In general, Firefox dev pages seem to advocate good security practices, but heavy-handed restrictions make it difficult to perform some actions without going against such practices.
I was wondering if there was an elegant way to ask for permission to access domains whose iframes are in the current webpage. I need to modify DOM elements in (potentially cross-origin) iframes of pages for which the add-on has permission. I would like to do so without the <all_urls>
and all_frames
permissions.
Edit: I can read the âsrcâ attribute of the iframe, but I cannot request permissions for that url without a pre-defined user action.
-
What is best practice then? Some obnoxious popup informing the user to simply click the Browser Action?
-
One step further: If I want the user to be able to modify the url (with wildcards and such) before requesting permission, how do I ask for permission elegantly? The doc says I can use âa button in a page bundled with the extensionâ, but this does not seem to be the case for the Browser Action popup.
Thanks,
Ben