On 2/1/12 3:02 PM, Charles Pritchard wrote:
On 2/1/12 11:57 AM, Boris Zbarsky wrote:
On 2/1/12 2:39 PM, Charles Pritchard wrote:
Mozilla said they were getting rid of their enable privilege API. I
don't know that they have.
It's being removed, slowly. For example, cross-site XHR (modulo
whatever CORS allows) is no longer possible even if you
enablePrivilege in current Gecko.
There may be a different privilege setup eventually, but
enablePrivilege in its existing form is not a good API, especially for
the web.
So, in Gecko, is cross-site XHR something now specified explicitly in
the extension manifest?
Extensions in Firefox are a separate ballgame. They currently always
run with the same exact permissions (literally; the permissions object
pointer is the same) as the browser UI itself. This means they can do
things that you could never do with enablePrivilege.
Chrome went ahead with specifying "optional permissions" in the
manifest, and when those are present in the manifest, they can be
requested via chrome.permissions.request. It's async, which is nice, and
is quite different than the synchronous Gecko model.
http://code.google.com/chrome/extensions/trunk/permissions.html
Firefox extensions never have to request permissions. They always have
them.
The special status of "file://" is still a special thing.
It'll go away, as enablePrivilege goes away in general.
-Boris
