1766026 - Add optional_host_permissions in mv3

Status: NEW

(WebExtensions :: Compatibility, enhancement, P3)

Description

[Tomislav Jovanovic :zombie]

As discussed in https://github.com/w3c/webextensions/issues/119#issuecomment-965799707

There's still a need to separate some host permissions as "wanted" and some as "optional", and treat them differently in the UI. That's why, contrary to Chrome, when I was adding host_permissions support, I kept origins allowed in optional_permissions in mv3.

After that, the issue was raised in the WECG and we agreed on the optional_host_permissions manifest key to solve for this use case.

When we add that, we can deprecate (warn about) using origins in optional_permissions, but it's not a priority to drop it, it's not a costly thing keep supporting for us.

Comment 1

[Rob Wu [:robwu]]

During today's WECG meeting (minutes tentatively under review at https://github.com/w3c/webextensions/pull/239), we agreed that it would make sense to drop support for host permissions in the optional_permissions section, in favor of optional_host_permissions. Safari and Chrome 102+ support optional_host_permissions now, and the cross-browser consensus is to only support host permissions in optional_host_permissions.

Comment 2

[Sébastien Règne]

In Firefox Nightly 109.0a1 (2022-11-14) (64 bits), If you Load this Temporary Add-on...

{
    "manifest_version": 3,
    "name": "Test case",
    "version": "1.0.0",
    "host_permissions": ["https://fr.wikipedia.org/"]
}

Go to Manage Your Extensions > Test case > Permissions. The permission to Wikipedia is in Optional permissions for added functionality. It must be in Required permissions for core functionality.

Comment 3

[Robert Marcano]

Hopefully this is implemented soon, This could help alleviate the bug #1851083 where an extension with activeTab in order to reduce the usage of to broad permissions, gets a blue badge over the action on every website.