Hello, I realize that this is a common question, and has been answered “no” many times, but this case seems a bit different to me. I work for a company who has a couple of extensions that use the same functionality. I can’t get into the details of the functionality publicly, but the idea is that for these small bits of functionality, we would like to create a shared API between our extensions that can provide the same functionality, in real time. These scripts unfortunately need to be updated frequently, and having to wait for an entire review cycle limits our ability to provide the right content to our users. It would be ideal to serve these small scripts from a remote API.
The policy documentation says “Remote code may be executed in documents with the same origin as the code being executed, or, under limited circumstances, in carefully constructed sandboxes”. Can we achieve what we are trying to do with this sandbox approach? Or, can we give Mozilla access to our APIs (HTTPS) to ensure that we are absolutely not injecting malicious functionality?