[DNR] Prevent DNR from affecting requests from other extensions by default
Categories
(WebExtensions :: Request Handling, task, P2)
Tracking
(firefox113 fixed)
Tracking | Status | |
---|---|---|
firefox113 | --- | fixed |
People
(Reporter: robwu, Assigned: robwu)
References
Details
(Keywords: dev-doc-complete, Whiteboard: [addons-jira][wecg])
Attachments
(3 files)
Currently, our declarativeNetRequest implementation allows extensions to block or upgrade requests from other extensions when an extension has the declarativeNetRequest
permission (not when it only has the declarativeNetRequestWithHostAccess). In contrast, the webRequest API does not offer that capability. The ability to block requests from other extensions was added to DNR because Chromium does a similar thing. We are however not fully convinced in the desirability of allowing extensions to block requests from other extensions, so we should disable the behavior by default.
We verify that behavior in a bunch of unit tests, including:
- https://searchfox.org/mozilla-central/rev/5bcbe6ae54ee5b152f6cef29dc5627ec7c0e1f1e/toolkit/components/extensions/test/xpcshell/test_ext_dnr_without_webrequest.js#129-144
- https://searchfox.org/mozilla-central/rev/5bcbe6ae54ee5b152f6cef29dc5627ec7c0e1f1e/toolkit/components/extensions/test/mochitest/test_ext_dnr_upgradeScheme.html#74,98-103
In terms of implementation, there are multiple approaches:
- We could enforce it at the network level and
testMatchOutcome
, at https://searchfox.org/mozilla-central/rev/5bcbe6ae54ee5b152f6cef29dc5627ec7c0e1f1e/toolkit/components/extensions/ExtensionDNR.sys.mjs#1298 - We could enforce it at the network level only, at https://searchfox.org/mozilla-central/rev/5bcbe6ae54ee5b152f6cef29dc5627ec7c0e1f1e/toolkit/components/extensions/ExtensionDNR.sys.mjs#1507-1521
- For the testMatchOutcome method that is opt in via a pref intended for debugging only, we could either keep the current behavior (i.e. allow extensions to opt in to allowing other extensions to affect their requests), or make the
includeOtherExtensions
flag conditional on the same pref that governs whether extensions are able to modify network requests.
- For the testMatchOutcome method that is opt in via a pref intended for debugging only, we could either keep the current behavior (i.e. allow extensions to opt in to allowing other extensions to affect their requests), or make the
Updated•2 years ago
|
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 1•2 years ago
|
||
(In reply to Rob Wu [:robwu] from comment #0)
The ability to block requests from other extensions was added to DNR because Chromium does a similar thing. We are however not fully convinced in the desirability of allowing extensions to block requests from other extensions, so we should disable the behavior by default.
Recently a bug was filed in Chromium about this: https://bugs.chromium.org/p/chromium/issues/detail?id=1421697
This was also discussed during a WECG meeting today as part of an ad-hoc topic (meeting notes at https://github.com/w3c/webextensions/pull/363), and the general sentiment was that extensions are not expected to alter requests from other extensions.
Assignee | ||
Comment 2•2 years ago
|
||
A dedicated WECG issue has been filed for this: https://github.com/w3c/webextensions/issues/369
Assignee | ||
Comment 3•2 years ago
|
||
Updated•2 years ago
|
Assignee | ||
Comment 4•2 years ago
|
||
Assignee | ||
Comment 5•2 years ago
|
||
Comment 7•2 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/3208bcb7bb98
https://hg.mozilla.org/mozilla-central/rev/9d3cf27b1d0c
https://hg.mozilla.org/mozilla-central/rev/a05dc9eeb8b8
Assignee | ||
Comment 8•2 years ago
|
||
Documented in https://github.com/mdn/content/pull/26189
Description
•