When manifest.json contains declarative_net_request but not the declarativeNetRequest ordeclarativeNetRequestWithHostAccess`, then effectively the rules are not applied, because applying the rules requires permissions to do so (documented at https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/declarativeNetRequest#permissions).

To those who don't read the documentation, the silently failing behavior may be surprising. To help with debugging, we should:

• Warn if declarative_net_request is specified without the declarativeNetRequest or declarativeNetRequestWithHostAccess permission.
  • Currently the permission is required, but when it is optional we could also consider checking optional_permissions (bug 1827855).
• Optional: if only declarativeNetRequestWithHostAccess is specified, and the extension does not have any host permissions, print a warning.
  • This is particularly relevant for MV3, because we do not grant host permissions by default. And DNR being a declarative API means that the issue is not obvious, other than "I expect a request to be blocked/redirected/etc but it did not happen"

Implementation details:

• The check can be added to ExtensionDNR.validateManifestEntry at https://searchfox.org/mozilla-central/rev/ad732108b073742d7324f998c085f459674a6846/toolkit/components/extensions/ExtensionDNR.sys.mjs#2305-2308
• Note that the ExtensionDNR.validateManifestEntry only does some validation for debugging purposes. The actual loading is initiated through ExtensionDNR.ensureInitialized, which only attempts to load rules if the extension has permissions: https://searchfox.org/mozilla-central/rev/ad732108b073742d7324f998c085f459674a6846/toolkit/components/extensions/ExtensionDNR.sys.mjs#2284-2303
• We do not have unit tests for declarative_net_request without the permissions. We should add that.

[dev-doc-needed]
While the permission requirement is already mentioned at https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/declarativeNetRequest#permissions, it is not at https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/declarative_net_request .

We should update the manifest.json/declarative_net_request article to emphasize that the feature requires additional permissions (declarativeNetRequest or declarativeNetRequestWithHostAccess):

• While Firefox allows the extension to load, the loaded rules are effectively ignored because applying them requires the permission.
• As mentioned at the bottom of bug 1827855, Chrome currently refuses to load the extension when manifest.json contains declarative_net_request without any of the two permissions. Having the permissions in optional_permissions is not enough.