cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
alamalo
Strollin' around
Status: In development

There should be a way to allow extensions to execute only on specific websites like the Site access option in Edge does, this improves extensions usability and may also enhance privacy.

1.png

95 Comments
mconnor
Employee
Employee

Hi folks!  We're working towards shipping this feature, which depends on a much larger project.  The ability to have optional permissions for a site is a new extension capability known as host permissions, that's a part of a major platform upgrade known as Manifest v3.  We are working on shipping Firefox support for MV3 by the end of 2022.

For more on our plans for MV3, please see the latest update from the WebExtensions team.

Bjones
Strollin' around

That’s awesome news!

Bjones
Strollin' around

That’s awesome news! It’s a great security, and perceived security, update to Firefox. 

Status changed to: In development
Jon
Community Manager
Community Manager

Hey all, 

This idea has been reviewed by our product team, and we're happy to share that the feature is 'In development.' Please check out @mconnor's comment for more info and stay tuned for additional updates 😃

-The Community Team

Dessix
New member

As a manifest key, it appears this will not necessarily allow the user to restrict the sites upon which an extension can load.

With the web's history of various malicious extensions having made it into popularity prior to being noticed, the security benefits of a user having the choice to reduce trust in an extension would be significant.

@JonRegarding the in-development feature: Will the described mechanism supporting MV3's implementation ease introduction of a user-exposed allow-list or block-list for "Don't allow this extension on my banking website, but use it everywhere else", for example?

okay_okay
Making moves

Great news! 

carmelo
Making moves

It would be helpful to let the user decide:

  • List of allowed websites.
  • All websites except those listed are not allowed.
byronyuq
New member

Currently the only way to disable an add-on on a specific website is if the add-on itself supports the feature. There are some add-ons that will automatically change the formatting of editable text on certain websites but have no way to only be disabled on those websites.

It would be a huge quality of life if a there was a toggle for which add-ons were enabled on which websites built into the browser rather than relying on the add-ons having the feature themselves.

 

Rab
New member

Make extensions only 'exist' for certain websites.

Some extesnions such as returnyoutubedislike are only really needed in certaing websites but allow to fingerprint users everywhre. If we could make so some extesnions are only active and detected on certaing websites it would reduce fingerprinting without affecting functionality.

Firefoxerest
New member

Site Access "on click" would be nice too. I really would like to use Firefox, but this is deal breaker.

ak2005
Strollin' around

Extensions site access control

Options to control extensions to use them in a particular websites only ( or to disable them on particular sites ) like in chromium browsers.

Some extension provide this feature in the preferences but option to control extension's site access from a browser itself will make it more trustworthy

For Example , Adblockers extensions have access to whole site data and they are important in daily surfing but it feels quite unsafe to use them on certain websites( like banking sites ) and options to disable them on these sites automatically is very useful

This control is available on chromium and chromium based browsers.(shown in attached image)

mconnor
Employee
Employee

Hi everyone!  I wanted to provide a quick update on how this particular feature is coming along.

At a high level, the ability to manage permissions on a per-site basis is part of the changes coming in Manifest v3 (MV3), which Chromium-based browsers already support.  In MV2, permissions are required, so add-ons can safely assume they have access if it’s in the manifest.   MV3 changes permissions to be optional, so add-ons have to be written to account for not having access to a given site.  Overall, this is similar to the changes that iOS and Android made to app permissions a few years back.

MV3 support in Firefox is in Developer Preview right now, including an early version of the extension button on Firefox Nightly. The button won’t do much with current MV2 add-ons, but once folks migrate to MV3 it’ll satisfy the feature here.

Keep an eye on the Add-ons blog for updates on when MV3 will ship to everyone. 

ghjghjghjghjhjg
Making moves

@mconnor

Why rely on add-on developers to migrate to Manifest v3? Can a user even see whether an add-on is v2 or v3 when he installs it?
Firefox already breaks functionality for add-ons on internal websites like about:* and afair addons.mozilla.org for security reason and add-ons have to handle that - well or they do not handle it, but they just have no effect on those websites. What is different for user-defined (additional) black- and whitelists? If it is not configured for the current website, just don't start the add-on instance or return the api calls of the add-on without doing anything.

JohnStuart3941
New member

Just want to add one example: online banking. I don't want any extension to access my banks website for security reasons, so there should be optional black- and whitelists per add-on.

It seems like a direct follow-up post from the same user gets rejected immediately without proper notice, so here is the content of my second post:

@mconnor

Why rely on add-on developers to migrate to Manifest v3? Can a user even see whether an add-on is v2 or v3 when he installs it?
Firefox already breaks functionality for add-ons on internal websites like about:* and afair addons.mozilla.org for security reason and add-ons have to handle that - well or they do not handle it, but they just have no effect on those websites. What is different for user-defined (additional) black- and whitelists? If it is not configured for the current website, just don't start the add-on instance or return the api calls of the add-on without doing anything.

maltalef
Strollin' around

This is very useful!

It would be nice to have the option to disable extensions per-site, something like a block-list.