Open
Bug 1766055
Opened 2 years ago
Updated 2 years ago
Prevent granting two different "Access to all your data" optional origin permissions at the same time
Categories
(WebExtensions :: General, defect, P2)
WebExtensions
General
Tracking
(Not tracked)
NEW
People
(Reporter: zombie, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [addons-jira] )
Luca found this while reviewing bug 1745820:
https://phabricator.services.mozilla.com/D144070#inline-796645
When an extension that was granted <all_urls>
optional permission uses the browser.permissions
api to request *://*/*
, it will be granted without prompting because the second is subsumed by the first.
If it does it in the reversed order, it will prompt and can be granted two separate permissions that are both presented to users with the "Access to all your data" permission string.
This can already happen, though invisibly until bug 1745820, which can expose this (rare) state to users, and be confusing.
A solution might be that the permissions api drops the *://*/*
optional permission when <all_urls>
is granted.
Reporter | ||
Updated•2 years ago
|
Whiteboard: [addons-jira]
Reporter | ||
Updated•2 years ago
|
Severity: -- → S3
Priority: -- → P2
Updated•2 years ago
|
Whiteboard: [addons-jira] → [addons-jira]
Updated•2 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•