Closed
Bug 1330590
Opened 8 years ago
Closed 8 years ago
Create option to view/change/disallow in WebExtensions all http-request of FireFox
Categories
(WebExtensions :: General, defect)
WebExtensions
General
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1279371
People
(Reporter: fdsc, Unassigned)
References
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Build ID: 20161208153507
Steps to reproduce:
User may want to view and edit all http-requests in FireFox
Actual results:
WE impossible to view update request and other privileged requests
Expected results:
Create a privilege this allow add-ons to intercept all http requests
Blocks: webextensions-additional-apis
Updated•8 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Kris, this is not duplicate. bug 1279371 is a documentations bug. This bug is a design bug
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
Comment 3•8 years ago
|
||
It is. Bug 1279371 was originally WONTFIXed before it was changed to a documentation bug.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago → 8 years ago
Resolution: --- → DUPLICATE
Kris, I don't think what the bug is the duplicate. In this case, I was doing a request for a new feature. I want (and need) to see all requests, if I specify a privilege.
The defect was simply that I don't see all the requests. So I'm waiting for solutions, not explanations of the WE concept.
The solution for this defect could not be that "WebRequest so by desin".
I'm waiting for an informed decision. Because without this feature it is impossible to write those add-ons which are written using the addons SDK. It fundamentally denies FireFox the appeal, which was previously.
Flags: needinfo?(kmaglione+bmo)
Comment 5•8 years ago
|
||
See bug 1279371 for discussion of this issue, and feel free to continue it there if you're not satisfied with that discussion. The fact of the matter is that access to internal browser requests is incompatible with the WebExtension sandboxing model. There are things that legacy add-ons that require access to Firefox internals could do that will never be possible in WebExtensions. If you need to continue doing them for some specific reason, you'll have to fall back to unsigned add-ons on a developer build, or system-level security software.
Flags: needinfo?(kmaglione+bmo)
I don't think the answer I got is reasonable. And it's not a duplicate of Bug 1279371 . I have already explained why. Explain again.
1. There is no reason to WebRequest didn't work for all queries.
2. For safety this can be done only for those additions that indicate a special permit.
Bug 1279371 is that events are not implemented (and fixed). This bug is that I propose to introduce the permission for all http requests handling.
I never received any reasonable answer why this can't be done.
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
Maybe I not clear?
I hope to answer is not about the http requests. I'm talking about permission in the manifest for handling all http requests. And not about all of requests in all of extensions.
Comment 8•8 years ago
|
||
You want to see all HTTP requests with a particular permission. We don't believe that is something that we should enable WebExtensions to do.
ok. Now I see that we are one and the same. I want to know why?
As user, The privacy of FireFox assumes that I can block any requests using the extension.
I should be able to manage all the requests and, especially, to see them. As a FireFox user I have no way to find out what makes FireFox with details, because he does it over https. I have also the possibility to block requests if they do not like me.
firewall will not help, as there is no ability to track content requests. No way to reset them from the cookies if they are sent to other extensions.
That is, the user has no possibility to control the privacy of the browser. Control with extensions the only method of control, in addition to build a user own version of the browser
The user can be prevented that the extension is required for permission or even give him a choice, to allow the addition to see service requests or not (with about:config variable).
This should not damage the security.
Summary: Create option to view in WebExtensions all http-request of FireFox → Create option to view/change/disallow in WebExtensions all http-request of FireFox
Comment 10•8 years ago
|
||
Marking as resolved again.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago → 8 years ago
Resolution: --- → INVALID
Reporter | ||
Comment 11•8 years ago
|
||
Frankly, I again don't see explanation why this cannot be done.
Other functions are performed decisions. For this function the decision is not carried out.
I don't understand why?
Reporter | ||
Comment 12•8 years ago
|
||
I want to get a clear explanation of why the procedure is performed for other defects, but is not performed for this defect?
The reason that you do not like my proposal is not a reason to break the procedure.
Someone hold your favorite meeting?
Comment 13•8 years ago
|
||
Please stop re-opening this bug. We have explained in comment 5 and comment 8 that is NOT a goal of WebExtensions to be able to interact with everything in Firefox.
There are requests like blocklisting, updates and OSCP that are not appropriate for WebExtensions to interact with and we have no intention of allowing WebExtensions to get access to.
That's all there is to it.
Comment 14•8 years ago
|
||
It can be implemented. It will not be. As I said already, see the discussion in bug 1279371.
The short answer is that WebExtensions are meant to provide a well-defined, sandboxed set of APIs that does not interfere with core browser functionality in unpredictable ways. Interfering with browser requests gives malicious or poorly-implemented extensions the ability to do things like disable extension blocklist updates, or block certificate revocation checks, among other things.
Please do not re-open this bug again.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago → 8 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Comment 15•8 years ago
|
||
Give me another API, if the purpose of WE are not is what makes the my extension.
Why Mozilla thinks it can decide for the user what is good and what is bad?
You're not listening. You just want to make it so, and not otherwise. Regardless of the views and needs of users.
Comment 16•7 years ago
|
||
It is quite clear that this is not a duplicate of https://bugzilla.mozilla.org/show_bug.cgi?id=1279371
The proper status for this bug is "WONTFIX".
Updated•6 years ago
|
Product: Toolkit → WebExtensions
You need to log in
before you can comment on or make changes to this bug.
Description
•