Other extensions are being prevented from redirecting requests to "moz-extension://" resources

[Synzvato]

I am sharing these findings on behalf of @azrdev, who has originally reported the problem inside of the Decentraleyes repository (Synzvato/decentraleyes#208). Thanks in advance for looking into this!

Browser and Add-ons:

• Browser: Firefox 56
• RequestPolicy version: 1.0beta13.1
• Other add-ons:
  • Decentraleyes 2.0.0 - https://addons.mozilla.org/firefox/addon/decentraleyes/

RequestPolicy settings:

• Default policy: "deny"

Steps to reproduce:

1. Create a new browser profile.
2. Install above add-ons.
3. Configure RPC as described above.
4. Navigate to stackoverflow.com.
5. Open up the RPC popup UI.
6. Click the "Disable blocking" link.

What happens?

RequestPolicy Continued prevents Decentraleyes from serving jQuery to StackOverflow. The conflicting behavior affects a lot of other sites, too. The problem can be solved by completely disabling RPC.

What should happen?

RequestPolicy Continued should not prevent redirections to moz-extension:// resources. Especially not when the original CDN-domains are whitelisted, or when RPC is disabled through its popup UI.

[seren]

I too have just run into this and traced it down to RPC blocking requests even when supposedly disabled.

[myrdd]

Confirmed.

The blocked request has origin scheme htttp(s) and destination jar:file:///**/extensions/jid1-BoFifL9Vbdl2zQ@jetpack.xpi!/resources/jquery/1.12.4/jquery.min.js.dec

[myrdd]

hotfix 1.0.beta13.2 should be available as soon as Mozilla has reviewed the update. In the meantime you can use the beta version.