Questions and confusion about URL matching for externally_connectable.matches

[Christian Flach]

Hi All,

I'm a bit confused about the URL matching for externally_connectable.matches:

Context: We want Isolated Web Apps (IWAs) and Chrome Extensions to communicate with each other. IWAs use the `isolated-app:` URL scheme.

1. According to https://developer.chrome.com/docs/extensions/mv3/manifest/externally_connectable/#reference,  "<all_urls>" is not allowed as a pattern. In my testing (and this browser test), however, it works. Is this a bug, or is the documentation outdated?

2. According to https://developer.chrome.com/docs/extensions/mv3/match_patterns/, "<all_urls>" will only match URLs with "valid schemes", which are explicitly listed on that page. Yet "<all_urls>" also seems to match the `isolated-app:` scheme (which is something we actually want, I'm just confused that this works out of the box).

3. According to the same page, "The wildcard * only matches http or https.". Do you know about the rationale for this? Do you have an opinion about whether we should add `isolated-app:` to the schemes matched by `*`?

Thank you!

Christian

--

Christian Flach (he/him) Software Engineer cmf...@chromium.org

Google Germany GmbH

Erika-Mann-Straße 33

80636 München

Geschäftsführer: Paul Manicle, Liana Sebastian

Registergericht und -nummer: Hamburg, HRB 86891

Sitz der Gesellschaft: Hamburg

Diese E-Mail ist vertraulich. Falls Sie diese fälschlicherweise erhalten haben sollten, leiten Sie diese bitte nicht an jemand anderes weiter, löschen Sie alle Kopien und Anhänge davon und lassen Sie mich bitte wissen, dass die E-Mail an die falsche Person gesendet wurde. 

     

This e-mail is confidential. If you received this communication by mistake, please don't forward it to anyone else, please erase all copies and attachments, and please let me know that it has gone to the wrong person.

[PhistucK]

(Just an observer)

1. It used to be supported for the CryptoKey component extension. I am guessing the web store does not allow those, rather than Chrome, so you can load a local extension with this powerful capability.

2. I guess the code has a block-list rather than an allow-list and since the number of schemes supported by Chrome is finite, it was true at the time of writing.

☆PhistucK

--
You received this message because you are subscribed to the Google Groups "extensions-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to extensions-de...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/extensions-dev/CAKsZGzhQZB6RY_bgmb4cuuZ--r2-vURs%2BrdzyuG4uo0BED%3DyGg%40mail.gmail.com.