• Login
    • Search
    • Categories
    • Recent
    • Tags
    • Users
    • Groups
    • Rules
    • Help

    Do more on the web, with a fast and secure browser!

    Download Opera browser with:

    • built-in ad blocker
    • battery saver
    • free VPN
    Download Opera

    Allow extensions gallery to be scripted or reveal this restriction to all developers and users

    Opera add-ons
    3
    5
    1321
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • druganatopera
      druganatopera last edited by admin

      Reading this discussion I've thought that it worth a separate thread.

      As it said in the link above Opera for some unknown reasons does not allow injecting content scripts on extensions gallery pages (https://addons.opera.com/). Google Chrome and Firefox allow it on their extensions gallery pages. It is a bit strange, I think, because first, I didn't find that fact in documentation, and second if it is forbidden why the https://addons.opera.com/ does not programmatically excluded in <all_urls> matches?

      The issue is that if this domain is missed by developer in a testing process that means only after submitting his/her perfect (as they think) extension they will discover the red color error right after the first install of an extension from... the page where scripting is forbidden. BINGO! All the rest of the world is allowed to be scripted by Opera but this particular place not.

      Another part of this issue is that a user is informed on the extension page that something will happen after installing it but nothing happens and some impatient users may even uninstall actually working extension at once. BINGO! )):

      What we need I think to rid of this restriction in Opera or clearly reveal that security paranoid in the Opera documentation and all the https://addons.opera.com/* pages for users.

      Reply Quote 0
        1 Reply Last reply
      • A Former User
        A Former User last edited by

        Hi!

        Sorry to hear you have had problems with that.

        This is not a security paranoid. There are perfectly valid reasons why you're not allowed to do certain things on https://addons.opera.com

        You're right we can do a better job at informing devs about that. @shwetankd, what do you think about that?

        Furthermore, how did you test that Chrome allows that? I'm interested to see it. I assume you've tested that with Chrome itself.

        Reply Quote 0
          1 Reply Last reply
        • gustavwiz
          gustavwiz last edited by

          @kszularz

          This is not a security paranoid.

          So what's the reason then?

          Reply Quote 0
            1 Reply Last reply
          • A Former User
            A Former User last edited by

            @gustavwiz https://addons.opera.com is not a regular web page from the perspective of your browser. It is an add-ons store (obviously).

            In developer or beta edition you can control with Chromium flags which domain serves this purpose.

            The add-ons store has an access to a much broader set of APIs. We don't want the injected scripts to be able access those APIs. So yes, this is a security concern, but a valid one, not as the original post suggests.

            Furthermore, there are UX concerns. An add-on might modify the store in a way which would make it impossible to install some other add-on(s) (even hiding a button or text change is not welcomed here).

            Does it validate the case in your eyes @gustavwiz & @druganatopera?

            Reply Quote 0
              1 Reply Last reply
            • gustavwiz
              gustavwiz last edited by

              @kszularz

              I thought it was because of security concerns from the beginning, I just became surprised because of "This is not a security paranoid.", but it was apparently only the paranoid part you were denying, and not security.

              Does it validate the case in your eyes @gustavwiz & @druganatopera?

              Yes

              Reply Quote 0
                1 Reply Last reply
              • First post
                Last post

              Computer browsers

              • Opera for Windows
              • Opera for Mac
              • Opera for Linux
              • Opera beta version
              • Opera USB

              Mobile browsers

              • Opera for Android
              • Opera Mini
              • Opera Touch
              • Opera for basic phones

              • Add-ons
              • Opera account
              • Wallpapers
              • Opera Ads

              • Help & support
              • Opera blogs
              • Opera forums
              • Dev.Opera

              • Security
              • Privacy
              • Cookies Policy
              • EULA
              • Terms of Service

              • About Opera
              • Press info
              • Jobs
              • Investors
              • Become a partner
              • Contact us

              Follow Opera

              • Opera - Facebook
              • Opera - Twitter
              • Opera - YouTube
              • Opera - LinkedIn
              • Opera - Instagram

              © Opera Software 1995-