[DNR] Warn/test if declarative_net_request is specified in manifest.json without the declarativeNetRequest or declarativeNetRequestWithHostAccess permission
Categories
(WebExtensions :: Request Handling, enhancement, P3)
Tracking
(Not tracked)
People
(Reporter: robwu, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: dev-doc-needed, Whiteboard: [addons-jira])
When manifest.json contains declarative_net_request
but not the declarativeNetRequest or
declarativeNetRequestWithHostAccess`, then effectively the rules are not applied, because applying the rules requires permissions to do so (documented at https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/declarativeNetRequest#permissions).
To those who don't read the documentation, the silently failing behavior may be surprising. To help with debugging, we should:
- Warn if
declarative_net_request
is specified without the declarativeNetRequest or declarativeNetRequestWithHostAccess permission.- Currently the permission is required, but when it is optional we could also consider checking
optional_permissions
(bug 1827855).
- Currently the permission is required, but when it is optional we could also consider checking
- Optional: if only
declarativeNetRequestWithHostAccess
is specified, and the extension does not have any host permissions, print a warning.- This is particularly relevant for MV3, because we do not grant host permissions by default. And DNR being a declarative API means that the issue is not obvious, other than "I expect a request to be blocked/redirected/etc but it did not happen"
Implementation details:
- The check can be added to
ExtensionDNR.validateManifestEntry
at https://searchfox.org/mozilla-central/rev/ad732108b073742d7324f998c085f459674a6846/toolkit/components/extensions/ExtensionDNR.sys.mjs#2305-2308 - Note that the
ExtensionDNR.validateManifestEntry
only does some validation for debugging purposes. The actual loading is initiated throughExtensionDNR.ensureInitialized
, which only attempts to load rules if the extension has permissions: https://searchfox.org/mozilla-central/rev/ad732108b073742d7324f998c085f459674a6846/toolkit/components/extensions/ExtensionDNR.sys.mjs#2284-2303 - We do not have unit tests for
declarative_net_request
without the permissions. We should add that.
Updated•1 year ago
|
Reporter | ||
Comment 1•1 year ago
|
||
[dev-doc-needed]
While the permission requirement is already mentioned at https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/declarativeNetRequest#permissions, it is not at https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/declarative_net_request .
We should update the manifest.json/declarative_net_request
article to emphasize that the feature requires additional permissions (declarativeNetRequest
or declarativeNetRequestWithHostAccess
):
- While Firefox allows the extension to load, the loaded rules are effectively ignored because applying them requires the permission.
- As mentioned at the bottom of bug 1827855, Chrome currently refuses to load the extension when manifest.json contains declarative_net_request without any of the two permissions. Having the permissions in optional_permissions is not enough.
Reporter | ||
Updated•1 year ago
|
Description
•