I need to create an extension that communicate with local webserver (i.e. qbittorrent web ui). I need to define host permission like "http://192.168.1.*", so that anyone else can use it as long as their webserver is local. But I can’t do it since it produces error:
Reading manifest: Error processing permissions.0: Value "http://192.158.1.*/" must either: must either [must either [be one of ["clipboardRead", "clipboardWrite", "geolocation", "idle", "notifications"], be one of ["bookmarks"], be one of ["find"], be one of ["history"], be one of ["activeTab", "tabs"], be one of ["browserSettings"], be one of ["cookies"], be one of ["topSites"], be one of ["webNavigation"], or be one of ["webRequest", "webRequestBlocking"]], be one of ["alarms", "mozillaAddons", "storage", "unlimitedStorage"], be one of ["browsingData"], be one of ["devtools"], be one of ["identity"], be one of ["menus", "contextMenus"], be one of ["pkcs11"], be one of ["geckoProfiler"], be one of ["sessions"], be one of ["contextualIdentities"], be one of ["downloads", "downloads.open"], be one of ["management"], be one of ["privacy"], be one of ["proxy"], be one of ["nativeMessaging"], be one of ["theme"], or match the pattern /^experiments(\.\w+)+$/], or must either [be one of ["<all_urls>"], match the pattern /^(https?|wss?|file|ftp|\*):\/\/(\*|\*\.[^*/]+|[^*/]+)\/.*$/, or match the pattern /^file:\/\/\/.*$/]
The only solution that I can do now is using <all_urls> permission. Considering that the extension also uses cookies permission, it will appears too suspicious since it can get any cookies from any site.
Is it possible to add local IP wildcard as host permission, or would there be a security problem? It should only be for IP ranges: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. Another solution would be defining keyword like <local_ip> that falls into those ranges.