Match pattern fragment clarification #36069
Conversation
|
Preview URLs External URLs (1)URL:
(comment last updated: 2024-11-22 02:47:25) |
| @@ -342,6 +342,10 @@ The special value `<all_urls>` matches all URLs under any of the supported schem | |||
| <td><code>https://mozilla.org</code></td> | |||
| <td>No path.</td> | |||
| </tr> | |||
| <tr> | |||
| <td><code>https://mozilla.org/#section1</code></td> | |||
| <td>Contains an unsupported match character.</td> | |||
There was a problem hiding this comment.
This is not a syntactically invalid match pattern, just one that never matches.
The other examples here are examples of match patterns that are rejected as a value for "match pattern" types, but this one is accepted.
On the other hand, the example below with a host name is also syntactically valid but listed as invalid. In Chrome it is valid but in Firefox it is ignored.
| @@ -342,6 +342,10 @@ The special value `<all_urls>` matches all URLs under any of the supported schem | |||
| <td><code>https://mozilla.org</code></td> | |||
| <td>No path.</td> | |||
| </tr> | |||
| <tr> | |||
| <td><code>https://mozilla.org/#section1</code></td> | |||
| <td>Contains an unsupported match character.</td> | |||
There was a problem hiding this comment.
| <td>Contains an unsupported match character.</td> | |
| <td>Contains a reference fragment, which are never included in the URLs to match against.</td> |
Can probably be phrased better than this. It is not that the character is unsupported technically, but that the URL that the pattern is matched against never includes the reference fragment.
There was a problem hiding this comment.
@Rob--W made some changes to address, let me know what you think
| <tr> | ||
| <td><code>https://mozilla.*.org/</code></td> | ||
| <td>"*" in host must be at the start.</td> | ||
| <td>Unmatched</td> | ||
| <td>Is syntactically valid and matches in Chrome but is ignored in Firefox.</td> |
There was a problem hiding this comment.
This pattern is not valid in Chrome or Firefox. I just double checked this in a test extension and Chrome logged the following warning at instillation time:
Permission 'https://mozilla.*.org/' is unknown or URL pattern is malformed.
There was a problem hiding this comment.
FYI @Rob--W does this mean I misunderstood your comment? ("On the other hand, the example below with a host name is also syntactically valid but listed as invalid. In Chrome it is valid but in Firefox it is ignored.")
There was a problem hiding this comment.
My comment at #36069 (comment) was poorly phrased. I was referring to the one with the port:
https://mozilla.org:80/
Host must not include a port number.
This is syntactically valid, but the port is ignored in Firefox due to https://bugzilla.mozilla.org/show_bug.cgi?id=1362809 and https://bugzilla.mozilla.org/show_bug.cgi?id=1468162
I'll look into fixing that... This is a long standing issue.
| <td><code>https://mozilla.org/#section1</code></td> | ||
| <td>Unmatched</td> | ||
| <td>Contains a reference fragment: the URL that the pattern is matched against has any reference fragment removed before matching.</td> |
There was a problem hiding this comment.
The origin of this URL makes a bit hard understand how browsers handle this case. If your extension uses this host permission, it won't appear to work because navigating to that URL will trigger a 301 redirect to https://www.mozilla.org/.
If you replace https://mozilla.org/#section1 with https://www.mozilla.org/#section1, the behavior becomes more clear. Both Chrome and Firefox will auto-correct the requested host to https://www.mozilla.org/* and neither logs an error/warning about the fragment. The same behavior occurs observed you omit the fragment in the host permission declaration (e.g. https://www.mozilla.org/).
| <td>Empty path: this should be "<code>*://*/*</code>".</td> | ||
| </tr> | ||
| <tr> | ||
| <td><code>file://*</code></td> | ||
| <td>Invalid</td> |
There was a problem hiding this comment.
file://* is invalid when declared in host_permissions in Firefox but works in Chrome. Chrome auto-corrects it to file:///*.
file:///* works in both Firefox and Chrome.
There was a problem hiding this comment.
Added note re-Chrome behavior
| <td>"*" in scheme must be the only character.</td> | ||
| </tr> | ||
| <tr> | ||
| <td><code>https://mozilla.org:80/</code></td> | ||
| <td>Invalid</td> |
There was a problem hiding this comment.
Ugh, we're in weird territory now. This pattern (https://mozilla.org:80/) doesn't work for two reasons: the aforementioned origin redirect and a mismatch between the declared port and port required by the scheme. HTTPS runs on port 443, HTTP runs on port 80.
Nether Chrome or Firefox will log an install time error/warning if an extension requests https://mozilla.org:80/. This permission is "valid" (but meaningless). You can see this in action if you use await chrome.permissions.getAll() to check the extension's current permission; the response object will look something like this: { permissions: [], origins: ["https://mozilla.org:80/*"]}.
If you modify the host permission to request a port that matches the scheme (e.g. https://www.mozilla.org:443/ or http://example.com:80/), both Chrome and Firefox will grant the host permission and the extension will be able to access data for that host.
There was a problem hiding this comment.
@dotproto so should we use another port, such as 8080. I assume from your comment that this was just a poorly chosen example given that 80 has a binding, or is.the statement "host must not include a port number." Incorrect
This reverts commit 8bdcfc7.
Description
Clarifies how fragments are handled in response to #14018
Related issues and pull requests
Fixes #14018