Webextension/addon是否有可能在运行时请求特定网站的许可?
我正在尝试开发一个webextension,该webextension访问我不知道的URL用户定义的API。 (更具体地说,它管理他们的 ghost 出版物,其API将与出版物本身托管在同一领域上)。因此,我需要让用户输入其API URL并在整个插件中访问。
这样做的最简单方法是请求< all_urls>主机许可(基本上是*:// **)。但是,我想知道是否有一种更细化的方式来要求我需要的特定URL,而不是这样的清晰权限?
我知道optional_permissions设置允许插件请求在运行时如果这些权限在清单中提前指定。来自 this w3cub page
类型 强制性 示例 数组 否 “ optional_permissions”:[*://ddeveloper.mozilla.org/*,“ webrequest”]使用可选的permissions密钥列出您要在运行时要求的权限,在安装了扩展时。
但是,这似乎需要在运行时请求的硬编码权限(*://developer.mozilla.org/*)。我需要的是可以以相同方式请求的用户定义权限。有什么办法可以实施此操作?
I am trying to develop a WebExtension that accesses a user-defined API whose URL I do not know in advance. (More specifically, it manages their Ghost publications, whose APIs would be hosted on the same domains as the publications themselves). Hence, I need to let users enter their API URL and access that throughout the addon.
The simplest way to do this would be to request the <all_urls> host permission (basically like *://**). But instead of such sweeping permissions, I was wondering if there's a more finegrained way of requesting permission just for the specific URL I need?
I know that the optional_permissions setting lets an addon request additional permissions at runtime if those permissions are specified in advance in the manifest. From this w3cub page:
Type Mandatory Example Array No "optional_permissions": ["*://developer.mozilla.org/*", "webRequest"]Use the optional_permissions key to list permissions that you want to ask for at runtime, after your extension has been installed.
However, this seems to require a hard-coded permission (*://developer.mozilla.org/*) that's requested at runtime. What I need is a user-defined permission that can be requested in the same manner. Is there any way I can go about implementing this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
从可选权限的用例列表中在Mozilla文档上:
这样做的方法是在
optional_permissions设置subtest.json.json之类的设置中包括&lt; lt; all_urls&gt;。 '还请求
WebRequest和geolocation权限;这是为了证明您可以要求的两种不同类型的许可。然后,在您的代码中,而不是请求
&lt; alll_urls&gt;,只需请求您实际想要访问的URL:如您所见,请求将请求整齐地分为一个选项,以获得更多的API权限和更多的API权限和您要访问的不同网站(起源)的另一个。
可以在 permissions.Request文档。 (您还可以找到一个有效的示例webextension 在这里 't包括主机权限,仅包括API)。
From the list of use-cases for optional permissions on the Mozilla docs:
The way to do it is to include
<all_urls>in theoptional_permissionssetting of yourmanifest.jsonlike this:In this example, we're also requesting the
webRequestandgeoLocationpermissions; this is to demonstrate the two different kinds of permission you can request.Then, in your code, instead of requesting
<all_urls>, just request the URLs that you actually want to access:As you can see, the request is neatly separated into an option for more API permissions and another for the different websites (origins) you want to access.
A more complete example can be found on the docs for permissions.request docs. (You can also find a working sample webextension here, but it doesn't include host permissions, only API ones).