Access to "Protected" sites (e.g. accounts.firefox.com)

My extension is the type to be ran in login pages. The issue is with accounts.firefox.com (and similar protected domains).
As you’d guess, it doesn’t run, but I’m a little confused on the behaviour.

My understanding is that it’s a Protected Site a la this article, but I’ve tried to follow the listed steps and it still can’t be injected in to.

The error message is “… lacks Host Permissions …” which when added also don’t change anything.

If the firefox.com TLD isn’t injectible, that’s fair, but then should it still write to the .url property from a browser.tabs.query response?
Chromium behaviour differs, where protected sites simply don’t return a URL.

If possible as well, is there a list of protected domains (aside from user-set ones), or is it just *.firefox.com*. As then I can at least include an error message.

Its probably best not to give access to accounts.firefox.com, but if absolutely necessary, it can be removed from extensions.webextensions.restrictedDomains in the about:config page.

1 Like

+1 to @kg_13’s answer. The default list of domains is set in /source/modules/libpref/init/all.js. The vast majority of users should not modify this setting. If you’re considering changing it, bear in mind that doing so will also allow any other extension you have installed to access accounts.firefox.com.