There should be a way to allow extensions to execute only on specific websites like the Site access option in Edge does, this improves extensions usability and may also enhance privacy.
Hi folks! We're working towards shipping this feature, which depends on a much larger project. The ability to have optional permissions for a site is a new extension capability known as host permissions, that's a part of a major platform upgrade known as Manifest v3. We are working on shipping Firefox support for MV3 by the end of 2022.
This idea has been reviewed by our product team, and we're happy to share that the feature is 'In development.' Please check out @mconnor's comment for more info and stay tuned for additional updates 😃
As a manifest key, it appears this will not necessarily allow the user to restrict the sites upon which an extension can load.
With the web's history of various malicious extensions having made it into popularity prior to being noticed, the security benefits of a user having the choice to reduce trust in an extension would be significant.
@JonRegarding the in-development feature: Will the described mechanism supporting MV3's implementation ease introduction of a user-exposed allow-list or block-list for "Don't allow this extension on my banking website, but use it everywhere else", for example?
Currently the only way to disable an add-on on a specific website is if the add-on itself supports the feature. There are some add-ons that will automatically change the formatting of editable text on certain websites but have no way to only be disabled on those websites.
It would be a huge quality of life if a there was a toggle for which add-ons were enabled on which websites built into the browser rather than relying on the add-ons having the feature themselves.
Make extensions only 'exist' for certain websites.
Some extesnions such as returnyoutubedislike are only really needed in certaing websites but allow to fingerprint users everywhre. If we could make so some extesnions are only active and detected on certaing websites it would reduce fingerprinting without affecting functionality.
Options to control extensions to use them in a particular websites only ( or to disable them on particular sites ) like in chromium browsers.
Some extension provide this feature in the preferences but option to control extension's site access from a browser itself will make it more trustworthy
For Example , Adblockers extensions have access to whole site data and they are important in daily surfing but it feels quite unsafe to use them on certain websites( like banking sites ) and options to disable them on these sites automatically is very useful
This control is available on chromium and chromium based browsers.(shown in attached image)
Hi everyone! I wanted to provide a quick update on how this particular feature is coming along.
At a high level, the ability to manage permissions on a per-site basis is part of the changes coming in Manifest v3 (MV3), which Chromium-based browsers already support. In MV2, permissions are required, so add-ons can safely assume they have access if it’s in the manifest. MV3 changes permissions to be optional, so add-ons have to be written to account for not having access to a given site. Overall, this is similar to the changes that iOS and Android made to app permissions a few years back.
MV3 support in Firefox is in Developer Preview right now, including an early version of the extension button on Firefox Nightly. The button won’t do much with current MV2 add-ons, but once folks migrate to MV3 it’ll satisfy the feature here.
Keep an eye on the Add-ons blog for updates on when MV3 will ship to everyone.
Why rely on add-on developers to migrate to Manifest v3? Can a user even see whether an add-on is v2 or v3 when he installs it? Firefox already breaks functionality for add-ons on internal websites like about:* and afair addons.mozilla.org for security reason and add-ons have to handle that - well or they do not handle it, but they just have no effect on those websites. What is different for user-defined (additional) black- and whitelists? If it is not configured for the current website, just don't start the add-on instance or return the api calls of the add-on without doing anything.
Just want to add one example: online banking. I don't want any extension to access my banks website for security reasons, so there should be optional black- and whitelists per add-on.
It seems like a direct follow-up post from the same user gets rejected immediately without proper notice, so here is the content of my second post:
Why rely on add-on developers to migrate to Manifest v3? Can a user even see whether an add-on is v2 or v3 when he installs it? Firefox already breaks functionality for add-ons on internal websites like about:* and afair addons.mozilla.org for security reason and add-ons have to handle that - well or they do not handle it, but they just have no effect on those websites. What is different for user-defined (additional) black- and whitelists? If it is not configured for the current website, just don't start the add-on instance or return the api calls of the add-on without doing anything.
