Open Bug 1897580 Opened 1 year ago Updated 1 year ago

Consider deprecating origins in optional_permissions under mv3

Categories

(WebExtensions :: Compatibility, task, P3)

Product:
WebExtensions
Component:
Compatibility
Type:
task

Tracking

(Not tracked)

People

(Reporter: zombie, Unassigned)

References

Details

(Whiteboard: [design-decision-needed][wecg])

In mv3, Chrome doesn't allow origins in the optional_permissions manifest key. Early on, we decided to keep them as there is value in extensions distinguishing between "requested" (host_permissions) and optional origins. Later on we agreed through wecg to introduce optional_host_permissions for mv3 to cover that use case. Once bug 1766026 is fixed, we can consider deprecating the use of origins in optional_permissions.

Personally I don't see a good reason to do so, it would be just another incompatibility between mv2 and mv3, for no apparent benefit.

See also https://phabricator.services.mozilla.com/D210397?id=862139#inline-1165177.

Summary: Consider deprecating origns in optional_permissions under mv3 → Consider deprecating origins in optional_permissions under mv3

For context, I did previously announce that we would be dropping origin support in optional_permissions when we add support for optional_host_permissions:

Even if we decide to not drop it after all, we could at least consider marking it as deprecated so that extension developers know that they should be using optional_host_permissions instead.

I analyzed public extensions on AMO to estimate the impact of deprecation.

  • 3270 MV3 extensions (out of 38724 public extensions on AMO).
  • 1389 using host_permissions.
  • 162 using optional_permissions.
  • 12 using optional_host_permissions.

Of the 162 with optional_permissions, 37 include <all_urls>. 8 of them list <all_urls> in host_permissions and optional_permissions, 37 do not. Only 3 of them have 1k+ users, including uBlock Origin Lite that has 4k users (and only lists the permission in optional_permissions, not in host_permissions).
Of the 162 with optional_permissions, only 40 contain host permissions that is not all_urls (i.e. containing ://).

So, if we were to drop support for origins in optional_permissions, we would affect 77 MV3 extensions, 11 of which have 1k+ users. The top 11 have 89k users combined, the long tail of 66 extensions have 5.5k users.

In conclusion, if we wanted to, we could deprecate support for origins in optional_permissions, do outreach to update the few extensions that do use origins in optional_permissions, and eventually drop support for it.

Severity: -- → N/A
Priority: -- → P3
Whiteboard: wecg → [design-decision-needed][wecg]

Independently of what Firefox will do, for cross-browser compatibility reasons it would make sense to warn the developer about the use of origins in optional_permissions. I filed an issue in the addons-linter about introducing a warning, at https://github.com/mozilla/addons-linter/issues/5329

You need to log in before you can comment on or make changes to this bug.