gets the same permission string as <all_urls>, which while better than nothing, is far from ideal, and unusable for optional permissions.

Similarly for about:*, resource:// and other non-host origins, though since they're only allowed in privileged addons, we could decide to not even show them.

Other option is to stop using the descriptive permission strings and just show origins/match patterns in optional origins.

Whiteboard: [addons-jira]

In Chrome file:-access is opt in, and the presence of the file permission reveals a checkbox where the iser can grant access to local files, even through fetch/XHR.

In Firefox, file permissions only unlock content script access. Extensions cannot open file:-URLs on their own, nor fetch file:-URLs.

I wouldn't mind making file access opt-in too. That would also be a way to address this bug.

(In reply to Tomislav Jovanovic :zombie from comment #0)

Other option is to stop using the descriptive permission strings and just show origins/match patterns in optional origins.

Relatedly: https://phabricator.services.mozilla.com/D144070#inline-795446

Severity: -- → S3
Priority: -- → P3
See Also: → 1756758
See Also: → 1778461
Blocks: 1777354
See Also: → 1849765

A permission string for file access is being introduced in bug 2034168, visible in about:addons. This would enable us to stop using the general permission string of <all_urls>.

Bug 2034168 added the string, but did not yet change the behavior of granting permissions. The permission prompt still shows the message for <all_urls> even if only file://*/* was requested. Before bug 2034168, the permission item did not even appear in about:addons, but with the patch, an entry will show up in the optional permissions section.

Note: If we decide to drop file:-permissions from the install prompt, then we should consistently do the same in update comparisons. Right now we ignore the scheme (i.e. consider file:-permissions) when comparing permissions in comparePermissions, but if the decision is to drop file:-permissions from permission prompts, then we should also ignore file:-permissions there. The effect is fewer scary permissions, but also prevents extensions from upgrading from a silent file://*/* to <all_urls>.

Depends on: 2034168
Blocks: 2051082
You need to log in before you can comment on or make changes to this bug.