We use Oauth from the extension to the server. To prevent abuse and control security, we need to know request from our own extension.
Firefox extension origin are not same for all installation.
For Chrome and Opera, extension origin in the XMLHttpRequest do not change.
What is the Extension origin, how to get?
https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/applications has set?
Extension id to me: moz-extension://82f3f1eb-5511-ed4e-9abf-17a5d9b9e0dc/ https://addons.mozilla.org/en-US/firefox/addon/yathit-sugarcrm-for-gmail/
applications is not set. Can addon author can choose extension id on AMO?
“Note, though, that some WebExtension APIs use the add-on ID and expect it to be the same from one browser session to the next. If you use these APIs in Firefox, then you must set the ID explicitly using the applications key. See When do you need an Add-on ID?.”
“Once you have finished developing the extension, you can package it and submit it to AMO for review and signing. If the packaged extension you upload does not contain an ID, AMO will generate one for you. It’s only at this point that the add-on will be assigned a permanent ID, which will be embedded in the signed packaged extension.”