- From: Rob Wu <notifications@github.com>
- Date: Fri, 01 May 2026 01:54:38 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/issues/1878/4358584053@github.com>
Rob--W left a comment (whatwg/fetch#1878) >> That sounds better, but can we obtain that state from the environment settings object in some way or other suitable global? > > I'm not sure I follow -- which object do you mean by the "environment settings object"? Anne is referring to https://html.spec.whatwg.org/multipage/webappapis.html#environment-settings-object In relation to that, "appropriately-privileged web extension contexts" can be understood as at minimum having an extension origin (chrome-extension:, moz-extension:, safari-extension: schemes for example). Some may require a top-level origin to also have that same origin; for iframes, Firefox currently requires all ancestor frames to be same origin before exposing the full set of privileged extension APIs ([Firefox bug 1443253](https://bugzilla.mozilla.org/show_bug.cgi?id=1443253)) (this predates Fission/Site Isolation and is something we could reconsider, Chrome [had a similar change in the past](https://bugzilla.mozilla.org/show_bug.cgi?id=1443253#c3)). Additionally, outside the web platform spec, but well understood in WebExtensions is the concept of [host permissions](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/host_permissions), and the requirement of having host permissions before allowing extensions to perform tasks on behalf of that host. "Appropriately-privileged web extension contexts" therefore sounds sufficiently clear to me (for Firefox). -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/1878#issuecomment-4358584053 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/issues/1878/4358584053@github.com>
Received on Friday, 1 May 2026 08:54:42 UTC