Closed Bug 1810753 Opened 1 year ago Closed 11 months ago

[DNR] Prevent DNR from affecting requests from other extensions by default

Categories

(WebExtensions :: Request Handling, task, P2)

task
Points:
1

Tracking

(firefox113 fixed)

RESOLVED FIXED
113 Branch
Tracking Status
firefox113 --- fixed

People

(Reporter: robwu, Assigned: robwu)

References

Details

(Keywords: dev-doc-complete, Whiteboard: [addons-jira][wecg])

Attachments

(3 files)

Currently, our declarativeNetRequest implementation allows extensions to block or upgrade requests from other extensions when an extension has the declarativeNetRequest permission (not when it only has the declarativeNetRequestWithHostAccess). In contrast, the webRequest API does not offer that capability. The ability to block requests from other extensions was added to DNR because Chromium does a similar thing. We are however not fully convinced in the desirability of allowing extensions to block requests from other extensions, so we should disable the behavior by default.

We verify that behavior in a bunch of unit tests, including:

In terms of implementation, there are multiple approaches:

Severity: -- → N/A
Priority: -- → P2

(In reply to Rob Wu [:robwu] from comment #0)

The ability to block requests from other extensions was added to DNR because Chromium does a similar thing. We are however not fully convinced in the desirability of allowing extensions to block requests from other extensions, so we should disable the behavior by default.

Recently a bug was filed in Chromium about this: https://bugs.chromium.org/p/chromium/issues/detail?id=1421697

This was also discussed during a WECG meeting today as part of an ad-hoc topic (meeting notes at https://github.com/w3c/webextensions/pull/363), and the general sentiment was that extensions are not expected to alter requests from other extensions.

Whiteboard: [addons-jira] → [addons-jira][wecg]
Blocks: 1825824
Assignee: nobody → rob
Status: NEW → ASSIGNED
Pushed by rob@robwu.nl:
https://hg.mozilla.org/integration/autoland/rev/3208bcb7bb98
Stop applying DNR to requests from other extensions r=rpl
https://hg.mozilla.org/integration/autoland/rev/9d3cf27b1d0c
Add moz-extension: checks for initiator in testMatchOutcome r=rpl
https://hg.mozilla.org/integration/autoland/rev/a05dc9eeb8b8
Add test for downloads API + DNR r=rpl
Regressions: 1825953
Regressions: 1825955
No longer regressions: 1825955
Status: ASSIGNED → RESOLVED
Closed: 11 months ago
Resolution: --- → FIXED
Target Milestone: --- → 113 Branch
No longer regressions: 1825953
See Also: → 1826651
You need to log in before you can comment on or make changes to this bug.