From 041d6c63c7b9f689e5787c978d22f9614dc1e791 Mon Sep 17 00:00:00 2001 From: Richard Bloor Date: Sat, 30 May 2026 06:59:48 +1200 Subject: [PATCH 1/4] Add use of declarativeNetRequest to Intercept HTTP requests guide --- .../intercept_http_requests/index.md | 183 ++++++++++++++++-- 1 file changed, 168 insertions(+), 15 deletions(-) diff --git a/files/en-us/mozilla/add-ons/webextensions/intercept_http_requests/index.md b/files/en-us/mozilla/add-ons/webextensions/intercept_http_requests/index.md index 367848c98e2c1c7..1c23a8f29f5a52a 100644 --- a/files/en-us/mozilla/add-ons/webextensions/intercept_http_requests/index.md +++ b/files/en-us/mozilla/add-ons/webextensions/intercept_http_requests/index.md @@ -5,21 +5,23 @@ page-type: guide sidebar: addonsidebar --- -To intercept HTTP requests, use the {{WebExtAPIRef("webRequest")}} API. -This API enables you to add listeners for various stages of making an HTTP request. -In the listeners, you can: +Two APIs are available for intercepting HTTP requests: {{WebExtAPIRef("webRequest")}} and {{WebExtAPIRef("declarativeNetRequest")}}. -- Get access to request headers and bodies and response headers. -- Cancel and redirect requests. -- Modify request and response headers. +The {{WebExtAPIRef("webRequest")}} API intercepts requests by adding event listeners to the various stages of an HTTP request. The extension's listeners can inspect and modify requests programmatically: getting access to request and response headers and bodies, canceling requests, and redirecting them. Use `webRequest` when your extension needs to handle requests in ways that you can't determine in advance, such as when the logic depends on the content of a prior request or on dynamic extension state. -This article looks at three different uses for the `webRequest` module: +The {{WebExtAPIRef("declarativeNetRequest")}} API intercepts requests using declarative rules that specify conditions and actions. The browser evaluates these rules and handles requests directly, without notifying the extension about individual requests. This behavior makes `declarativeNetRequest` more performant and privacy-preserving than `webRequest`, as extensions don't have access to the content of individual requests. `declarativeNetRequest` also doesn't require a background page and can block or upgrade requests without [host permissions](/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions#host_permissions). Use `declarativeNetRequest` when your extension's request-handling logic can be expressed as a fixed set of rules, for example, in content blockers. -- Logging request URLs as they are made. -- Redirecting requests. -- Modifying request headers. +This article looks at examples of using both APIs. -## Logging request URLs +## Using the webRequest API + +This section includes examples that use the `webRequest` API to: + +- Log request URLs. +- Redirect requests. +- Modify request headers. + +### Logging request URLs To see how you can use `webRequest` to log requests, create a new directory called "requests". In that directory, create a file called "manifest.json" and add: @@ -60,7 +62,7 @@ To test it: - Open the [Browser Console](https://firefox-source-docs.mozilla.org/devtools-user/browser_console/) (use Ctrl + Shift + J) - Enable _Show Content Messages_ in the menu: - ![Browser console menu: Show Content Messages](browser_console_show_content_messages.png) +![Browser console menu: Show Content Messages](browser_console_show_content_messages.png) - Open some web pages. @@ -71,7 +73,7 @@ For example, this screenshot shows the URLs from loading a Wikipedia page: -## Redirecting requests +### Redirecting requests Now use `webRequest` to redirect HTTP requests. First, replace "manifest.json" with this: @@ -138,7 +140,7 @@ To test it out, open a page on MDN that contains images (for example, [the page ![Images on a page replaced with a frog image](beastify_by_redirect.png) -## Modifying request headers +### Modifying request headers Finally, use `webRequest` to modify request headers. In this example, you change the "User-Agent" header so the browser identifies itself as Opera 