Hi @NilkasG and thanks for your response.
The actual URL to post to comes from an option set with a custom options page as part of the Web Extension options. It is set by the user of the plugin and is unique to that user so there is no way I could add it to permissions ahead of time. (Also, yes, the URL is typically https.) What I included in the example above was a simplification.
Since a form post like this (not using AJAX) is not subject to cross domain restrictions, I really should not need to add it to any permissions, no? Also, it is currently working great for my users and they did not do anything special to their browser settings, just installed the XPI.
Thanks,
Scott