My extension has an iframe that is trying to load content that is local to the extension eg from: moz-extension://0131fc0f-55c6-43d2-85e2-4a40ec02fb7c/
But in general, you should probably be careful injecting iframes with extension pages into webpages. I don’t remember or know every detail about what’s possible or not - or what could happen. But you should probably also look into stuff like iframe’s sandbox attribute and content_security_policy in the manifest if you haven’t done that already. You don’t want the webpage to get access to the internal webextension API via the iframe.
I added “iframe.html” to the web_accessible_resources section
In the chrome extension I see a request in the network tab going to the src.
When the source is remote the iframe is actually loaded in FireFox eg src=“TrezorConnect | Trezor”
I thought it might be because the URI doesn’t use HTTPS?
Not sure why FF allows the remote iframe content to be injected but not from a file that is local.
Note
I removed the script in the iframe.html for troubleshooting purposes
In the background script if you use a remote src the iframe will be loaded. If you switch to a local src the iframe will not be loaded.
I checked I can load the iframe.html manually by going to the URL printed in the src attribute
It should be accessible since I have added the page to:
“web_accessible_resources”: [
“html/iframe.html”
],
If this is an bug I don’t think it will be fixed, because I think MV2 will be phased out even in FF and this kind of thing is not going to be possible in MV3