12.16, but only when visiting pages under "https\://useragentstring.com/". @@ -202,6 +204,157 @@ Then reload the extension, reload [useragentstring.com](https://useragentstring. ![useragentstring.com showing details of the modified user agent string](modified_request_header.png) +## Using the `declarativeNetRequest` API + +To illustrate the use of the `declarativeNetRequest` API, this section includes examples showing how to redirect requests and modify request headers using declarative rules. + +Unlike `webRequest`, `declarativeNetRequest` doesn't notify the extension about individual network requests, so there is no equivalent to the [logging example](#logging_request_urls) example. + +### Redirecting requests + +Use `declarativeNetRequest` to redirect HTTP requests. Create a directory called "requests". In that directory, create a file called "manifest.json" and add: + +```json +{ + "description": "Demonstrating declarativeNetRequest", + "manifest_version": 3, + "name": "declarativeNetRequest-demo", + "version": "1.0", + + "permissions": ["declarativeNetRequest"], + "host_permissions": ["https://developer.mozilla.org/"], + + "declarative_net_request": { + "rule_resources": [ + { + "id": "ruleset_1", + "enabled": true, + "path": "rules.json" + } + ] + } +} +``` + +The `"declarativeNetRequest"` permission enables the API. The `"host_permissions"` entry is required because the rules redirect requests. The `"declarative_net_request"` manifest key registers the ruleset file, which defines how to handle requests. + +Next, create a file called "rules.json" and add: + +```json +[ + { + "id": 1, + "priority": 2, + "action": { "type": "allow" }, + "condition": { + "urlFilter": "frog.jpg", + "resourceTypes": ["image"] + } + }, + { + "id": 2, + "priority": 1, + "action": { + "type": "redirect", + "redirect": { + "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Your_second_WebExtension/frog.jpg" + } + }, + "condition": { + "urlFilter": "||developer.mozilla.org", + "resourceTypes": ["image"] + } + } +] +``` + +This ruleset has two rules: + +- Rule 2 redirects all image requests to URLs under `https://developer.mozilla.org/` to the frog image from the [your second extension tutorial](/en-US/docs/Mozilla/Add-ons/WebExtensions/Your_second_WebExtension). +- Rule 1 uses the "allow" action with a higher priority to prevent the frog image itself from being redirected, which would otherwise cause an infinite redirect loop. + +See {{WebExtAPIRef("declarativeNetRequest.RuleCondition")}} and {{WebExtAPIRef("declarativeNetRequest.RuleAction")}} for more on conditions and actions, and [Matching precedence](/en-US/docs/Mozilla/Add-ons/WebExtensions/API/declarativeNetRequest#matching_precedence) for details on how rule priority works. + +Unlike the `webRequest` version of this example, the extension doesn't need a background script. The browser evaluates the rules directly. + +To test it out, open a page on MDN that contains images (for example, [the page listing extension user interface components](/en-US/docs/Mozilla/Add-ons/WebExtensions/user_interface)), [install the extension](https://extensionworkshop.com/documentation/develop/temporary-installation-in-firefox/), and then load the MDN page. You see something like this: + +![Images on a page replaced with a frog image](beastify_by_redirect.png) + +### Modifying request headers + +Use `declarativeNetRequest` to modify request headers. In this example, you change the "User-Agent" header so the browser identifies itself as Opera 12.16, but only for requests to "https\://useragentstring.com/". + +Replace "manifest.json" with this: + +```json +{ + "description": "Demonstrating declarativeNetRequest", + "manifest_version": 3, + "name": "declarativeNetRequest-demo", + "version": "1.0", + + "permissions": ["declarativeNetRequest"], + "host_permissions": ["https://useragentstring.com/"], + + "declarative_net_request": { + "rule_resources": [ + { + "id": "ruleset_1", + "enabled": true, + "path": "rules.json" + } + ] + } +} +``` + +Replace "rules.json" with this: + +```json +[ + { + "id": 1, + "priority": 1, + "action": { + "type": "modifyHeaders", + "requestHeaders": [ + { + "header": "User-Agent", + "operation": "set", + "value": "Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16" + } + ] + }, + "condition": { + "urlFilter": "||useragentstring.com", + "resourceTypes": ["main_frame"] + } + } +] +``` + +The rule's `condition` matches `main_frame` requests to `useragentstring.com`. The `action` uses `"modifyHeaders"` with an `"operation"` of `"set"` to replace the value of the `User-Agent` header. See {{WebExtAPIRef("declarativeNetRequest.ModifyHeaderInfo")}} for the full set of header modification options. + +Host permissions for `useragentstring.com` are required to modify headers on requests to that domain. + +To test it out, [reload the extension](https://extensionworkshop.com/documentation/develop/temporary-installation-in-firefox/#reloading_a_temporary_add-on), open [useragentstring.com](https://useragentstring.com/) and check that it identifies the browser as Firefox. Then reload [useragentstring.com](https://useragentstring.com/), and see that the site now identifies the browser as Opera. + +![useragentstring.com showing details of the modified user agent string](modified_request_header.png) + ## Learn more -To learn about all the things you can do with the `webRequest` API, see its [reference documentation](/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest). +To learn more about these APIs, see the {{WebExtAPIRef("webRequest")}} and {{WebExtAPIRef("declarativeNetRequest")}} reference documentation. + +For `webRequest` examples, see: + +- [http-response](https://github.com/mdn/webextensions-examples/tree/main/http-response) +- [root-cert-stats](https://github.com/mdn/webextensions-examples/tree/main/root-cert-stats) +- [stored-credentials](https://github.com/mdn/webextensions-examples/tree/main/stored-credentials) +- [user-agent-rewriter](https://github.com/mdn/webextensions-examples/tree/main/user-agent-rewriter) + +For `declarativeNetRequest` examples, see: + +- [dnr-block-only](https://github.com/mdn/webextensions-examples/tree/main/dnr-block-only) +- [dnr-dynamic-with-options](https://github.com/mdn/webextensions-examples/tree/main/dnr-dynamic-with-options) +- [dnr-redirect-url](https://github.com/mdn/webextensions-examples/tree/main/dnr-redirect-url) From 9f0ca6b447ce771a401643ee67205b7deb3ccecc Mon Sep 17 00:00:00 2001 From: Richard Bloor Date: Tue, 2 Jun 2026 05:35:55 +1200 Subject: [PATCH 2/4] Bug-2034168 explicit permission for file access --- .../api/devtools/inspectedwindow/eval/index.md | 2 ++ .../mozilla/add-ons/webextensions/api/extension/index.md | 4 ++-- .../api/extension/isallowedfileschemeaccess/index.md | 6 +----- files/en-us/mozilla/firefox/releases/153/index.md | 2 ++ 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/files/en-us/mozilla/add-ons/webextensions/api/devtools/inspectedwindow/eval/index.md b/files/en-us/mozilla/add-ons/webextensions/api/devtools/inspectedwindow/eval/index.md index ba7877f765fa3d7..663a38c40628e8b 100644 --- a/files/en-us/mozilla/add-ons/webextensions/api/devtools/inspectedwindow/eval/index.md +++ b/files/en-us/mozilla/add-ons/webextensions/api/devtools/inspectedwindow/eval/index.md @@ -18,6 +18,8 @@ The script is evaluated by default in the main frame of the page. The script mus You can't call `eval()` on privileged browser windows such as "about:addons". +In Firefox 153 and later, calling `eval()` on a `file://` URL requires the extension to be granted file scheme access by the user. Without this permission, the promise rejects with an error. Use {{WebExtAPIRef("extension.isAllowedFileSchemeAccess()")}} to check whether the user has granted the extension this permission. + You can optionally provide an `options` parameter, which includes options to evaluate the script in a different frame or in the context of attached content scripts. Note that Firefox does not yet support the `options` parameter. The `eval()` function returns a [`Promise`](/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise) that resolves to the evaluated result of the script or to an error. diff --git a/files/en-us/mozilla/add-ons/webextensions/api/extension/index.md