My extension is the type to be ran in login pages. The issue is with accounts.firefox.com (and similar protected domains).
As you’d guess, it doesn’t run, but I’m a little confused on the behaviour.
My understanding is that it’s a Protected Site a la this article, but I’ve tried to follow the listed steps and it still can’t be injected in to.
The error message is “… lacks Host Permissions …” which when added also don’t change anything.
If the firefox.com TLD isn’t injectible, that’s fair, but then should it still write to the .url
property from a browser.tabs.query
response?
Chromium behaviour differs, where protected sites simply don’t return a URL.
If possible as well, is there a list of protected domains (aside from user-set ones), or is it just *.firefox.com*
. As then I can at least include an error message.