I maintain an Add-On at work that we support across both Chrome and Firefox browsers. I noticed recently that it seemed broken on Firefox. The workflow is:
- you log in to our website in a browser tab (I am assuming same container context for all of this)
- opening the extension in a different tab (same container) creates a sidebar menu that talks to our server with your credentials and lets you annotate content on the page
The problem is that when Enhanced Tracking Protection is on, the extension thinks you are not logged in to our server. If I manually turn it off and run the extension, everything works fine.
On Chrome the extension works as expected, presumably because that browser is less strict about sharing data across tabs and/or with extensions.
Is there some kind of permission I can request from Firefox in the manifest.json that will mean the extension can access credentials across tabs even while Enhanced Tracking Protection is on? Current manifest can be seen here, with what I think are the relevant permissions highlighted: https://github.com/meedan/check-mark/blob/develop/public/manifest.json#L33-L37