nearly every browser binds permissions for websites to a domain or a subdomain. Google is actively using it to have cross-service access rights when a user gives permission for Google Maps to access their location.
it would be nice if firefox would be the first browser to change their permission systems to be single-domain, or even wildcard bound - because now I need to give google.com/maps* location access, as Google writes maps coordinates into their URLs. But giving google.com/maps* access shouldn't mean that Google can use google.com/secretpathnobodyknowsandonlyscriptsarecalling to access the same given permission - as the user still just sets it for Google Maps, and Google Maps only. Until google.com/flights (or every other service) asks for location access.