Opt-in permissions for MV3 extensions

Add-ons Development
#1

According to a blog post on the Mozilla Add-ons Community Blog, “All MV3 permissions, including host permissions, are opt-in for users.” Source URL: https://blog.mozilla.org/addons/2022/10/31/begin-your-mv3-migration-by-implementing-new-features-today/

I’m working on converting one of my extensions to MV3, and it requires these permissions: “Access browsing history” (history), and “Access browser tabs” (tabs, activeTab).

Does this mean that the user has to opt in to these permissions? I tested it in Firefox Developer Edition, and my extension still works without any extra user intervention – I didn’t notice any prompts where the user would have to opt in to these two permissions.

Clarification on what is meant by “opt-in permissions” would be great. Thanks in advance!

1 Like
#2

I think what Mozilla means by “All MV3 permissions, including host permissions, are opt-in for users” is that the user can revoke all host permissions at runtime. In MV2, the user could only revoke optional host permissions (granted at runtime), but not host permissions (granted at install time).

This was written for MV2, but I think it’s valid for MV3 as well:
Test permission requests

As I understand MV3:

  • Required API permissions (“permissions” key in manifest.json) are “opt-in” in the sense that when you install an extension from AMO, Firefox tells you about its required permissions, and if you click “Add”, you’re accepting these permissions.
    The user can’t revoke required API permissions, because that wouldn’t make sense - the extension wouldn’t work anymore.
  • All other permissions (optional API permissions and host permissions) are “opt-in” in the sense that the extension can ask for them at runtime, or the user can grant them at runtime - in the extension’s “Permissions” tab, or by interacting with the extension.
    And the user can revoke these permissions at runtime.

It looks like host permissions are always optional in MV3.
Doesn’t matter if you put them in the “host_permissions” or “optional_permissions / optional_host_permissions” key in manifest.json.

Whether this is good UX is another question.
Because for some extensions, having required host permissions that you can’t revoke makes sense.

2 Likes
#3

That makes sense. Thanks for the explanation!