b/files/en-us/mozilla/add-ons/webextensions/api/extension/index.md index 75f9f0b6792a8fa..27b9458b85787f5 100644 --- a/files/en-us/mozilla/add-ons/webextensions/api/extension/index.md +++ b/files/en-us/mozilla/add-ons/webextensions/api/extension/index.md @@ -34,9 +34,9 @@ Utilities related to your extension. Get URLs to resources packages with your ex - {{WebExtAPIRef("extension.getViews()")}} - : Returns an array of the [`Window`](/en-US/docs/Web/API/Window) objects for each of the pages running inside the current extension. - {{WebExtAPIRef("extension.isAllowedIncognitoAccess()")}} - - : Retrieves the state of the extension's access to Incognito-mode (as determined by the user-controlled '_Allowed in Incognito_' checkbox). + - : Retrieves the state of the extension's access to tabs opened in "private browsing" mode (as determined by the user-controlled '_Run in Private Windows_' option in the extension's permissions). - {{WebExtAPIRef("extension.isAllowedFileSchemeAccess()")}} - - : Retrieves the state of the extension's access to the `file://` scheme (as determined by the user-controlled '_Allow access to File URLs_' checkbox). + - : Retrieves the state of the extension's access to the `file://` scheme (as determined by the user-controlled '_Access local files on your computer_' option in the extension's permissions). - {{WebExtAPIRef("extension.sendRequest()")}} {{deprecated_inline}} - : Sends a single request to other listeners within the extension. - {{WebExtAPIRef("extension.setUpdateUrlData()")}} diff --git a/files/en-us/mozilla/add-ons/webextensions/api/extension/isallowedfileschemeaccess/index.md b/files/en-us/mozilla/add-ons/webextensions/api/extension/isallowedfileschemeaccess/index.md index d492a44284e3916..e77bad520a512ab 100644 --- a/files/en-us/mozilla/add-ons/webextensions/api/extension/isallowedfileschemeaccess/index.md +++ b/files/en-us/mozilla/add-ons/webextensions/api/extension/isallowedfileschemeaccess/index.md @@ -8,8 +8,6 @@ sidebar: addonsidebar Returns `true` if the extension can access the "file://" scheme, `false` otherwise. -This is an asynchronous function that returns a [`Promise`](/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise). - ## Syntax ```js-nolint @@ -22,9 +20,7 @@ None. ### Return value -A [`Promise`](/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise) that will be fulfilled with a boolean: `true` if the extension is allowed access to "file://" URLs, `false` otherwise. - -Firefox will always return `false`. +A [`Promise`](/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise) fulfilled with a boolean: `true` if the extension is allowed access to "file://" URLs, `false` otherwise. ## Examples diff --git a/files/en-us/mozilla/firefox/releases/153/index.md b/files/en-us/mozilla/firefox/releases/153/index.md index 0017fcdd277dc3b..91ad0e8b3c511b3 100644 --- a/files/en-us/mozilla/firefox/releases/153/index.md +++ b/files/en-us/mozilla/firefox/releases/153/index.md @@ -72,6 +72,8 @@ Firefox 153 is the current [Nightly version of Firefox](https://www.firefox.com/ ## Changes for add-on developers +- Extensions now require explicit user permission to access `file://` URLs. Previously, access to local files was covered by the "Access your data for all websites" host permission. This change introduces a separate "Access local files on your computer" option in the extension's permissions settings (desktop only), and file access is opt-in by default for all extensions, including existing ones. The {{WebExtAPIRef("extension.isAllowedFileSchemeAccess()")}} method now correctly returns `true` if the user has granted file scheme access; previously, Firefox always returned `false`. Additionally, {{WebExtAPIRef("devtools.inspectedWindow.eval()")}} on `file://` URLs now requires this permission. ([Firefox bug 2034168](https://bugzil.la/2034168)) + From cf87fb39b6818fb6808cf58cbe8fb304f8fc79f2 Mon Sep 17 00:00:00 2001 From: Richard Bloor Date: Fri, 5 Jun 2026 07:11:41 +1200 Subject: [PATCH 3/4] Removing /intercept_http_requests/index.md --- .../intercept_http_requests/index.md | 183 ++---------------- 1 file changed, 