Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Question regarding Mozilla's new add-on policies

  • 1 svar
  • 1 har dette problemet
  • 5 views
  • Siste svar av TyDraniu

more options

Dear Sir or Madam,

I am writing to you because of Mozilla's new add-on policies. I am especially focusing on the point: Encryption – standard, in-browser HTTPS – is now always required when communicating with remote services. In the past, this was only required when transporting sensitive information. While I am supporting this new rule, I would like to ask, if there is any chance to be excluded from this policy. I am the developer of Domain Country, an add-on which allows you to retrieve the geographical information (and other data) about a given domain. To retrieve this data, Domain Country uses the API https://ip-api.com/. Unfortunately, this API requires a paid key to be accessible via HTTPS (Example URL: https://ip-api.com/json/mozilla.org). While I am very frustrated about this solution, I still decided to implement it, because I could not find another free API service. To still ensure that users are protected against Man-in-the-middle-attacks, I decided to manually validate the data after it is received (the code for Domain Country is open-source. This is the line, I'm talking about: https://github.com/Myzel394/domaincountry/blob/master/src/apis/fetchDomainInformation.ts#L94). Domain Country will also be continuously updated to ensure the user's safety. As a student with only low income it is also impossible for me to pay for https://ip-api.com/.


I hope you understand my problems and consider excluding Domain Country from the new add-on policy.

Dear Sir or Madam, I am writing to you because of Mozilla's new add-on policies. I am especially focusing on the point: Encryption – standard, in-browser HTTPS – is now always required when communicating with remote services. In the past, this was only required when transporting sensitive information. While I am supporting this new rule, I would like to ask, if there is any chance to be excluded from this policy. I am the developer of Domain Country, an add-on which allows you to retrieve the geographical information (and other data) about a given domain. To retrieve this data, Domain Country uses the API https://ip-api.com/. Unfortunately, this API requires a paid key to be accessible via HTTPS (Example URL: https://ip-api.com/json/mozilla.org). While I am very frustrated about this solution, I still decided to implement it, because I could not find another free API service. To still ensure that users are protected against Man-in-the-middle-attacks, I decided to manually validate the data after it is received (the code for Domain Country is open-source. This is the line, I'm talking about: https://github.com/Myzel394/domaincountry/blob/master/src/apis/fetchDomainInformation.ts#L94). Domain Country will also be continuously updated to ensure the user's safety. As a student with only low income it is also impossible for me to pay for https://ip-api.com/. I hope you understand my problems and consider excluding Domain Country from the new add-on policy.

All Replies (1)

more options

Hi, can you ask about it on https://discourse.mozilla.org/c/add-ons/35 ? Add-on team usually answers there.