חיפוש בתמיכה

יש להימנע מהונאות תמיכה. לעולם לא נבקש ממך להתקשר או לשלוח הודעת טקסט למספר טלפון או לשתף מידע אישי. נא לדווח על כל פעילות חשודה באמצעות באפשרות ״דיווח על שימוש לרעה״.

מידע נוסף

Question regarding Mozilla's new add-on policies

  • 1 תגובה
  • 1 has this problem
  • 5 views
  • תגובה אחרונה מאת TyDraniu

more options

Dear Sir or Madam,

I am writing to you because of Mozilla's new add-on policies. I am especially focusing on the point: Encryption – standard, in-browser HTTPS – is now always required when communicating with remote services. In the past, this was only required when transporting sensitive information. While I am supporting this new rule, I would like to ask, if there is any chance to be excluded from this policy. I am the developer of Domain Country, an add-on which allows you to retrieve the geographical information (and other data) about a given domain. To retrieve this data, Domain Country uses the API https://ip-api.com/. Unfortunately, this API requires a paid key to be accessible via HTTPS (Example URL: https://ip-api.com/json/mozilla.org). While I am very frustrated about this solution, I still decided to implement it, because I could not find another free API service. To still ensure that users are protected against Man-in-the-middle-attacks, I decided to manually validate the data after it is received (the code for Domain Country is open-source. This is the line, I'm talking about: https://github.com/Myzel394/domaincountry/blob/master/src/apis/fetchDomainInformation.ts#L94). Domain Country will also be continuously updated to ensure the user's safety. As a student with only low income it is also impossible for me to pay for https://ip-api.com/.


I hope you understand my problems and consider excluding Domain Country from the new add-on policy.

Dear Sir or Madam, I am writing to you because of Mozilla's new add-on policies. I am especially focusing on the point: Encryption – standard, in-browser HTTPS – is now always required when communicating with remote services. In the past, this was only required when transporting sensitive information. While I am supporting this new rule, I would like to ask, if there is any chance to be excluded from this policy. I am the developer of Domain Country, an add-on which allows you to retrieve the geographical information (and other data) about a given domain. To retrieve this data, Domain Country uses the API https://ip-api.com/. Unfortunately, this API requires a paid key to be accessible via HTTPS (Example URL: https://ip-api.com/json/mozilla.org). While I am very frustrated about this solution, I still decided to implement it, because I could not find another free API service. To still ensure that users are protected against Man-in-the-middle-attacks, I decided to manually validate the data after it is received (the code for Domain Country is open-source. This is the line, I'm talking about: https://github.com/Myzel394/domaincountry/blob/master/src/apis/fetchDomainInformation.ts#L94). Domain Country will also be continuously updated to ensure the user's safety. As a student with only low income it is also impossible for me to pay for https://ip-api.com/. I hope you understand my problems and consider excluding Domain Country from the new add-on policy.

כל התגובות (1)

more options

Hi, can you ask about it on https://discourse.mozilla.org/c/add-ons/35 ? Add-on team usually answers there.