15 insertions(+), 168 deletions(-) diff --git a/files/en-us/mozilla/add-ons/webextensions/intercept_http_requests/index.md b/files/en-us/mozilla/add-ons/webextensions/intercept_http_requests/index.md index 1c23a8f29f5a52a..367848c98e2c1c7 100644 --- a/files/en-us/mozilla/add-ons/webextensions/intercept_http_requests/index.md +++ b/files/en-us/mozilla/add-ons/webextensions/intercept_http_requests/index.md @@ -5,23 +5,21 @@ page-type: guide sidebar: addonsidebar --- -Two APIs are available for intercepting HTTP requests: {{WebExtAPIRef("webRequest")}} and {{WebExtAPIRef("declarativeNetRequest")}}. +To intercept HTTP requests, use the {{WebExtAPIRef("webRequest")}} API. +This API enables you to add listeners for various stages of making an HTTP request. +In the listeners, you can: -The {{WebExtAPIRef("webRequest")}} API intercepts requests by adding event listeners to the various stages of an HTTP request. The extension's listeners can inspect and modify requests programmatically: getting access to request and response headers and bodies, canceling requests, and redirecting them. Use `webRequest` when your extension needs to handle requests in ways that you can't determine in advance, such as when the logic depends on the content of a prior request or on dynamic extension state. +- Get access to request headers and bodies and response headers. +- Cancel and redirect requests. +- Modify request and response headers. -The {{WebExtAPIRef("declarativeNetRequest")}} API intercepts requests using declarative rules that specify conditions and actions. The browser evaluates these rules and handles requests directly, without notifying the extension about individual requests. This behavior makes `declarativeNetRequest` more performant and privacy-preserving than `webRequest`, as extensions don't have access to the content of individual requests. `declarativeNetRequest` also doesn't require a background page and can block or upgrade requests without [host permissions](/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions#host_permissions). Use `declarativeNetRequest` when your extension's request-handling logic can be expressed as a fixed set of rules, for example, in content blockers. +This article looks at three different uses for the `webRequest` module: -This article looks at examples of using both APIs. +- Logging request URLs as they are made. +- Redirecting requests. +- Modifying request headers. -## Using the webRequest API - -This section includes examples that use the `webRequest` API to: - -- Log request URLs. -- Redirect requests. -- Modify request headers. - -### Logging request URLs +## Logging request URLs To see how you can use `webRequest` to log requests, create a new directory called "requests". In that directory, create a file called "manifest.json" and add: @@ -62,7 +60,7 @@ To test it: - Open the [Browser Console](https://firefox-source-docs.mozilla.org/devtools-user/browser_console/) (use Ctrl + Shift + J) - Enable _Show Content Messages_ in the menu: -![Browser console menu: Show Content Messages](browser_console_show_content_messages.png) + ![Browser console menu: Show Content Messages](browser_console_show_content_messages.png) - Open some web pages. @@ -73,7 +71,7 @@ For example, this screenshot shows the URLs from loading a Wikipedia page: -### Redirecting requests +## Redirecting requests Now use `webRequest` to redirect HTTP requests. First, replace "manifest.json" with this: @@ -140,7 +138,7 @@ To test it out, open a page on MDN that contains images (for example, [the page ![Images on a page replaced with a frog image](beastify_by_redirect.png) -### Modifying request headers +## Modifying request headers Finally, use `webRequest` to modify request headers. In this example, you change the "User-Agent" header so the browser identifies itself as Opera 12.16, but only when visiting pages under "https\://useragentstring.com/". @@ -204,157 +202,6 @@ Then reload the extension, reload [useragentstring.com](https://useragentstring. ![useragentstring.com showing details of the modified user agent string](modified_request_header.png) -## Using the `declarativeNetRequest` API - -To illustrate the use of the `declarativeNetRequest` API, this section includes examples showing how to redirect requests and modify request headers using declarative rules. - -Unlike `webRequest`, `declarativeNetRequest` doesn't notify the extension about individual network requests, so there is no equivalent to the [logging example](#logging_request_urls) example. - -### Redirecting requests - -Use `declarativeNetRequest` to redirect HTTP requests. Create a directory called "requests". In that directory, create a file called "manifest.json" and add: - -```json -{ - "description": "Demonstrating declarativeNetRequest", - "manifest_version": 3, - "name": "declarativeNetRequest-demo", - "version": "1.0", - - "permissions": ["declarativeNetRequest"], - "host_permissions": ["https://developer.mozilla.org/"], - - "declarative_net_request": { - "rule_resources": [ - { - "id": "ruleset_1", - "enabled": true, - "path": "rules.json" - } - ] - } -} -``` - -The `"declarativeNetRequest"` permission enables the API. The `"host_permissions"` entry is required because the rules redirect requests. The `"declarative_net_request"` manifest key registers the ruleset file, which defines how to handle requests. - -Next, create a file called "rules.json" and add: - -```json -[ - { - "id": 1, - "priority": 2, - "action": { "type": "allow" }, - "condition": { - "urlFilter": "frog.jpg", - "resourceTypes": ["image"] - } - }, - { - "id": 2, - "priority": 1, - "action": { - "type": "redirect", - "redirect": { - "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Your_second_WebExtension/frog.jpg" - } - }, - "condition": { - "urlFilter": "||developer.mozilla.org", - "resourceTypes": ["image"] - } - } -] -``` - -This ruleset has two rules: - -- Rule 2 redirects all image requests to URLs under `https://developer.mozilla.org/` to the frog image from the [your second extension tutorial](/en-US/docs/Mozilla/Add-ons/WebExtensions/Your_second_WebExtension). -- Rule 1 uses the "allow" action with a higher priority to prevent the frog image itself from being redirected, which would otherwise cause an infinite redirect loop. - -See {{WebExtAPIRef("declarativeNetRequest.RuleCondition")}} and {{WebExtAPIRef("declarativeNetRequest.RuleAction")}} for more on conditions and actions, and [Matching precedence](/en-US/docs/Mozilla/Add-ons/WebExtensions/API/declarativeNetRequest#matching_precedence) for details on how rule priority works. - -Unlike the `webRequest` version of this example, the extension doesn't need a background script. The browser evaluates the rules directly. - -To test it out, open a page on MDN that contains images (for example, [the page listing extension user interface components](/en-US/docs/Mozilla/Add-ons/WebExtensions/user_interface)), [install the extension](https://extensionworkshop.com/documentation/develop/temporary-installation-in-firefox/), and then load the MDN page. You see something like this: - -![Images on a page replaced with a frog image](beastify_by_redirect.png) - -### Modifying request headers - -Use `declarativeNetRequest` to modify request headers. In this example, you change the "User-Agent" header so the browser identifies itself as Opera 12.16, but only for requests to "https\://useragentstring.com/". - -Replace "manifest.json" with this: - -```json -{ - "description": "Demonstrating declarativeNetRequest", - "manifest_version": 3, - "name": "declarativeNetRequest-demo", - "version": "1.0", - - "permissions": ["declarativeNetRequest"], - "host_permissions": ["https://useragentstring.com/"], - - "declarative_net_request": { - "rule_resources": [ - { - "id": "ruleset_1", - "enabled": true, - "path": "rules.json" - } - ] - } -} -``` - -Replace "rules.json" with this: - -```json -[ - { - "id": 1, - "priority": 1, - "action": { - "type": "modifyHeaders", - "requestHeaders": [ - { - "header": "User-Agent", - "operation": "set", - "value": "Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16" - } - ] - }, - "condition": { - "urlFilter": "||useragentstring.com", - "resourceTypes": ["main_frame"] - } - } -] -``` - -The rule's `condition` matches `main_frame` requests to `useragentstring.com`. The `action` uses `"modifyHeaders"` with an `"operation"` of `"set"` to replace the value of the `User-Agent` header. See {{WebExtAPIRef("declarativeNetRequest.ModifyHeaderInfo")}} for the full set of header modification options. - -Host permissions for `useragentstring.com` are required to modify headers on requests to that domain. - -To test it out, [reload the extension](https://extensionworkshop.com/documentation/develop/temporary-installation-in-firefox/#reloading_a_temporary_add-on), open [useragentstring.com](https://useragentstring.com/) and check that it identifies the browser as Firefox. Then reload [useragentstring.com](https://useragentstring.com/), and see that the site now identifies the browser as Opera. - -![useragentstring.com showing details of the modified user agent string](modified_request_header.png) - ## Learn more -To learn more about these APIs, see the {{WebExtAPIRef("webRequest")}} and {{WebExtAPIRef("declarativeNetRequest")}} reference documentation. - -For `webRequest` examples, see: - -- [http-response](https://github.com/mdn/webextensions-examples/tree/main/http-response) -- [root-cert-stats](https://github.com/mdn/webextensions-examples/tree/main/root-cert-stats) -- [stored-credentials](https://github.com/mdn/webextensions-examples/tree/main/stored-credentials) -- [user-agent-rewriter](https://github.com/mdn/webextensions-examples/tree/main/user-agent-rewriter) - -For `declarativeNetRequest` examples, see: - -- [dnr-block-only](https://github.com/mdn/webextensions-examples/tree/main/dnr-block-only) -- [dnr-dynamic-with-options](https://github.com/mdn/webextensions-examples/tree/main/dnr-dynamic-with-options) -- [dnr-redirect-url](https://github.com/mdn/webextensions-examples/tree/main/dnr-redirect-url) +To learn about all the things you can do with the `webRequest` API, see its [reference documentation](/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest). From 6e801a646cd4853b1e5d3d388a9eee7a6c384087 Mon Sep 17 00:00:00 2001 From: Richard Bloor Date: Fri, 5 Jun 2026 11:12:03 +1200 Subject: [PATCH 4/4] Feedback updates --- files/en-us/mozilla/firefox/releases/153/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/en-us/mozilla/firefox/releases/153/index.md b/files/en-us/mozilla/firefox/releases/153/index.md index 91ad0e8b3c511b3..b1e63e58194399c 100644 --- a/files/en-us/mozilla/firefox/releases/153/index.md +++ b/files/en-us/mozilla/firefox/releases/153/index.md @@ -72,7 +72,7 @@ Firefox 153 is the current [Nightly version of Firefox](https://www.firefox.com/ ## Changes for add-on developers -- Extensions now require explicit user permission to access `file://` URLs. Previously, access to local files was covered by the "Access your data for all websites" host permission. This change introduces a separate "Access local files on your computer" option in the extension's permissions settings (desktop only), and file access is opt-in by default for all extensions, including existing ones. The {{WebExtAPIRef("extension.isAllowedFileSchemeAccess()")}} method now correctly returns `true` if the user has granted file scheme access; previously, Firefox always returned `false`. Additionally, {{WebExtAPIRef("devtools.inspectedWindow.eval()")}} on `file://` URLs now requires this permission. ([Firefox bug 2034168](https://bugzil.la/2034168)) +- Extensions now require explicit user permission to access `file://` URLs. Previously, access to local files was covered by the "Access your data for all websites" host permission. This change introduces a separate "Access local files on your computer" option in the extension's permissions settings (desktop only), and file access is turned off by default for all extensions, including existing ones. The {{WebExtAPIRef("extension.isAllowedFileSchemeAccess()")}} method now correctly returns `true` if the user has granted file scheme access; previously, Firefox always returned `false`. Additionally, calling {{WebExtAPIRef("devtools.inspectedWindow.eval()")}} on `file://` URLs now requires this permission. ([Firefox bug 2034168](https://bugzil.la/2034168))