On Thu, Jan 5, 2012 at 6:58 PM, Jason Duell <[email protected]> wrote: > we're debating adding the capability for extensions to read/modify/ > delete HTTP auth headers in requests during http-on-modify-request. > There's been some question about whether this needs a full security > review or not.
Sorry, late reply- I actually thought that extensions already had that power; and even if not, they can get similar functionality by accessing the nsIHttpAuthMgrCache directly. In general I don't think extension powers need sec review - as you mention, they already have near-unlimited power. -christian _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
