Hello,
Is there a list of manifest keys that triggers the security pop-up for users when changed?
I know changing “permissions” will do that, but adding or changing “optional_permissions” not, right?
Right now I need to add “web_accessible_resources” key and I want to be sure this will not cause any issues.
web_accessible_resources will not trigger any permission prompt.Optional permissions, permission prompt will be triggered only when permission.request() is called in your code. Also you will be able to use API mentioned in optional permissions only when you request permission.<all_urls>) you can get list of available permissions at https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions#API_permissions
To expand on this a bit, the possible permission request messages are listed on this page: https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions
Thank you guys .
I would just add few more cases:
All of these messages has a button to disable add-on!
And a bonus one: using " chrome_settings_overrides" to add a “search_provider” with option “is_default” will ask user whether he wants to change the the default search engine - there are only Yes / No buttons.
I’ve just found a list of permissions that should not raise alert:
The following permissions don’t get alerted to users:
API permissions alarms contextMenus contextualIdentities cookies identity idle menus storage theme webRequest webRequestBlocking activeTab
But I’m not sure this applies for the update as well. Can anybody confirm that?
There is an article about testing this yourself but it’s quite complex process 
I would like to use contextualIdentities in the near future which is still not available as optional: