-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider affordance for embedded frames in extension pages based on externally_connectable #35
Comments
This is true for Chrome's implementation but I'm not sure how other browsers treat extensions. At the very least, it would be good to file this as a feature request at crbug.com/new. |
Have added it in https://issues.chromium.org/issues/338332437 @miketaylr |
CC @DCtheTall |
Currently there is an affordance in place for extensions so that they can embed frames with web origins in extension pages, which will then be treated as first-party. (Reference)
The current affordance however requires an extension to have
host_permissions
over the web origin.If the web origin belongs to the extension author, in most cases it wouldn't need or request host permissions since it can directly communicate with the page using
sendMessage
having declared it asexternally_connectable
in its manifest.Having minimal permissions in this case harms the experience since the scenario doesn't fit into the current affordance.
Q: Can we consider extending the affordance to consider frames first party on extension pages if the extension has the embedded webpage origin declared as
externally_connectable
in its manifest?The text was updated successfully, but these errors were encountered: